System Administration Guide
Chapter 1, Administering user accounts

Secondary authorizations

Secondary authorizations

Secondary authorizations allow limited access by users to resources that would otherwise be tightly controlled (for example, without the printqueue authorization, users would only be able to see their own jobs when they use the lpstat command). They are useful when running the Improved or High security profiles to provide behavior that is more consistent with other UNIX systems.

Table 1-3 Secondary authorizations

 -----------------------------------------------------------------------
 Secondary       Parent          Powers
 authorization   authorization
 -----------------------------------------------------------------------
 audittrail      audit           generate personal audit reports on
                                 one's own activities
 backup_create   backup          create (but not restore) backups
 restore         backup          restore (but not create) backups
 queryspace      backup          use df(C) command to query disk space
 printqueue      lp              view all jobs in queue using lpstat(C) 
 printerstat     lp              use printer enable/disable commands
 su              auth            access the root (superuser) account and
                                 other accounts.  Access still requires
                                 a password; see ``Accessing other
                                 accounts with su(C)'' for more
                                 information.
 shutdown        root            use the Shutdown Manager or shutdown in
                                 conjunction with the asroot(ADM) 
                                 command as described in ``Allowing
                                 users to execute superuser commands'' 


NOTE: When the primary authorization for a subsystem is granted, the secondary authorizations for that subsystem are also granted. (For example, the lp authorization carries the printqueue and printerstat authorizations.)