Securing Virtual Partitions with HP-UX Role-Based Access Control
13
Conclusion
In certain environments where virtual partitions are under different administrative domains, the ability of
a root user of one virtual partition to affect the running of another virtual partition may need to be
constrained. This can be achieved using HP-UX RBAC, which provides an alternative to the traditional
"all-or-nothing" root user model.
HP-UX RBAC allows you to distribute administrative responsibilities by creating roles with appropriate
authorizations and assigning them to non-root users. Using this HP-UX RBAC approach, administrative
tasks on each virtual partition can be performed by ordinary—but appropriately configured—user
accounts. Conversely, root access to each virtual partition can be limited to the BoxAdmin role, who
manages the entire physical system, and therefore he/she will be the only person allowed to execute
virtual partition commands for any non-local virtual partitions.
In summary, HP-UX RBAC can be used to enhance vPars security by enforcing the “Principle of Least
Privilege” while also retaining individual accountability.