HP-UX Role-Based Access Control B.11.23.01 Release Notes
HP-UX Role-Based Access Control B.11.23.01
Product Overview: HP-UX RBAC
Chapter 3
HP-UX Role-Based Access Control
B.11.23.01
The information in this document is for HP-UX Role-based Access Control (RBAC) version
B.11.23.01 only.
Product Overview: HP-UX RBAC
HP-UX RBAC is an alternative to the traditional “all-or-nothing” root user model, which
grants permissions to the root user for all operations, and denies permissions to non-root
users for certain operations. HP-UX RBAC allows you to distribute administrative
responsibilities by creating roles with appropriate authorizations and assigning them to
non-root users. The following is a list and description of the main HP-UX RBAC components:
• privrun wrapper command to run existing legacy applications without modification and
with varying privileges based on user authorizations
• access control policy switch to determine whether a subject is authorized to perform an
operation on an object
• access control policy module to evaluate RBAC databases and apply mapping policies to
service access control requests
• management commands to edit and validate RBAC database files
Product Features
The following is a list of features HP-UX RBAC delivers:
• pre-defined configuration files to facilitate quick and easy deployment
• flexible re-authentication ability via PAM to allow restrictions on a per command basis
• integrates with HP-UX audit system to produce a single, unified audit trail
• fully supported HP product
• plug-able architecture for customizing access control decisions