Direct editing of the databases is not recommended. Instead, use the SMC tools to manage role-based access control. You can also use the commands listed in Table 43 to manage role-based access control.
Table 43. Commands for Managing Role-Based Access Control
|
auths(1) | Display authorizations for a user. |
makedbm(1M) | Make a dbm file. |
ncsd(1M) | Nameservice cache daemon. This daemon is useful for caching the user_attr, prof_attr, and exec_attr databases. |
pam_roles(5) | Role account management module for PAM. Checks for the authorization to assume a role. |
pfexec(1)
pfsh(1)
pfcsh(1)
pfksh(1) | Profile shells, used to execute commands with attributes specified in the exec_attr database. |
policy.conf(4) | Configuration file for security policy. Lists granted authorizations. |
profiles(1) | Display profiles for a specified user. |
roles(1) | Display roles granted to a user. |
roleadd(1M) | Add a role account on the system. |
roledel(1M) | Delete a role's account from the system. |
rolemod(1M) | Modify a role's account information on the system. |
useradd(1M) | Add a user account on the system. The -P option assigns a policy, the -R option assigns a role, the -A option assigns an authorization. |
userdel(1M) | Delete a user's login from the system. |
usermod(1M) | Modify a user's account information on the system. The -P option modifies a policy, the -R option modifies a role, and the -A option modifies an authorization. |
