HP-UX Role-Based Access Control B.11.23.02 Release Notes
HP-UX Role-Based Access Control B.11.23.02
HP-UX RBAC Overview
Chapter 3
HP-UX Role-Based Access Control
B.11.23.02
The information in this document is for HP-UX Role-Based Access Control (RBAC) version
B.11.23.02 only. HP delivers HP-UX RBAC B.11.23.02 on http://software.hp.com as an
independent software unit and also as one of the components in the HP-UX 11i Security
Containment feature.
HP-UX RBAC Overview
HP-UX RBAC is an alternative to the traditional “all-or-nothing” root user model, which
grants permissions to the root user for all operations, and denies permissions to non-root
users for certain operations. HP-UX RBAC allows you to distribute administrative
responsibilities by creating roles with appropriate authorizations and assigning them to
non-root users and groups. The following is a list and brief description of the main HP-UX
RBAC components:
• privrun wrapper command that allows authorized users and groups to run existing
legacy applications with varying levels of privileges without modifying the application.
• privedit command that allows authorized users and groups to edit files they normally
would not be able to edit because of file permissions or Access Control Lists.
• customizable Access Control Policy Switch (ACPS) that determines whether a subject is
authorized to perform an operation on an object.
• Access Control Policy Module (ACPM) to evaluate HP-UX RBAC databases and service
access control requests.
• management commands to edit and validate HP-UX RBAC database files.