Legacy authorization migration
Prior to AIX® Version 6.1 the operating system had a limited, predefined set of authorizations that were recognized by the operating system. These authorizations were not defined in any file on the system, but could be readily assigned to roles. To support these legacy authorizations within the new AIX Version 6.1 and later RBAC framework, these legacy authorizations are defined as user-defined authorizations and are provided by default in the authorization database.
Since the AIX operating system is moving to a new authorization naming convention, any checks for old authorization names in the AIX operating system have been modified to additionally check for the new corresponding authorization and allow access if either authorization exists for the process. The following table lists the legacy predefined authorizations and the corresponding new system-defined authorizations.
| Existing AIX Authorization | Corresponding New Authorization |
|---|---|
| Backup | aix.fs.manage.backup |
| Diagnostics | aix.system.config.diag |
| DiskQuotaAdmin | aix.fs.manage.quota |
| GroupAdmin | aix.security.group |
| ListAuditClasses | aix.security.audit.list |
| PasswdAdmin | aix.security.passwd |
| PasswdManage | aix.security.passwd.normal |
| UserAdmin | aix.security.user |
| UserAudit | aix.security.user.change |
| RoleAdmin | aix.security.role |
| Restore | aix.fs.manage.restore |