Using the enhanced RBAC mode switch
A system-wide configuration switch is provided to disable the enhanced RBAC capabilities and revert to legacy RBAC behavior.
A system administrator can disable enhanced RBAC mode
by running the chdev command on the sys0 device
and specifying the enhanced_RBAC attribute with a value of false and
then rebooting the system. The mode can be switched back to enhanced RBAC
mode by setting the enhanced_RBAC attribute to true and then
rebooting the system.
- To revert to legacy RBAC mode, run the following command:
chdev -l sys0 -a enhanced_RBAC=false - To list the value of the enhanced_RBAC attribute, run the following
command:
lsattr -E -l sys0 -a enhanced_RBAC
In a WPAR environment, the RBAC mode can only be configured from the
global system and affects the global as well as all WPARs.
Note: Disabling
the enhanced RBAC mode may lower the security threshold of your system, especially
in a WPAR.