Previous Page
Next Page

Controlling Access and Configuring System Messaging

Role-Based Access Control (RBAC) and system logging are related in that they are involved in the securing and monitoring of systems in a Solaris environment.

Role-Based Access Control (RBAC)

With role-based access control (RBAC) in the Solaris 10 operating environment, administrators can assign limited administrative capabilities to non-root users. This is achieved through three features:

  • Authorizations User rights that grant access to a restricted function

  • Execution profiles Bundling mechanisms for grouping authorizations and commands with special attributes; for example, user and group IDs or superuser ID

  • Roles Special types of user accounts intended for performing a set of administrative tasks

RBAC relies on the following four databases to provide users access to privileged operations:

  • user_attr (extended user attributes database) Associates users and roles with authorizations and profiles

  • auth_attr (authorization attributes database) Defines authorizations and their attributes and identifies the associated help file

  • prof_attr (rights profile attributes database) Defines profiles, lists the profile's assigned authorizations, and identifies the associated help file

  • exec_attr (profile attributes database) Defines the privileged operations assigned to a profile

Previous Page
Next Page