Removes a role. This command applies only to AIX® 4.2.1 and later.
rmrole [-R load_module] Name
The rmrole command removes the role identified by the Name parameter from the /etc/security/roles file. The role name must already exist.
You can use Web-based System Manager Users application or the System Management Interface Tool (SMIT) to run this command.
If the system is configured to use databases from multiple domains, the rmrole command finds the first match from the database domains in the order that it was specified by the secorder attribute of the roles stanza in the /etc/nscontrol.conf file. Meanwhile, the rmrole command removes the role entry from the domain. If any matching roles from the rest of the domains exist, they are not affected. Use the -R flag to remove a role from a specific domain.
When the system is operating in enhanced role based access control (RBAC) mode, roles removed from the role database still exist in the kernel security tables (KST) until the KST is updated with the setkst command.
| Item | Description |
|---|---|
| -R load_module | Specifies the loadable module to use for role deletion. |
| Item | Description |
|---|---|
| aix.security.role.remove | Required to run the command. |
Files Accessed:
| Mode | File |
|---|---|
| rw | /etc/security/roles |
| r | /etc/security/user.roles |
Auditing Events:
| Event | Information |
|---|---|
| ROLE_Remove | role |
Attention RBAC users and Trusted AIX users: This command can perform privileged operations. Only privileged users can run privileged operations. For more information about authorizations and privileges, see Privileged Command Database in Security. For a list of privileges and the authorizations associated with this command, see the lssecattr command or the getcmdattr subcommand.
rmrole ManageObjectsrmrole -R LDAP ManageRoles| Item | Description |
|---|---|
| /etc/security/roles | Contains the attributes of roles. |
| /etc/security/user.roles | Contains the role attribute of users. |