[ Previous |
Next |
Contents |
Glossary |
Home |
Search ]
AIX Version 4.3 Commands Reference, Volume 1
chrole Command
Purpose
Changes role attributes.
This command applies only to AIX Version 4.2.1 and later.
chrole Attribute=Value ... Name
Description
The
chrole
command changes attributes for the role identified by the
Name
parameter. The role name must already exist. To change an attribute, specify the attribute name and the new value with the
Attribute=Value
parameter.
If you specify a single incorrect attribute or attribute value with the
chrole command, the command does not change any attribute.
You can use the Web-based System Manager Users application
(wsm users; fast path) to run this
command. You could also use the System Management Interface
Tool (SMIT) smit chrole fast path to run this command.
Restrictions on Modifying Roles
To ensure the integrity of the role information, only users with the
RoleAdmin
authorization can modify the attributes of a role.
Attributes
If you have the proper authority, you can set the following user attributes:
authorizations
|
List of additional authorizations required for this role beyond those defined by the roles in the rolelist
attribute.
The Value parameter
is a list of authorization names, separated by commas. |
groups
|
List of groups to which a user should belong, in order to effectively use this role. This attribute is for information only and does not automatically make the user a member of the list of groups. The Value parameter
is a list of group names, separated by commas. |
msgcat
|
Contains a message catalog number for referencing the msgnum
attribute.
The
Value
parameter is an integer. |
msgnum
|
Contains the index into a message catalog for a description of the role.
The
Value
parameter is an integer. |
rolelist
|
Lists the roles implied by this role. The Value
parameter is a list of role names, separated by commas. |
screens
|
Lists the SMIT screen identifiers allowing roles to be mapped to various SMIT screens. The Value
parameter is a list of SMIT screen identifiers, separated by commas. |
visibility |
Specifies the role's visibility status to the system. The
Value
parameter is an integer. Possible values are:
- 1
- The role is enabled, displayed, and selectable. Authorizations contained in this role are applied to the user. If the attribute does not exist or has no value, the default value is 1.
- 0
- The role is enabled and displayed as existing, but
not
selectable through a visual interface. Authorizations contained in this role are applied to the user.
- -1
- The role is disabled. Authorizations contained in this role are
not
applied to the user.
|
Security
Files Accessed:
Mode |
File |
rw |
/etc/security/roles |
r |
/etc/security/user.roles |
Auditing Events:
Event |
Information |
ROLE_Change
|
role, attribute |
Examples
- To change the authorizations
of the role ManageUserBasic
to PasswdAdmin, enter:
chrole authorizations=PasswdAdmin ManageUserBasic
Files
Related Information
The
lsrole
command,
mkrole
command,
rmrole
command,
chuser
command,
lsuser
command,
mkuser
command.
Setting up and running Web-based System Management in AIX Version 4.3 System Management Guide: Operating System and Devices.
Security Administration
in
AIX Version 4.3 System Management Guide: Operating System and Devices
.
Administrative Roles Overview
in
AIX Version 4.3 System Management Guide: Operating System and Devices
.
[ Previous |
Next |
Contents |
Glossary |
Home |
Search ]