Predefined roles
A predefined set of roles is defined in the local role database ( /etc/security/roles ) on the new AIX® Version 6.1 and later installation. This set of roles is intended to group typical administrative responsibilities.
This set of roles serves as a suggested means of dividing administrative duties. Role administrators can modify or remove these roles or create new roles as needed for their environment. The following lists the provided roles and a brief description of each role's abilities.
Role name | Role description |
---|---|
auditadm | Audit Administrator. The auditadm role is responsible for configuring the auditing and logging policies of the system, including system-wide, single-user, and single-role attributes. This role has access to viewing the audit trail. |
fsadm | File System Administrator. The fsadm role creates file systems
and makes them available to users on the system. Some of the fsadm
role responsibilities include:
|
isso | Information System Security Officer. An ISSO is responsible
for creating and assigning roles and is therefore the most powerful
role on the system. Some ISSO responsibilities include:
|
pkgadm | Software Package Administrator. The pkgadm role is responsible for the software that is installed on the system, and has default permissions to install, update, and remove system software. |
sa | System Administrator. The SA role provides functionality
for daily administration and is responsible for:
|
secadm | Security Administrator. The secadm role maintains the security
settings on the system. The secadm assigns attributes like memberships
in groups, roles, authorizations, and clearances to users and assigns
roles that are not already specified with their roles. The secadm
role also assigns security attributes to system objects, including
RBAC settings, access control lists, ownership, and membership. Some
of the responsibilities of the secadm role include the following:
|
so | System Operator. The SO role provides functionality for day
to day operations and is responsible for:
|
svcadm | Service Administrator. The svcadm role enables, configures, and disables system services. This role allows the configuring of networking attributes such as IP addresses, routes, host names, and firewall policies. |
sysop | System Operator. The sysop role maintains the overall system
with permissions that include running system diagnostics and performing
routine system maintenance. Some of the tasks that the sysop is responsible
for include:
|
useradm | User Administrator. The useradm role is responsible for the higher level tasks related to user maintenance without managing passwords. The useradm creates, modifies, and deletes user accounts as defined by default security settings. This role also creates additional roles and groups with default security settings. |