This section lists commands that are used to administer RBAC. Also provided is a table of commands whose access can be controlled by authorizations.
In addition to editing the RBAC databases directly, the following commands are available for managing access to tasks with RBAC.
Table 7–7 RBAC Administration Commands
The following table provides examples of how authorizations are used to limit command options in the Solaris environment. See also Authorizations.
Table 7–8 Commands and Associated Authorizations
Commands |
Authorization Requirements |
---|---|
solaris.jobs.user required for all options (when neither at.allow nor at.deny files exist) |
|
solaris.jobs.user required for the option to submit a job (when neither crontab.allow nor crontab.deny files exist) solaris.jobs.admin required for the options to list or modify other users' crontab files |
|
allocate(1) (with BSM enabled only) |
solaris.device.allocate (or other authorization as specified in device_allocate(4)) required to allocate a device. solaris.device.revoke (or other authorization as specified in device_allocate file) required to allocate a device to another user (-F option) |
deallocate(1) (with BSM enabled only) |
solaris.device.allocate (or other authorization as specified in device_allocate(4)) required to deallocate another user's device. solaris.device.revoke (or other authorization as specified in device_allocate) required to force deallocation of the specified device (-F option) or all devices (-I option) |
list_devices(1) (with BSM enabled only) |
solaris.device.revoke required to list another user's devices (-U option) |