The auth_attr Database (System Administration Guide: Security Services)

System Administration Guide: Security Services

The `auth_attr` Database

All authorizations are stored in the auth_attr database. Authorizations can be assigned directly to users (or roles) in the user_attr database. Authorizations can also be assigned to rights profiles, which are assigned to users.

The fields in the auth_attr database are separated by colons, as follows:

authname:res1:res2:short_desc:long_desc:attr

The following table describes these fields.

Field Name	Description
`authname`	A unique character string that is used to identify the authorization in the format `prefix`.[`suffix`]. Authorizations for the Solaris operating environment use `solaris` as a prefix. All other authorizations should use a prefix that begins with the reverse-order Internet domain name of the organization that creates the authorization (for example, `com.xyzcompany`). The suffix indicates what is being authorized, which is typically the functional area and operation. When the `authname` consists of a prefix and functional area and ends with a period, the `authname` serves as a heading to be used by applications in their GUIs, rather than as an actual authorization. The `authname` of `solaris.printmgr.` is an example of a heading. When `authname` ends with the word “grant,” the `authname` serves as a grant authorization and lets the user delegate authorizations with the same prefix and functional area to other users. The `authname` of `solaris.printmgr.grant` is an example of a grant authorization. `solaris.printmgr.grant` gives the user the right to delegate such authorizations as `solaris.printmgr.admin` and `solaris.printmgr.nobanner` to other users.
`res1`	Reserved for future use.
`res2`	Reserved for future use.
`short_desc`	A terse name for the authorization that is suitable for display in user interfaces, such as in a scrolling list in a GUI.
`long_desc`	A long description. This field identifies the purpose of the authorization, the applications in which it is used, and the type of user who might be interested in using it. The long description can be displayed in the help text of an application.
`attr`	An optional list of semicolon-separated (;) key-value pairs that describe the attributes of an authorization. Zero or more keys can be specified. The keyword `help` identifies a help file in HTML. Help files can be accessed from the `index.html` file in the `/usr/lib/help/auths/locale/C` directory.

The following example shows an auth_attr database with some typical values.

% grep printer /etc/security/auth_attr 
solaris.admin.printer.:::Printer Information::help=AuthPrinterHeader.html
solaris.admin.printer.delete:::Delete Printer Information::help=AuthPrinterDelete.html
solaris.admin.printer.modify:::Update Printer Information::help=AuthPrinterModify.html
solaris.admin.printer.read:::View Printer Information::help=AuthPrinterRead.html

Note that solaris.admin.printer. is defined to be a heading, because it ends in a dot (.). Headings are used by the GUIs to organize families of authorizations.