System Administration
cancel
Showing results for 
Search instead for 
Did you mean: 

Restricted SAM - Limiting Access to Specific Actions

 
Diana D. Miller
Occasional Contributor

Restricted SAM - Limiting Access to Specific Actions

I have successfully used Restricted SAM to narrow SAM choices for a specific user. This user currently has access to all menu options associated with Accounts for User's and Groups/Users. I want to be able to restrict the selections under the Actions to include the following items ONLY:
- Modify User's Password
- Reset User's Password
- Reactivate
Please provide any suggestions or solutions?
3 REPLIES 3
Florian Heigl (new acc)
Honored Contributor

Re: Restricted SAM - Limiting Access to Specific Actions

Hi,

I've never used restricted SAM, but I wonder if you could the missing functionability with HP-UX RBAC?

Maybe someone knows more about it - I don't :(
yesterday I stood at the edge. Today I'm one step ahead.
OldSchool
Honored Contributor

Re: Restricted SAM - Limiting Access to Specific Actions

I believe you're going to find that restricted SAM is limited to "areas", such as "User Administration" and therefore doesn't provide the "granularity" you are looking for.

Marlou Everson
Trusted Contributor

Re: Restricted SAM - Limiting Access to Specific Actions

Restrict it to the Routine Task area, add the modify password task in the area and then add a script in /usr/sam/lbin to do the password change. You probably do not want to allow root and other "important" users to be changed.

Here is a sample script:

/bin/echo 'Enter username: ' \
&& read input && echo $input | grep -vq -e root -e diana \
&& /usr/lbin/modprpw -k $input && /bin/passwd $input && echo "Changed" || echo "NOT changed"

/usr/lbin/modprpw -e $input


- Marlou