rolelist Command
Purpose
Displays role information for a user or process.
Syntax
Description
The rolelist command provides role and authorization information to the invoker about their current roles or the roles assigned to them. If no flags or arguments are specified, the rolelist command displays the list of roles assigned to the invoker on the real user ID with the text description of each role if one is provided in the roles database. Specifying the -e flag outputs information about the current effective active role set for the session. If the invoker is not currently in a role session and specifies the -e flag, no output is displayed. Specifying the -a flag displays the authorizations associated with the roles instead of the text description.
The rolelist command also allows a privileged user to list the role information for another user or for a process. Specifying a user name with the -u flag allows a privileged user to list the roles assigned to another user. The active role set of a given user cannot be determined because the user can have multiple active role sessions. Therefore, if the -u flag is specified, the -e flag is not allowed. Specifying a process ID with the -p flag allows a privileged user to display the roles associated with a process. The command fails immediately if invoked by a non-privileged user when the -u or -p flag is specified.
The authorization information displayed by the rolelist command is retrieved from the kernel security tables. The information can differ with the current state of the roles database if it is modified after the kernel security tables are updated.
Flags
| Item | Description |
|---|---|
| -a | Displays the authorizations assigned to each role instead of the role description. |
| -e | Displays information about the effective active role set of the session. |
| -u username | Displays role information for the specified user. |
| -p PID | Displays role information of the specified process. |
Security
| Item | Description |
|---|---|
| aix.security.role.list | Required to invoke the command on another user. |
| aix.security.proc.role.list | Required to list the roles associated with a process. |
Attention RBAC users and Trusted AIX® users: This command can perform privileged operations. Only privileged users can run privileged operations. For more information about authorizations and privileges, see Privileged Command Database in Security. For a list of privileges and the authorizations associated with this command, see the lssecattr command or the getcmdattr subcommand.
Files Accessed
| Files | Mode |
|---|---|
| /etc/security/user.roles | r |
| /etc/security/roles | r |
Examples
- To display the list of roles that assigned to you and their text
descriptions, use the following command:
Information similar to the following example is displayed:rolelistUserAdmin User Administrator RoleAdmin Role Administrator FSAdmin File System Administrator - To display the authorizations associated with the assigned roles,
use the following command:
Information similar to the following example is displayed:rolelist -aUserAdmin aix.security.user RoleAdmin aix.security.role FSAdmin aix.security.fs - As a privileged user, use the following command to display the
roles assigned to a specific user :
Information similar to the following example is displayed:rolelist -u user1SysInfo System Information Retrieval