Information Technology Reference
In-Depth Information
Profile Attributes Database (
prof_attr
)—Defines profiles. Also referred
to as the Extended Profile Attributes Database.
➤
Authorization Attributes Database (
auth_attr
)—Defines the authoriza-
tions.
➤
Execution Attributes Database (
exec_attr
)—Defines privileged opera-
tions. Also referred to as the Profile Execution Attributes Database.
➤
The
/etc/security/policy.conf
file defines the user-level security policy
configuration. It specifies the Authorizations and Profiles that are granted to
all users.
The User Database (
user_attr
) is located under the
/etc
directory, whereas the other
three databases and the
policy.conf
file are under the
/etc/security
directory.
Figure 12.1 shows the relationship between the four database files. The User
Attributes Database assigns profiles to user accounts and roles by referenc-
ing entries in the Profile Attributes Database. Likewise, the User Attributes
Database assigns authorizations to user accounts and roles by referencing
entries in the Authorization Attributes Database.
The Profile Attributes Database profiles assign authorizations to profiles by
referencing entries in the Authorization Attributes Database. The privileged
operations defined in the Execution Attributes Database are associated with
a profile by including the name of the profile in the Execution Attributes
Database.
User Attributes Database
Profile Attributes Database
Authorization Attributes Database
Execution Attributes Database
Figure 12.1
Relationship among the RBAC database files.
The User Attributes Database (user_attr)
The
/etc/user_attr
file is the key database of the RBAC. It assigns profiles
and/or authorizations to user accounts. It also defines roles (as one or more
authorizations and/or profiles). Table 12.1 lists the colon-delimited fields of
the
user_attr
file.