RBAC privileges

The enhanced RBAC framework relies heavily on system privileges to allow non-privileged users to perform privileged tasks. A privilege is a mechanism used to grant a process augmented functionality in system calls.

The concept of privileges is primarily a kernel-level construct since the definition and most of the checking occurs in the kernel. However, user-level interfaces are provided to handle the assignment of privileges to commands, devices, and processes.

It is important to note the difference between privileges and authorizations. Both privileges and authorizations are used to control certain allowable exceptions to system security policy. The defining difference between privileges and authorizations is that privileges are associated with specific processes, while authorizations are associated with users through roles. Authorizations reside with a role and the user who has the role, and do not depend on the program that is being run. Privileges reside with the program and provide the mechanism to fine tune the system security policy. Because of these associated privileges, the process is eligible to perform the related privileged operation.

Privileges are defined in the AIX® kernel as individual bits of a bit-mask which enforce access control over privileged operations. Over 100 privileges are provided with AIX, providing for a very fine granular control of privileged operations. When determining access in a system call, the kernel determines if the process has the required associated privilege bit and then grants or denies the request.

Privileges are assigned to command invocations through the privileged command database and privileges are used to control access to devices through the privileged device database.