Being curious, I googled "AIX RBAC examples". Top hits:
- Article from developerworks, 2009 - which I'll comment on below
- Link to RBAC documentation, AIX 6.1 Infocenter (no comments)
- Link to (my) SecuringAIX RBAC example from a few weeks back (see below)
- BLOG article as quick primer on RBAC in 2007 - when it was real new! (see below)
- AIXmind article describing howto create a role (see below)
However, I diverge from today's topic: what can we find on the internet?
Understanding advanced AIX features: Role-based access control in simple steps
This is written by an IMBer in India, probably (then) part of the AIX security development team. I like his introduction "Security Management Overview". Few words, right to the heart of the matter. We approach the core concepts from slightly different viewpoints - accent is probably a better word. My accent is to put more emphasis on authorizations.
Infocenter AIX Security, AIX 6.1
Not going to comment here: it is a manual, meant to be the reference (or the AIX 7.1 version).
SecuringAIX, September 2012
Rather than just name the commands I try to place the commands more in context. I am happy it is scoring so well on Google. If I focus on the content - it is different, but similar to what is already available. And some of that was because my editor told me to shorten it. I see it as my quick and dirty methodolgy - which is also what #4 and #5 wanted to do. Touch on what needs to be done. The key weakness with #3, #4 and #5 is the lack of a quick summary - and the assumption that everything goes write the first time. That is not reality.
My hint to you: keep watching IBM SystemsMagazine - AIX because around 12 October my "more detailed" article/example will go live.
SysAdminSunday: Quick RBAC Primer, November 2007
I have to complement the author. He did cover all the topics, and color coded what "root" does, and what "non-root" users do. But, just like #1 - he blesses the standard three roles (isso, sa, so) - which were roles that always frustrated me because I never knew what was up or down when using sa/so. This year I found, and lost, a paragraph in #2 (the MANUAL) that isso, sa, and so are intended to server as "examples" as to how RBAC could be implemented - implying - not as finished!
Creation of a Custom Role in Enhanced RBAC, March 2010
Yes - he runs you through the commands in the right order. Yes, it is short and to the point. No, does not instill me with any understanding of how to use this on a larger scale nor why it could be really important to me as a system administrator or business owner. So, if you already understand the concepts, and what you want to accomplish this article may help you get your initial scripts written.
Til next time,
Til next time,
Michael AM (Michael in the Morning)