System Administration
cancel
Showing results for 
Search instead for 
Did you mean: 

Restricted SAM - Limiting Access to Specific Actions

 
Occasional Contributor

Restricted SAM - Limiting Access to Specific Actions

I have successfully used Restricted SAM to narrow SAM choices for a specific user. This user currently has access to all menu options associated with Accounts for User's and Groups/Users. I want to be able to restrict the selections under the Actions to include the following items ONLY:
- Modify User's Password
- Reset User's Password
- Reactivate
Please provide any suggestions or solutions?
3 REPLIES 3
Honored Contributor

Re: Restricted SAM - Limiting Access to Specific Actions

Hi,

I've never used restricted SAM, but I wonder if you could the missing functionability with HP-UX RBAC?

Maybe someone knows more about it - I don't :(
yesterday I stood at the edge. Today I'm one step ahead.
Honored Contributor

Re: Restricted SAM - Limiting Access to Specific Actions

I believe you're going to find that restricted SAM is limited to "areas", such as "User Administration" and therefore doesn't provide the "granularity" you are looking for.

Trusted Contributor

Re: Restricted SAM - Limiting Access to Specific Actions

Restrict it to the Routine Task area, add the modify password task in the area and then add a script in /usr/sam/lbin to do the password change. You probably do not want to allow root and other "important" users to be changed.

Here is a sample script:

/bin/echo 'Enter username: ' \
&& read input && echo $input | grep -vq -e root -e diana \
&& /usr/lbin/modprpw -k $input && /bin/passwd $input && echo "Changed" || echo "NOT changed"

/usr/lbin/modprpw -e $input


- Marlou