prof_attr Database (System Administration Guide: Security Services)

System Administration Guide: Security Services

`prof_attr` Database

The prof_attr database stores the name, description, help file location, and authorizations that are assigned to rights profiles. The commands and security attributes that are assigned to rights profiles are stored in the exec_attr database. For more information, see exec_attr Database. The fields in the prof_attr database are separated by colons, as follows:

profname:res1:res2:desc:attr

The fields have the following meanings:

profname

The name of the rights profile. Rights profile names are case-sensitive. This name is also used by the user_attr database to indicate the profiles that are assigned to roles and users.

res1:res2

Reserved for future use.

desc

A long description. This field should explain the purpose of the rights profile, including what type of user would be interested in using the profile. The long description should be suitable for display in the help text of an application.

attr

An optional list of key-value pairs that are separated by semicolons (;) that describes the security attributes to apply to the object on execution. Zero or more keys can be specified. The two valid keys are help and auths.

The keyword help identifies a help file in HTML. Help files can be accessed from the index.html file in the /usr/lib/help/profiles/locale/C directory.

The keyword auths specifies a comma-separated list of authorization names that are chosen from those names that are defined in the auth_attr database. Authorization names can be specified with the asterisk (*) character as a wildcard.

The following example shows two typical prof_attr database entries. Note that the Printer Management rights profile is a supplementary rights profile of the Operator rights profile. The example is wrapped for display purposes.

% grep 'Printer Management' /etc/security/prof_attr
Printer Management:::         Name of rights profile
Manage printers, daemons, spooling: Description
help=RtPrntAdmin.html;              Help file
auths=solaris.admin.printer.read, Authorizations
solaris.admin.printer.modify,solaris.admin.printer.delete
...
Operator:::                         Name of rights profile
Can perform simple administrative tasks: Description
profiles=Printer Management,  Supplementary rights profiles
Media Backup,All;
help=RtOperator.html               Help file