Contact Us Contact Us

HP-UX Role-Based Access Control (RBAC)

  Software Depot
Electronic download
Frequently asked questions
Product details and specifications

HP-UX Role-Based Access Control (RBAC) is an alternative to the traditional "all-or-nothing" root user model that grants permissions to the root user for all operations, and denies permissions to non-root users for certain operations. HP-UX RBAC allows you to distribute administrative responsibilities by creating roles with appropriate authorizations and assigning them to non-root users and groups.

The following table lists the latest Web release versions of RBAC available on the HP-UX 11i v2 and 11i v3 operating systems.

Product Version Number

Operating System

Bundle Version Number

Release Date


HP-UX 11i v3


March 2016


HP-UX 11i v2


March 2007

The HP-UX RBAC main components are described briefly in the following list:

  • Privilege shells (privsh, privksh, and privcsh) that automatically invoke the access control subsystem to run commands with privileges when appropriate.
  • RBAC System Management Homepage (SMH) integration to allow the graphical management of the RBAC databases through a Web interface.
  • The privrun wrapper command that allows authorized users and groups to run existing legacy applications with varying levels of privileges without modifying the application.
  • The privedit command that allows authorized users and groups to edit files they normally would not be able to edit because of file permissions or Access Control Lists.
  • Customizable Access Control Policy Switch (ACPS) that determines whether a subject is authorized to perform an operation on an object.
  • Access Control Policy Module (ACPM) to evaluate HP-UX RBAC databases and service access control requests.
  • Management commands to edit and validate HP-UX RBAC database files.
  • Keystroke logging feature to log a user's entire terminal session, or relevant parts of a session based on user input. The keystroke logging policy can be customized to capture session logs for particular users, roles, and groups. (11i v3 only)
  • Alternate logging feature to log access control events and RBAC-invoked commands without enabling HP-UX auditing. (11i v3 only)

New in HP-UX RBAC B.

HP-UX RBAC B. contains defect fixes and enhancements for the RBAC keystroke logging feature. For a complete list of defect fixes, see the HP-UX RBAC B. Release Notes.

Features and Benefits

HP-UX RBAC offers the following features and benefits:

  • Integrates with the Fine-Grained Privileges and Compartments components of the HP-UX 11i Security Containment features.
  • Integrates with HP-UX audit system to produce a single, unified audit trail.
  • Pluggable architecture for customizing access control decisions and integrating existing access control policy information.
  • Pre-defined configuration files to facilitate quick and easy deployment.
  • Flexible re-authentication ability via PAM to allow restrictions on a per command basis.
  • Fully supported Hewlett Packard Enterprise product.

Product Documentation

Use the following documents in conjunction with each other when using HP-UX RBAC B.

  • HP-UX RBAC B. Release Notes
  • HP-UX System Administrator's Guide: Security Management

Use the following documents in conjunction with each other when using HP-UX RBAC B.11.23.04:

  • HP-UX RBAC B.11.23.04 Release Notes
  • HP-UX 11i Security Containment Administrator's Guide

These documents are located at:

Additional product information
Product #: AccessControl
Global Trade ID: -
Version: B. and B.
Software specification: HP-UX 11i v3 for HPE 9000 or Integrity Servers(AccessControl_B.
HP-UX 11i v2 Update 2 for HPE 9000 or Integrity Servers(AccessControl_B.