authqry Command

Purpose

Queries the usage of authorizations over a time period.

Syntax

authqry { -c [-s] | -q [-F <trailListFile> ] [ -t <time_period_in_days> ] } user

Description

The authqry command queries information about the authorizations used by a user over a specified time frame.

When the –c option is specified, the user is configured for the auditing of role and authorization information. A class rbacqry is added to the /etc/security/audit/config file with events for auditing authorizations and roles. If the user is already being audited (user entry present in the configuration file), then the rbacqry class is added to the user. Otherwise the username is added to the /etc/security/audit/config with the rbacqry class parameter.

When the -s option is specified, the auditing subsystem is started / restarted.

When the –q option is specified, the audit data is queried for authorization information.

When the –t option is specified, the usage of authorizations from the date (specified through the –t option) to the current system date is queried and obtained. Without –t option, authorization usage over the period from which auditing was enabled for that user is obtained. The command displays the entire set of authorizations used during this time frame.

Note: The authqry command makes use of the auditing feature in AIX®. For the authqry command to work as expected, auditing must be turned on, audit configuration for the user must be enabled and a time frame must be specified in days.

Flags

Item Description
-c Specifies to configure the user for auditing of authorization usage.
-s Start auditing subsystem if it is turned off. Restart if already turned on.
-q Specifies to query audit data for authorization usage over a specified time period.
-F The –F option reads the names of the audit trails to obtain audit information from the trailListFile. The names of audit trail files should be one per line of text. If the –F option is not specified, the system /audit/trail file is taken by default as the file to obtain audit information from.
-t Specify the number of days from the current date to get the authorization usage.

Exit status

Item Description
0 Successful completion.
>0 An error occurred.

Security

Access Control: This command should grant execute (x) access to only the root user.

Attention RBAC users and Trusted AIX users: This command can perform privileged operations. Only privileged users can run privileged operations. For more information about authorizations and privileges, see Privileged Command Database in AIX Version 7.1 Security. For a list of privileges and the authorizations associated with this command, see the lssecattr command or the getcmdattr subcommand.

Files

Item Description
/etc/security/authorizations
/audit/trail  

Examples

To query authorizations by Bob, use the following syntax:
authqry -q Bob
To query authorizations used by Simon for the past 20 days, use the following syntax:
authqry -q -t 20 Simon