HP-UX Role-Based Access Control B.11.23.03 Release Notes
HP-UX Role-Based Access Control B.11.23.03
New in HP-UX RBAC B.11.23.03
Chapter6
New in HP-UX RBAC B.11.23.03
The following is a list of the new content HP-UX RBAC B.11.23.03 delivers:
• usability enhancement known as “Hierarchical Roles” that allows you to define
relationships between roles. Using hierarchical roles you can define roles to be comprised
of other, already configured roles (sub-roles), thereby limiting the total number of roles
you have to manage and making it easier to define groups of access rights and assign
them to individual users.
• multiple minor defect fixes that correct a few miscellaneous formatting issues
Hierarchical Roles
Use the following information to configure hierarchical roles and define a relationship
between roles. Refer to the authadm(1m) manpage for additional information about
hierarchical roles.
Overview
One of the primary objectives of HP-UX RBAC is to simplify user access management by
grouping users into logical roles. In enterprise environments that have a large number of
users it can be challenging to group users into roles because most users usually require
slightly different sets of authorizations to perform their tasks. In environments such as this,
the number of roles can approach the number of users, thereby negating the usefulness of
roles as a way to manage users.
One way to mitigate the problem where the number of roles approaches the number of users
is to define relationships between roles. Specifically, if roles are comprised of other roles, it
becomes easier to define groups of access rights that can be assigned to individual users. To
improve usability and help limit the total number of roles, HP-UX RBAC B.11.23.03
introduces the ability to define roles that include other roles (referred to as “sub-roles”). This
ability is known as “hierarchical roles”.