Controlling Access and Configuring System Messaging

Role-Based Access Control (RBAC) and system logging are related in that they are involved in the securing and monitoring of systems in a Solaris environment.

Role-Based Access Control (RBAC)

With role-based access control (RBAC) in the Solaris 10 operating environment, administrators can assign limited administrative capabilities to non-root users. This is achieved through three features:

• Authorizations User rights that grant access to a restricted function

• Execution profiles Bundling mechanisms for grouping authorizations and commands with special attributes; for example, user and group IDs or superuser ID

• Roles Special types of user accounts intended for performing a set of administrative tasks

RBAC relies on the following four databases to provide users access to privileged operations:

• user_attr (extended user attributes database) Associates users and roles with authorizations and profiles

• auth_attr (authorization attributes database) Defines authorizations and their attributes and identifies the associated help file

• prof_attr (rights profile attributes database) Defines profiles, lists the profile's assigned authorizations, and identifies the associated help file

• exec_attr (profile attributes database) Defines the privileged operations assigned to a profile