Restricted SAM - Limiting Access to Specific Actions

Diana D. Miller · ‎11-25-2008

I have successfully used Restricted SAM to narrow SAM choices for a specific user. This user currently has access to all menu options associated with Accounts for User's and Groups/Users. I want to be able to restrict the selections under the Actions to include the following items ONLY:
- Modify User's Password
- Reset User's Password
- Reactivate
Please provide any suggestions or solutions?

Florian Heigl (new acc) · ‎11-25-2008

Hi,

I've never used restricted SAM, but I wonder if you could the missing functionability with HP-UX RBAC?

Maybe someone knows more about it - I don't :(

yesterday I stood at the edge. Today I'm one step ahead.

OldSchool · ‎11-25-2008

I believe you're going to find that restricted SAM is limited to "areas", such as "User Administration" and therefore doesn't provide the "granularity" you are looking for.

Marlou Everson · ‎12-05-2008

Restrict it to the Routine Task area, add the modify password task in the area and then add a script in /usr/sam/lbin to do the password change. You probably do not want to allow root and other "important" users to be changed.

Here is a sample script:

/bin/echo 'Enter username: ' \
&& read input && echo $input | grep -vq -e root -e diana \
&& /usr/lbin/modprpw -k $input && /bin/passwd $input && echo "Changed" || echo "NOT changed"

/usr/lbin/modprpw -e $input

- Marlou

Restricted SAM - Limiting Access to Specific Actions

Restricted SAM - Limiting Access to Specific Actions

Re: Restricted SAM - Limiting Access to Specific Actions

Re: Restricted SAM - Limiting Access to Specific Actions

Re: Restricted SAM - Limiting Access to Specific Actions

Hewlett Packard Enterprise International