Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: How do you assign multiple roles in RBAC?
Operating Systems Solaris How do you assign multiple roles in RBAC? Post 303001569 by jim mcnamara on Monday 7th of August 2017 01:40:11 PM
Old 08-07-2017
The usermod assigns a role to a user, the rolemod command creates and modifies roles. I would use existing roles to start with and assign them to a user. Basic security (groups, etc.) should be used for file access because software you buy and load expects this, e.g. databases, math software.

Try: Role-Based Access Control (Overview) - Oracle Solaris Administration: Security Services
RBAC is meant for creating profiles for users like system operators who have to be able to run backups, restore disks, fix printer problems, etc. It is great for that purpose. IMO, messing around with general users and RBAC causes problems that do not need to happen. If you need elevated security you need to be on a trusted version of the OS for starters.
 

10 More Discussions You Might Find Interesting

1. Shell Programming and Scripting

how to assign multiple values in a pl/sql script

Hello friends, This query is with regards to a script (pl/sql) which returns multiple values. Please see below script wherein the query returns a single value and is assigned to a single variable DB_VALID_CDR=`sqlplus -s user/pass<<!EOF | grep -v "^Connected" 2>&1 set termout off echo... (2 Replies)
Discussion started by: vivek_damodaran
2 Replies

2. Solaris

LDAP users with RBAC Roles

I have an issue with integration between Microsoft LDAP users and RBAC roles defined in a Solaris box. to explain more , i managed to integrate Microsoft Active Directory user loggings to Solaris boxes. I've done it to centralize user repo. and instead of creating admin accounts on more than... (9 Replies)
Discussion started by: mduweik
9 Replies

3. Shell Programming and Scripting

Select multiple values from an Oracle database and assign it to two dimensional array

hi I have two tables in oracle DB and am using a joining query which will result in the output as follows. i need to assign it to a two dimensional array and use it for my further calculations. the way i tried is as follows. #!/bin/ksh export... (1 Reply)
Discussion started by: aemunathan
1 Replies

4. UNIX for Dummies Questions & Answers

How to assign multiple IPs to Aggregated interface in Solaris 10?

I have 2 physical interfaces (bnx0 and bnx1) aggregated into aggr1. I need to assign second IP, and normally I know how to do it to physical interface (i.e. bnx0:1) however same trick (aggr1:1) is not working. Is there any way to do it? (0 Replies)
Discussion started by: bratan
0 Replies

5. Shell Programming and Scripting

Looking for help with script to assign all disk space to slice#0 on multiple disks of varying sizes

Hi Folks, I am trying to make a script to assign all diskspace to slice 0, on multiple sized disks. Since the disks are new they may need to be labelled also to avoid the error: Cannot get disk geometry Below is my code struggling with logic which doesn't seem to be producing the desired... (0 Replies)
Discussion started by: momin
0 Replies

6. Shell Programming and Scripting

assign multiple rows value to a variable using eval

background : Solaris, ksh metresult="ooo > pp" ts=89 eval append_${ts}="$metresult" bash: pp: command not found I want to create a variable which has in a part of its name a dynamically-established number (stored in another variable) usually I do this with eval command. The problem I... (5 Replies)
Discussion started by: black_fender
5 Replies

7. Shell Programming and Scripting

Running a program multiple times to search pattern and assign structure

Hi all, I have a big file (n.txt) with following pattern: ATOM 1 N SER A 1 122.392 152.261 138.190 1.00 0.00 N ATOM 2 CA SER A 1 122.726 151.241 139.183 1.00 0.00 C TER ENDMDL ATOM 1 N SER A 1 114.207 142.287 135.439 1.00 0.00 ... (3 Replies)
Discussion started by: bioinfo
3 Replies

8. UNIX and Linux Applications

Oracle Database - How to check if user roles and system roles are separated?

I have these two table. How do I see if user roles and system roles are seperated? SQL> desc DBA_ROLES; Name Null? Type ----------------------------------------- -------- ---------------------------- ROLE NOT NULL... (1 Reply)
Discussion started by: alvinoo
1 Replies

9. Shell Programming and Scripting

How to assign correct values to the multiple words?

The file1 contains mistakes and looks like 1 No one have never become rich by giving. Anne Dickens 2 No one is worthless in this globe who lightens the weights of other. Charles_Dickens file2 contains the correction of words and looks like rich poor have has never ever... (3 Replies)
Discussion started by: sammy777888
3 Replies

10. Shell Programming and Scripting

Need to parse the multiple definitions from a single line and assign

Hi, I need a help on my requirement that eg: NEED="TEST=Name WORK=Ps DEL=let" Here the definition can be n number, could anybody have an idea to get the output as, TEST=Name WORK=Ps DEL=let .. .. till the 'n' definitions listed. Any suggestions please..... Regards, ricky (6 Replies)
Discussion started by: ricky-row
6 Replies

LEARN ABOUT OPENSOLARIS

roles

roles(1)							   User Commands							  roles(1)

NAME

       roles - print roles granted to a user

SYNOPSIS

       roles [ user ]...

DESCRIPTION

       The  command  roles  prints  on	standard  output  the roles that you or the optionally-specified user have been granted. Roles are special
       accounts that correspond to a functional responsibility rather than to an actual person (referred to as a normal user).

       Each user may have zero or more roles. Roles have most of the attributes of normal users and are identified like normal users in  passwd(4)
       and  shadow(4). Each role must have an entry in the user_attr(4) file that identifies it as a role. Roles can have their own authorizations
       and profiles. See auths(1) and profiles(1).

       Roles are not allowed to log into a system as a primary user. Instead, a user must log in as him-- or herself  and  assume  the	role.  The
       actions of a role are attributable to the normal user. When auditing is enabled, the audited events of the role contain the audit ID of the
       original user who assumed the role.

       A role may not assume itself or any other role. Roles are not hierarchical. However, rights profiles (see  prof_attr(4))  are  hierarchical
       and can be used to achieve the same effect as hierarchical roles.

       Roles must have valid passwords and one of the shells that interprets profiles: either pfcsh, pfksh, or pfsh. See pfexec(1).

       Role assumption may be performed using su(1M), rlogin(1), or some other service that supports the PAM_RUSER variable. Successful assumption
       requires knowledge of the role's password and membership in the role. Role assignments are specified in user_attr(4).

EXAMPLES

       Example 1 Sample output

       The output of the roles command has the following form:

	 example% roles tester01 tester02tester01 : admin
	 tester02 : secadmin, root
	 example%

EXIT STATUS

       The following exit values are returned:

       0     Successful completion.

       1     An error occurred.

FILES

       /etc/user_attr

       /etc/security/auth_attr

       /etc/security/prof_attr

ATTRIBUTES

       See attributes(5) for descriptions of the following attributes:

       +-----------------------------+-----------------------------+
       |      ATTRIBUTE TYPE	     |	    ATTRIBUTE VALUE	   |
       +-----------------------------+-----------------------------+
       |Availability		     |SUNWcsu			   |
       +-----------------------------+-----------------------------+

SEE ALSO

       auths(1), pfexec(1), profiles(1), rlogin(1), su(1M), getauusernam(3BSM), auth_attr(4), passwd(4),  prof_attr(4),  shadow(4),  user_attr(4),
       attributes(5)

SunOS 5.11							    14 Feb 2001 							  roles(1)
All times are GMT -4. The time now is 12:36 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy