System-defined authorizations
AIX® provides a predefined and non-modifiable set of authorizations. These are known as System-Defined Authorizations. These authorizations are associated with various privileged AIX operations; the association is specified in the Privileged Command Database.
At the top of the system-defined authorization hierarchy is the aix authorization.
This authorization is the parent of all other system-defined authorizations.
Granting this authorization to a role grants every system-defined authorization
to the role. To display the complete set of AIX system-defined
authorizations and a brief description of each authorization, run the following
command:
lsauth –f –a description ALL_SYS
The output of the above command shows that the list of system-defined authorizations is a multi-level hierarchy. For example, the aix authorization has several immediate children. Each of those children is then a parent of another hierarchy. The aix.fs authorization includes multiple child authorizations, including aix.fs.manage, which in turn includes multiple authorizations such as aix.fs.manage.change, and aix.fs.manage.create.