Create a role definition for temporarily running as root
After you have defined the right to switch to the root user, you can create a role definition for that right.
To create a role definition with the right to run the emergency_access command:
- Open Access Manager.
- Expand Zones and the individual parent or child zones required to select the zone name where you want to create the new role definition.
- Expand Authorization.
- Select Role Definitions, right-click, then click Add Role.
Type a name and description for the new role.
For example, type a name such as emergency_access and descriptive text such as Users with this role can temporarily run commands with root privileges.
Click Available Times to specify days of the week or select times of the day for making the role definition available.
For example, you might want to allow access only on Friday, Saturday, and Sunday and deny access the rest of the week. After you have set the days and times for the role definition to be available, click OK.
- Click OK to save the role definition.
- Select the new role definition, right-click, then click Add Right.
Select the emergency_access command you defined for switching to the root user, then click OK.
To use this role, a user must be assigned to the UNIX Login role for the zone or a role definition that has, at a minimum, the following System Rights:
- Password login and non-password (SSO) login are allowed
- Login with non-Restricted Shell