Manualshelf

HP-UX Role-Based Access Control B.11.31.05.01 Release Notes

ManualsBrandsHP ManualsSoftwareHP-UX 11i Role-based Access Control (RBAC) Software
12345678910
1 HP-UX RBAC overview
HP-UX Role-Based Access Control (RBAC) is an alternative to the traditional all-or-nothing” root
user model that grants permissions to the root user for all operations, and denies permissions to
non-root users for certain operations. HP-UX RBAC allows you to distribute administrative
responsibilities by creating roles with appropriate authorizations and assigning them to non-root
users and groups.
HP-UX RBAC includes the following main components:
Privilege shells (privsh, privksh, and privcsh) that automatically invoke the access
control subsystem to run commands with privileges when appropriate.
RBAC System Management Homepage (SMH) integration to allow the graphical management
of the RBAC databases through a Web interface.
The privrun wrapper command that allows authorized users and groups to run existing
legacy applications with varying levels of privileges without modifying the application.
The privedit command that allows authorized users and groups to edit files they normally
would not be able to edit because of file permissions or Access Control Lists.
Customizable Access Control Policy Switch (ACPS) that determines whether a subject is
authorized to perform an operation on an object.
Access Control Policy Module (ACPM) to evaluate HP-UX RBAC databases and service access
control requests.
Management commands to edit and validate HP-UX RBAC database files.
Keystroke logging feature to log a user's entire terminal session, or relevant parts of a session
based on user input. The keystroke logging policy can be customized to capture session logs
for particular users, roles, and groups.
Alternate logging feature to log access control events and RBAC-invoked commands without
enabling HP-UX auditing.
HP-UX RBAC features
HP-UX RBAC offers the following features:
Integrates with the Fine-Grained Privileges and Compartments components of the HP-UX 11i
Security Containment features.
Integrates with HP-UX audit system to produce a single, unified audit trail.
Pluggable architecture for customizing access control decisions and integrating existing access
control policy information.
Pre-defined configuration files to facilitate quick and easy deployment.
Flexible re-authentication ability via PAM to allow restrictions on a per command basis.
Fully supported HP product.
4 HP-UX RBAC overview