The RBAC security files that work with the Solaris Management Console are created when you upgrade to or install the Solaris 9 release. If you do not install the Solaris Management Console packages, the RBAC security files are installed without the necessary data for using RBAC. For information on the Solaris Management Console packages, see Troubleshooting the Solaris Management Console.
The RBAC security files in the Solaris 9 release are included in your name service so that you can use the Solaris Management Console tools in a name service environment.
The security files on a local server are populated into a name service environment as part of a standard upgrade by the ypmake, nispopulate, or equivalent LDAP commands. The following name services are supported:
NIS
NIS+
LDAP
files
The projects database is not supported in the NIS+ environment.
The RBAC security files are created when you upgrade to or install the Solaris 9 release.
This table briefly describes the pre-defined security files that are installed on a Solaris 9 system.
Table 2–3 RBAC Security Files
Local File Name |
Table or Map Name |
Description |
---|---|---|
/etc/user_attr |
user_attr |
Associates users and roles with authorizations and rights profiles. |
/etc/security/auth_attr |
auth_attr |
Defines authorizations and their attributes and identifies associated help files. |
/etc/security/prof_attr |
prof_attr |
Defines rights profiles, lists the rights profiles assigned authorizations and identifies associated help files. |
/etc/security/exec_attr |
exec_attr |
Defines the privileged operations assigned to a rights profile. |
For unusual upgrade cases, you might have to use the smattrpop command to populate RBAC security files in the following instances:
When creating or modifying rights profiles, or
When you need to include users and roles by customizing the usr_attr file.
For more information, see “Role-Based Access Control (Overview)” in System Administration Guide: Security Services.