Quicksearch
Events
13.10 - 15.10 - Horizons EMEA
Trusted Ad
Blower Door Test
Luftdichtigkeitsmessung für Gebäude Raum Hamburg ab 160 excl. MwSt
www.m-tectum.de
Luftdichtigkeitsmessung für Gebäude Raum Hamburg ab 160 excl. MwSt
www.m-tectum.de
Kategorien
- Apple
- iPhone
- Aviation
- Bahn
- Begriffe des Lebens
- Blogosphere
- Braindump
- Business Travel
- CANBOX
- CeBIT
- CEC
- del.icio.us
- Fundsache
- General
- i hate sundays
- Kochen
- Mindfuck
- Movies
- Music
- On Benchmarketing
- Persoenliches Pech
- Photographie
- policy of ...
- Privacy
- Recommended Blogs
- Security
- Solaris
- Strange Days
- Sun
- suncec2007
- suncec2008
- Technology
- The IT Business
- Toolbox
- Travel
- Work
Entries tagged as rbac
Less known Solaris features: pfexec
Saturday, September 20. 2008
One of my first tutorials was the tutorial about RBAC. In this new tutorial i want to come back to this topic. In the RBAC tutorial i used
su to assume a different role. But Solaris offers an additional way to work with the privileges of a different role.
Continue reading "Less known Solaris features: pfexec"
Less known Solaris features: RBAC and Privileges
Monday, February 4. 2008
Iīve wrote a quite long tutorial about RBAC and privileges. I had to divide it into 4 seperate parts:
PS: The topic is quite complex, thus i simplified some coherences. I hope i didnīt oversimplified them ...
- Less known Solaris features: RBAC and Privileges - Part 1: Introduction
- Less known Solaris features: RBAC and Privileges - Part 2: Role based access control
- Less known Solaris features: RBAC and Privileges - Part 3: Privileges
- Less known Solaris features: RBAC and Privileges - Part 4: Epilogue
PS: The topic is quite complex, thus i simplified some coherences. I hope i didnīt oversimplified them ...
Less known Solaris features: RBAC and Privileges - Part 4: Epilogue
Monday, February 4. 2008
The story of root - reprise
And then there was root again. And root was allmighty. And this time, it wasnīt a bad thing. root was able to distribute the powers between the servants. But no one was as powerful as root. They had only the powers to do their job. But not more. One servant had still the problem with to many prayers, but now this servant wasnīt able to destroy the world.
And then there was root again. And root was allmighty. And this time, it wasnīt a bad thing. root was able to distribute the powers between the servants. But no one was as powerful as root. They had only the powers to do their job. But not more. One servant had still the problem with to many prayers, but now this servant wasnīt able to destroy the world.
Continue reading "Less known Solaris features: RBAC and Privileges - Part 4: Epilogue"
Less known Solaris features: RBAC and Privileges - Part 3: Privileges
Monday, February 4. 2008
Privileges
Weīve talked a lot about RBAC, roles, role profiles. But what are Privileges? Privileges are rights to do an operation in the kernel. This rights are enforced by the kernel. Whenever you do something within the kernel the access is controlled by the privileges.
Weīve talked a lot about RBAC, roles, role profiles. But what are Privileges? Privileges are rights to do an operation in the kernel. This rights are enforced by the kernel. Whenever you do something within the kernel the access is controlled by the privileges.
Continue reading "Less known Solaris features: RBAC and Privileges - Part 3: Privileges"
Less known Solaris features: RBAC and Privileges - Part 2: Role based access control
Monday, February 4. 2008
Some basic terms
As usual the world of RBAC has some special terms. Before using it, iīm want to explain the jargon. I copy the exact definition from the RBAC manual:
As usual the world of RBAC has some special terms. Before using it, iīm want to explain the jargon. I copy the exact definition from the RBAC manual:
Continue reading "Less known Solaris features: RBAC and Privileges - Part 2: Role based access control"
Less known Solaris features: RBAC and Privileges - Part 1: Introduction
Monday, February 4. 2008
The Story of root
And then there was root. And root was allmighty. And that wasnīt a good thing. root was able to control the world without any control. And root needed control. It was only a short chant between the mere mortals and root. Everybody with the knowledge of the magic chant was able to speak through root.
And then there was root. And root was allmighty. And that wasnīt a good thing. root was able to control the world without any control. And root needed control. It was only a short chant between the mere mortals and root. Everybody with the knowledge of the magic chant was able to speak through root.
Continue reading "Less known Solaris features: RBAC and Privileges - Part 1: Introduction"
SunCEC2007 Day 2: 1st breakout - RBAC by John Walsh
Wednesday, October 10. 2007
It wasnīt the presentation iīve expected, but that was my own fault ... reading the abstract before the presentation avoid surprises. I had expected a presentation about Solaris RBAC. Nevertheless the presentation by John Walsh was quite interesting, as it looked to Role Based Access Control from a organisatorial perspective: How to implement Roles? Where are the challenges in doing so?
I took some interesting information out of this breakout.
I took some interesting information out of this breakout.
- Often the first try of a customer to implement roles end in role explosion ( worstcase: vastly more roles than users)
- Donīt try to put 100% of all roles in your model. The project will never finish
- 80% of the people use 20% of the roles. 20% of the people use 80% of the roles.
- Based on this observation, define a standard set of roles for the 80% and use exceptions (together with a decent toolset) for the residual 20%
- There are two methods to determine roles: Top-Down (ask managers about roles) and bottum-up (ask authentication databases about roles). Mostly you end with using both methodologies in a hybrid approach. But whatever you choose to do, choose the methodology that has the least potential of role explosion
The LKSF book
The book with the consolidated Less known Solaris Tutorials is available for download here
Web 2.0
Contact
Networking
open.bc
LinkedIn
Facebook
My photos
- mail: joerg@c0t0d0s0.org
- icq: 144000169
- Me, myself and I
- openBC
- My del.icio.us
- c0t0d0s0@twitter
- c0t0d0s0@last.fm
- wiki@c0t0d0s0
- Amazon Wishlist
Networking
open.bc
My photos
Syndication
Getaggte Artikel
AMD Apple avs Bahn Blogging Blogosphere braindump Business Travel CeBIT cec cec2006 CMT del.icio.us deutsch dtrace fliegen Fundsache General Hamburg IBM i hate sundays Intel iscsi jumpstart Links Linux lksf Mindfuck Movies Music Musik Niagara Opensolaris Opteron Photographie policy of ... Politik Security Solaris storage Sun suncec2007 sunw t1 The IT Business Ultrasparc ultrasparc t1 Wirtschaft Work ZFS
Blog Administration
Buttons
Comments
Tue, 07.10.2008 13:35
Heute morgen auf dem Weg zur A rbeit lief im Radio das Lied A lleinesein. Die Stimme klingt nach Wolfsheim aber der [...]
Tue, 07.10.2008 13:03
Jo ... das ist enterprise-grad e ... es soll verhindern, das die Daten auf keinen Fall und unter keinen Umstaenden [...]
Tue, 07.10.2008 11:49
ob die Datenhalde eines typisc hen ct-Lesers schneller werden wuerde, wenn man sZIL und L2A RC auf nen USB-Stick leg [...]
Tue, 07.10.2008 11:48
da steht auch das ZFS nicht si nnhaft erkennt wenn man zwei P latten aus dem Raid-Verbund zi eht (hang forever+reboot [...]
Tue, 07.10.2008 11:43
Soll ja Leute geben, die c0t0d 0s0.org nicht lesen