
3 HP-UX Role-Based Access Control
The information in this chapter describes
•“Overview”
•“Access Control Basics”
•
•“Planning the
•“Configuring
•“Using
•“Troubleshooting
Overview
Most enterprise environments have systems administered by multiple users. Typically this is accomplished by providing the administrators with the password to a common, shared account, known as root. While the root account simplifies access control management by enabling administrators with the root password to perform all
•After providing administrative users with the root password, there is no easy way to further constrain those users.
•In the best case, revoking access for a single administrator requires changing the common password and notifying other administrators. More realistically, simply changing the password is probably not sufficient to effectively revoke access because alternative access mechanisms might have already been implemented.
•Individual accountability with a shared root account is virtually impossible to achieve. Consequently, proper analysis after a security event becomes
The
HP-UX RBAC Versus Other RBAC Solutions
•Predefined configuration files specific to
•Flexible
•Integration with
•Pluggable architecture for customizing access control decisions
•Simplified usability through integration with the
•Graphical,
Overview 27