roles - print roles granted to a user


     roles [ user ...]


     The command roles prints on standard output the  roles  that
     you  or  the  optionally-specified  user  have been granted.
     Roles are special accounts that correspond to  a  functional
     responsibility  rather than to an actual person (referred to
     as a normal user).

     Each user may have zero or more roles. Roles  have  most  of
     the  attributes of normal users and are identified like nor-
     mal users in passwd(4) and shadow(4). Each role must have an
     entry in the user_attr(4) file that identifies it as a role.
     Roles can have their own authorizations  and  profiles.  See
     auths(1) and profiles(1).

     Roles are not allowed to log into  a  system  as  a  primary
     user.  Instead,  a  user  must log in as him- or herself and
     assume the role. The actions of a role are  attributable  to
     the  normal  user.  When  auditing  is  enabled, the audited
     events of the role contain the audit ID of the original user
     who assumed the role.

     A role may not assume itself or any other  role.  Roles  are
     not    hierarchical.    However,    rights   profiles   (see
     prof_attr(4)) are hierarchical and can be  used  to  achieve
     the same effect as hierarchical roles.

     Roles must have valid passwords and one of the  shells  that
     interprets  profiles:  either  pfcsh,  pfksh,  or  pfsh. See

     Role assumption may be performed using su(1M), rlogin(1), or
     some  other  service  that  supports the PAM_RUSER variable.
     Successful assumption requires knowledge of the role's pass-
     word and membership in the role. Role assignments are speci-
     fied in user_attr(4).


     Example 1: Sample output

     The output of the roles command has the following form:

     example% roles tester01 tester02
     tester01 : admin
     tester02 : secadmin, root


     The following exit values are returned:

     0     Successful completion.

     1     An error occurred.






     See attributes(5) for descriptions of the  following  attri-

    |       ATTRIBUTE TYPE        |       ATTRIBUTE VALUE       |
    | Availability                | SUNWcsu                     |


     auths(1),   pfexec(1),   profiles(1),   rlogin(1),   su(1M),
     getauusernam(3BSM),  auth_attr(4),  passwd(4), prof_attr(4),
     shadow(4), user_attr(4), attributes(5)

Man(1) output converted with man2html