System Administration Guide
Chapter 1, Administering user accounts

Primary authorizations

Primary authorizations

Primary authorizations effectively divide superuser powers into subsystems, allowing you to assign only the capabilities you want the user to have. Use secondary authorizations to assign more limited capabilities to normal users.

Users lacking the required authorization to run a SCOadmin manager will see the message You are not authorized to run... 

WARNING: The auth subsystem authorization should only be assigned to persons entrusted with account administration. Never assign auth by default because it permits users to make changes to any account, including root. The backup, sysadmin, and passwd authorizations can be similarly abused -- do not assign them lightly.

Table 1-2 Primary authorizations

 Authorization   SCOadmin             Powers
 mem                                 access to system data tables, listing
                                      all processes on the system
 terminal                            unrestricted use of the write(C) 
 lp              Printer Manager      administer printers
 backup          Backup Manager       perform backups
 auth            Account Manager      administer accounts and terminals:
                 Terminal Manager     adding users, changing passwords,
                                      controlling logins
 audit           Audit Manager        run system audits and generate reports
 cron            Cron Manager         control use of cron(C) at(C) and
                                      batch(C) commands
 root                                use any command found in
                                      /tcb/files/rootcmds -- see ``Allowing
                                      users to execute superuser commands'' 
 sysadmin        Filesystem Manager   alter mount configuration
 passwd          -                    manage system passwords using passwd(C)

NOTE: Certain SCOadmin managers require more than one authorization. For example, to run the Backup Manager (backup authorization), you also need the sysadmin authorization (to mount filesystems).