You are currently on IBM Systems Media’s archival website. Click here to view our new website.

AIX > Administrator > Security

AIX Domain RBAC Boosts Security in a Complex World

Editor’s note: This is the first in a two-part series on AIX’s domain role-based access control feature (Domain RBAC). Part 1 provides an overview of this security function, while the second will delve into greater specifics.

In today’s complex data-center/cloud-computing environment, security has become the major focus. In the ever-increasing world of server consolidation, security provided by the physical isolation is diminishing, thus, increasing the concerns of system administrators. More and more, security technologies are emerging to address these concerns. One such technology is the domain’s support in the role-based access control (RBAC) feature of AIX 6.1 TL6 and AIX 7.1. It provides isolation capabilities to AIX to support multi-tenancy environments.

Many enterprises resort to granting super-user privileges to not only the system administrators but also the DBAs and the application developers. This level of access to so many is a clear security issue. A security feature, called Enhanced RBAC and introduced in AIX 6.1, addresses this problem by implementing the RBAC system, which allows a mechanism where in non-root users can perform specific privileged administration tasks.

Enhanced RBAC provides key elements, including authorizations, roles and privileges as mechanisms to enable RBAC. Authorizations are the key to access commands or specific functionality. Most management commands are linked with relevant authorizations and the access to these commands can be granted or denied based on the authorizations of the user. To simplify the assignment of authorizations to the user, relevant authorizations are clubbed together into an entity called roles and the roles are then assigned to user. Typically, similar authorizations or those sufficient enough to perform some specific job function are brought under one role.

In the traditional UNIX, the applications interact with the OS using well-defined system calls, which enforce checks and allow users to successfully perform the requested operations only if the individual is entitled to the operation or is the root user. To facilitate this and safeguard, Enhanced RBAC introduces “privileges” to bypass these checks. The privileges are dependent upon the system services, and appropriate privileges are assigned to the commands that need to interact with such services.

George M Koikara is a senior programmer in AIX development and has worked across multiple technologies in AIX. He is an expert on security and in particular trusted computing and multilevel-based security. He led and developed many of the security features of AIX 6.1.

Guha Prasad Venkataraman is one of the AIX architects and leads the AIX India development team. He has 19 years of IT experience and has contributed toward AIX Network Security as well.

Pruthvi Panyam Nataraj is a senior programmer in AIX development and has worked across multiple components of the AIX OS. He is an expert on trusted platform architecture and was instrumental in the implementation of the Trusted Execution function in AIX 6,1. He also is an expert in IPSecurity and IKE2 protocols.

Saurabh Desai is an architect for AIX. He has more than 20 years of experience in the IT industry, mostly with IBM. Saurabh has in-depth knowledge of OS internals and has worked across AIX and Linux. He is an expert in process management and security. He led and implemented many of the security features in AIX 6.1.

Vidya Ranganathan started her career with IBM and has 13-plus years of IT experience. She is IBM Master Inventor and senior AIX kernel developer/technical advisor with expertise in security and file system technologies. She has worked on many areas including kernel debugger, memory subsystems and many more.



2019 Solutions Edition

A Comprehensive Online Buyer's Guide to Solutions, Services and Education.

Hardening the Cloud

Security considerations to protect your organization

Verify System Integrity

AIX 6.1 and Trusted Execution help ensure secure systems

A Bankable Solution

AIX Cryptographic Services improves security while simplifying administration

IBM Systems Magazine Subscribe Box Read Now Link Subscribe Now Link iPad App Google Play Store
IBMi News Sign Up Today! Past News Letters