HP-UX 11i Security Containment Administrator's Guide for HP-UX 11i v2

ManualsBrandsHP ManualsSoftwareHP-UX 11i Role-based Access Control (RBAC) Software

Access Control Basics

The goal of an access control system is to limit access to resources based on a set of constraints.

Typically, these constraints and their associated attributes fit into the following categories:

• Subject: The entity attempting to access the resource. In the context of an operating system,

the subject is commonly a user or a process associated with a user.

• Operation: An action performed on a resource. An operation can correspond directly to an

application or a command. In the case of HP-UX RBAC, the operation is a dot-separated,

hierarchical string, such as hpux.user.add.

• Object: The target of the operation, which is often the same as the end resource, but which

can be different.

An access control request can be thought of as a question combining the previous elements,

where the response to the question (usually allow or deny) determines whether access to the

resource is granted. For example:

Is the user ron authorized to perform the operation hpux.fs.mount on the

object/dev/dsk/c0t1d0?

Often, the term authorization is used as a synonym for access control. In HP-UX RBAC,

authorization refers to the ability to perform an operation on an object. As shown in

Table 3-1 “Example of Authorizations Per User”, a user can have a set of authorizations, each of

which allows access to a resource.

Table 3-1 Example of Authorizations Per User

UsersOperation Component of Authorization

lizjimlisaron

hpux.user.add

hpux.user.delete

hpux.user.modify

••••

hpux.user.password.modify

•

hpux.network.nfs.start

•

hpux.network.nfs.stop

•

hpux.network.nfs.config

••

hpux.fs.backup

••

hpux.fs.restore

NOTE: Table 3-1 “Example of Authorizations Per User” shows only the operation element of

the authorizations—not the object element of the authorizations.

Simplifying Access Control with Roles

The preceding overview of access control does not address how access control policy is represented

and how decisions are made. One approach is to simply maintain a list of users and the

authorizations (operation, object pairs) assigned to each of them. This approach has the advantage

of being flexible, because each user's set of authorizations can be completely different from those

of the other users.

Unfortunately, this approach is also difficult to manage because as you add users, you must

determine exactly which authorizations each user requires. Also, when performing audits, you

must examine each user individually to determine his or her associated authorizations.

28 HP-UX Role-Based Access Control