https://community.hpe.com/t5/operating-system-hp-ux/non-root-role-based-admin/m-p/2926392#M110718 You've pretty well covered the options that I'm aware of. The best option really depends on the circumstances and what you're trying to accomplish. I would guess that a combination of sudo and restricted SAM should pretty much cover anything, but SCM could be helpful, too.<BR /><BR /><BR />Pete Thu, 13 Mar 2003 14:37:23 GMT Pete Randall 2003-03-13T14:37:23Z https://community.hpe.com/t5/operating-system-hp-ux/non-root-role-based-admin/m-p/2926391#M110717 Hello.<BR /><BR />Other than SCM, sudo, runas, uid=0, and restricted sam, what software and/or methods exist to allow non-root/role based administration?<BR /><BR />In your opinion, what is the best option (including the above)? <BR /><BR />Thanks for your help. Thu, 13 Mar 2003 14:33:37 GMT https://community.hpe.com/t5/operating-system-hp-ux/non-root-role-based-admin/m-p/2926391#M110717 Scot Sroka 2003-03-13T14:33:37Z https://community.hpe.com/t5/operating-system-hp-ux/non-root-role-based-admin/m-p/2926392#M110718 You've pretty well covered the options that I'm aware of. The best option really depends on the circumstances and what you're trying to accomplish. I would guess that a combination of sudo and restricted SAM should pretty much cover anything, but SCM could be helpful, too.<BR /><BR /><BR />Pete Thu, 13 Mar 2003 14:37:23 GMT https://community.hpe.com/t5/operating-system-hp-ux/non-root-role-based-admin/m-p/2926392#M110718 Pete Randall 2003-03-13T14:37:23Z https://community.hpe.com/t5/operating-system-hp-ux/non-root-role-based-admin/m-p/2926393#M110719 I agree with Pete in that you've covered the options available pretty well. <BR /><BR />I like sudo and restricted sam where applicable as well. Thu, 13 Mar 2003 14:56:39 GMT https://community.hpe.com/t5/operating-system-hp-ux/non-root-role-based-admin/m-p/2926393#M110719 Patrick Wallek 2003-03-13T14:56:39Z https://community.hpe.com/t5/operating-system-hp-ux/non-root-role-based-admin/m-p/2926394#M110720 Hi,<BR /><BR />You have covered all available methods.<BR /><BR />In my opinion sudo is the best option to provide non root based admin Thu, 13 Mar 2003 15:10:43 GMT https://community.hpe.com/t5/operating-system-hp-ux/non-root-role-based-admin/m-p/2926394#M110720 Ravi_8 2003-03-13T15:10:43Z https://community.hpe.com/t5/operating-system-hp-ux/non-root-role-based-admin/m-p/2926395#M110721 The only thing you did not list was CA's eTrust products. (admin/access control) They are not cheap. The role based stuff is pretty much like sudo, repackaged and pretty. (It is good for if you have alot of servers with alot of users to manage, though.) <BR /><BR />If you only have a few servers or aren't trying to manage permissions for 200+ users with 10+ different permission levels, use sudo. Otherwise, that's all you will do for months until everyone's happy. (I would definitely use sudo if you are only talking about a few different groups with relatively few special permissions.) Make sure you do not allow 'su su root' in your sudo, so you don't defeat your point...<BR /><BR />Hope it helps.<BR /><BR />John Thu, 13 Mar 2003 15:24:44 GMT https://community.hpe.com/t5/operating-system-hp-ux/non-root-role-based-admin/m-p/2926395#M110721 John Payne_2 2003-03-13T15:24:44Z https://community.hpe.com/t5/operating-system-hp-ux/non-root-role-based-admin/m-p/2926396#M110722 I use restricted SAM...and PowerBroker (third party vendor).<BR /><BR />Rgrds,<BR />Rita<BR /> Thu, 13 Mar 2003 15:26:01 GMT https://community.hpe.com/t5/operating-system-hp-ux/non-root-role-based-admin/m-p/2926396#M110722 Rita C Workman 2003-03-13T15:26:01Z