Using PAM application rights
Most of the applications you run on Linux and UNIX computers are configured to use a pluggable authentication module (PAM) to control access. Secure shell (ssh), login, and file transfer (ftp) services are all examples of PAM-enabled applications.
If you have a role assignment with access to PAM-enabled application rights, you can run one or more specific applications using the administrative privileges defined for your role. The administrator defines the specific PAM application rights that you have in each role you are assigned. If you have a role assignment with application access rights, the administrator specifies the arguments you can use when running the application and the account used to run the application.