NOTE: See cmdprivadm(1M) for information on all of the cmdprivadm arguments. Most arguments are optional and are filled in with reasonable defaults if nothing is specified.
NOTE: To modify an existing entry in the /etc/rbac/cmd_priv file, you must first delete the entry and then add the updated version back in. When you use cmdprivadm to delete entries, arguments act as filters. For example, specifying the cmdprivadm delete op=foo command removes all entries where the operation is foo. As a result of this, when you use cmdprivadm to delete entries, be careful to ensure that you specify sufficient arguments to uniquely identify the entries to be removed.
Hierarchical Roles
Use the following information to configure hierarchical roles and define a relationship between roles. See authadm(1m) for additional information about hierarchical roles.
Overview
One of the primary objectives of
One way to mitigate the problem where the number of roles approaches the number of users is to define relationships between roles. Specifically, if roles are comprised of other roles, it becomes easier to define groups of access rights that can be assigned to individual users. To improve usability and help limit the total number of roles,
Examples of Hierarchical Roles
By assigning a
Table 3-7 Example Roles Configuration in HP-UX RBAC B.11.23.02
Role | Authorizations |
Administrator | (hpux.user.*, *) |
| (hpux.network.service.*, *) |
| (hpux.network.device.*, *) |
| (hpux.security.*, *) |
UserOperator | (hpux.user.*, *) |
NetworkOperator | (hpux.network.service.*, *) |
| (hpux.network.device.*, *) |
NetworkServiceOperator | (hpux.network.service.*, *) |
40
