How to Check for Authorizations in a Script or Program (System Administration Guide: Security Services)

System Administration Guide: Security Services

Previous: How to Add Security Attributes to Commands in a Script
Next: Chapter 20 Role-Based Access Control (Reference)

How to Check for Authorizations in a Script or Program

To have a script for authorizations, you need to add a test that is based on the auths command (see the auths(1) man page). For example, the following line would test if the user has the authorization entered as the $1 argument:

if [ `/usr/bin/auths|/usr/xpg4/bin/grep $1` ]; then
        echo Auth granted
else
        echo Auth denied
fi

To be more complete, the test should include logic that checks for other authorizations that use wildcards. For example, to test if the user has the solaris.admin.usermgr.write authorization, you need to check for the strings: solaris.admin.usermgr.write, solaris.admin.usermgr.*, solaris.admin.*, and solaris.*.

If you are writing a program, use the getauthattr()function to test for the authorization.

Previous: How to Add Security Attributes to Commands in a Script
Next: Chapter 20 Role-Based Access Control (Reference)