swrole command

Description

The swrole command creates a new role session with the roles that are specified by the Role parameter. The Role parameter must be composed of the names of roles in the roles attribute of the user. Before creating a new role session, the swrole command performs authentication according to the auth_mode attribute of the chrole command for the specified roles. If any of the specified roles requires authentication, the user must be successfully authenticated for the action to be performed. If none of the specified roles require authentication, no authentication is requested.

The swrole command creates a new role session with the specified roles added to the active role set of the session. The ALL keyword specifies that a role session is created with all the roles that are assigned to the user. Role sessions are limited to eight roles per session. If a user has more than eight roles, only the first eight roles are assigned to the role session when the ALL keyword is specified. Creation of a new role session preserves the user environment for the current session.

Any argument, such as a flag or a parameter, which is specified by the Arguments parameter, must relate to the login shell that is defined for the user. The arguments are passed to the login shell that is created for the role session.

To restore the previous session, type exit or press the Ctrl-D. The action ends the shell that was created by the swrole command and returns the user to the previous shell and environment.

Each time the swrole command is run, an entry is made in the /var/adm/rolelog file. The /var/adm/rolelog file records the following information: date, time, system name, login name, and role name. The /var/adm/rolelog file also records whether or not the role initiation attempt is successful: A plus sign (+) indicates a successful role initiation and a minus sign (-) indicates an unsuccessful role initiation.