HP-UX 11i Version 2 June 2007 Release Notes

Security

HP-UX Role-based Access Control

Chapter 8

187

Obsolescence

Not applicable.

HP-UX Role-based Access Control

HP-UX Role-based Access Control (RBAC) is an alternative to the traditional

“all-or-nothing” root user model, which grants permissions to the root user for all

operations, and denies permissions to non-root users for certain operations. HP-UX

RBAC allows you to distribute administrative responsibilities by creating roles with

appropriate authorizations and assigning them to non-root users and groups.

NOTE RBAC is available on the Software Pack (SPK) media for June 2007. For more

information about SPK, see “Software Pack (Optional HP-UX 11i v2 Core

Enhancements)” on page 27.

Summary of Change

RBAC B.11.23.04 includes the following changes:

• The introduction of a set of “privilege shells,” allowing a non-root user to

automatically invoke privrun when needed by simply configuring a privilege shell

as his/her default shell.

• Integration with HP System Management Homepage, allowing for the management

of local RBAC roles, authorizations, and commands through the HP SMH Web

interface.

• Integration with select commands, including passwd and userdbset.

• Select defect fixes.

Impact

This release of HP-UX RBAC will dramatically improve the operational usability and

management of Role-based Access Control.

Compatibility

There is no compatibility impact.

Performance

There is no significant performance impact.