RBAC Authorizations

An authorization is a discrete right that can be granted to a role or user. RBAC-compliant applications can check a user's authorizations prior to granting access to the application or specific operations within it. This check replaces the check in conventional UNIX applications for UID=0. For more information on authorizations, see "Authorizations", "The auth_attr Database", and "Commands That Require Authorizations".

RBAC Rights Profiles

A rights profile is a collection of system overrides that can be assigned to a role or user. A rights profile can contain commands with effective or real UIDs or GIDs defined, authorizations, and other rights profiles. Rights profile information is split between the prof_attr and exec_attr databases. For more information on rights profiles, see "Contents of Rights Profiles", "The prof_attr Database", and "The exec_attr Database".

Name Service Scope

Name service scope is an important concept for understanding RBAC. The scope in which a role can operate might apply to an individual host or to all hosts that are served by a name service such as NIS, NIS+, or LDAP. The precedence of local configuration files versus distributed databases is specified in the file /etc/nsswitch.conf. A lookup stops at the first match. For example, if a profile exists in two scopes, only the entries in the first scope are used.


	RBAC Authorizations An authorization is a discrete right that can be granted to a role or user. RBAC-compliant applications can check a user's authorizations prior to granting access to the application or specific operations within it. This check replaces the check in conventional UNIX applications for `UID=0`. For more information on authorizations, see "Authorizations", "The `auth_attr` Database", and "Commands That Require Authorizations". RBAC Rights Profiles A rights profile is a collection of system overrides that can be assigned to a role or user. A rights profile can contain commands with effective or real UIDs or GIDs defined, authorizations, and other rights profiles. Rights profile information is split between the `prof_attr` and `exec_attr` databases. For more information on rights profiles, see "Contents of Rights Profiles", "The `prof_attr` Database", and "The `exec_attr` Database". Name Service Scope Name service scope is an important concept for understanding RBAC. The scope in which a role can operate might apply to an individual host or to all hosts that are served by a name service such as NIS, NIS+, or LDAP. The precedence of local configuration files versus distributed databases is specified in the file `/etc/nsswitch.conf`. A lookup stops at the first match. For example, if a profile exists in two scopes, only the entries in the first scope are used.