[ Next Article | Previous Article | Book Contents | Library Home | Legal | Search ]
Commands Reference, Volume 1

chrole Command

Purpose

Changes role attributes. This command applies only to AIX Version 4.2.1 and later.

Syntax

chrole Attribute=Value ... Name

Description

The chrole command changes attributes for the role identified by the Name parameter. The role name must already exist. To change an attribute, specify the attribute name and the new value with the Attribute=Value parameter.

If you specify a single incorrect attribute or attribute value with the chrole command, the command does not change any attribute. You can use the Web-based System Manager Users application (wsm users; fast path) to run this command. You could also use the System Management Interface Tool (SMIT) smit chrole fast path to run this command.

Restrictions on Modifying Roles

To ensure the integrity of the role information, only users with the RoleAdmin authorization can modify the attributes of a role.

Attributes

If you have the proper authority, you can set the following user attributes:

authorizations List of additional authorizations required for this role beyond those defined by the roles in the rolelist attribute. The Value parameter is a list of authorization names, separated by commas.
groups List of groups to which a user should belong, in order to effectively use this role. This attribute is for information only and does not automatically make the user a member of the list of groups. The Value parameter is a list of group names, separated by commas.
msgcat Contains a message catalog number for referencing the msgnum attribute. The Value parameter is an integer.
msgnum Contains the index into a message catalog for a description of the role. The Value parameter is an integer.
rolelist Lists the roles implied by this role. The Value parameter is a list of role names, separated by commas.
screens Lists the SMIT screen identifiers allowing roles to be mapped to various SMIT screens. The Value parameter is a list of SMIT screen identifiers, separated by commas.
visibility Specifies the role's visibility status to the system. The Value parameter is an integer. Possible values are:
1 The role is enabled, displayed, and selectable. Authorizations contained in this role are applied to the user. If the attribute does not exist or has no value, the default value is 1.
0 The role is enabled and displayed as existing, but not selectable through a visual interface. Authorizations contained in this role are applied to the user.
-1 The role is disabled. Authorizations contained in this role are not applied to the user.

Security

Files Accessed:

Mode File
rw /etc/security/roles
r /etc/security/user.roles

Auditing Events:

Event Information
ROLE_Change role, attribute

Examples

  1. To change the authorizations of the role ManageUserBasic to PasswdAdmin, enter: 
    chrole authorizations=PasswdAdmin ManageUserBasic

Files

/etc/security/roles Contains the attributes of roles.
/etc/security/user.roles Contains the role attribute of users.

Related Information

The lsrole command, mkrole command, rmrole command, chuser command, lsuser command, mkuser command.

Setting up and running Web-based System Manager in AIX Version 4.3 System Management Guide: Operating System and Devices.

Security Administration in AIX Version 4.3 System Management Guide: Operating System and Devices.

Administrative Roles Overview in AIX Version 4.3 System Management Guide: Operating System and Devices.

[ Next Article | Previous Article | Book Contents | Library Home | Legal | Search ]