> We decided to back away from trying to provide central RBAC. Our
> experience with multiple projects revealed that there is no one size fits all
> solution regarding
> RBAC. But we were talking about geral Role
> base access control model not specific RBAC as Solaris implemented it. The
> Solaris RBAC is similar
> to sudo and HBAC combined together. Both features are managed by IPA. We also
> have SELinux policies
> on Linux that can constrain the root access. The user SELinux roles
> management is on the roadmap
> but HBAC + SUDO should give you the equivalent if not more functionality than
> Solaris RBAC.
It's a false statement that Solaris RBAC is like sudo and HBAC combined. There
so much more
options in the Solaris RBAC when it comes to such as limiting/granting
cpu/memory resources, OS
privileges, based on a group, a project, a user, a service, etc.
Besides, RBAC comes with Solaris, sudo need to be installed.
And as I understand it, SSSD is required to installed on Solaris to implement
the HBAC rules from
Freeipa-users mailing list