Converting user specifications

In the sudoers file, user specifications make use of the alias definitions to assign commands and privileges to users. After you import the sudoers file, you can convert the user specifications into role assignments.

To convert user specifications to role definitions and role assignments

  1. Open Access Manager.
  2. Expand Zones and the individual parent or child zones required to select the zone name into which you imported the sudoers file.
  3. Expand Authorization and Sudoers, then select User Specifications.
  4. Select the name of a user specification, right-click, then select Import.
  5. Review the list of commands to be created, then click Next.
  6. Verify the name of the role definition name to be created, then click Next.

    By default, the role definition is named Role_n. You can change it after it is created.

  7. If the user or group defined in the imported user specification is not found in the zone, the role assignment to be created is displayed and you can click Next, then click Finish.

    If the user or group defined in the imported user specification is not found in the zone, the role assignment will fail and the role displays an error (). Click Cancel to exit the wizard and add the user or group to Active Directory and the zone.

    Importing a user specification will fail if the user or group defined in the user specification is not found in the zone or if no computers are defined for the host alias in the user specification are found in the zone.

  8. Rename the role definition by expanding Authorization and Role Definitions.

    • Select the new role definition, for example, Role_2.
    • Right-click, then select Rename
    • Type a new name for the role definition.

The role definitions you create from a sudoers specification do not contain the UNIX system rights or PAM access rights. You can assign these rights through a separate role assignment or by add the appropriate UNIX system rights and PAM access rights to the new role definitions.