'\" te
.\" Copyright (c) 2001, 2011, Oracle and/or its affiliates. All rights reserved.
.TH roles 1 "5 Jul 2011" "SunOS 5.11" "User Commands"
.SH NAME
roles \- print roles granted to a user
.SH SYNOPSIS
.LP
.nf
\fBroles\fR [ \fIuser\fR ]...
.fi

.SH DESCRIPTION
.sp
.LP
The command \fBroles\fR prints on standard output the roles that you or the optionally-specified user have been granted. Roles are special accounts that correspond to a functional responsibility rather than to an actual person (referred to as a normal user).
.sp
.LP
Each user may have zero or more roles. Roles have most of the attributes of normal users and are identified like normal users in \fBpasswd\fR(4) and \fBshadow\fR(4). Each role must have an entry in the \fBuser_attr\fR(4) file that identifies it as a role. Roles can have their own authorizations and profiles. See \fBauths\fR(1) and \fBprofiles\fR(1).
.sp
.LP
Roles are not allowed to log into a system as a primary user. Instead, a user must log in as him\(em or herself and assume the role. The actions of a role are attributable to the normal user. When auditing is enabled, the audited events of the role contain the audit \fBID\fR of the original user who assumed the role.
.sp
.LP
A role may not assume itself or any other role. Roles are not hierarchical. However, rights profiles (see \fBprof_attr\fR(4)) are hierarchical and can be used to achieve the same effect as hierarchical roles.
.sp
.LP
Role assumption can be performed using \fBsu\fR(1M), \fBssh\fR(1), or some  other  service  that  supports the \fBPAM_AUSER\fR variable. Successful assumption requires both role authentication and membership. Role authentication can require either the user's password or the role's password, depending on the setting of the \fBroleauth\fR property in the role's \fBuser_attr\fR(4)entry. By default, the role's password is required. Roles are typically assigned a profile shell. By convention, a profile shell is specified by preceding the standard shell's name with \fBpf\fR, for example, \fBpfbash\fR. Role assignments are specified in \fBuser_attr\fR(4).
.SH EXAMPLES
.LP
\fBExample 1 \fRSample Output
.sp
.LP
The output of the \fBroles\fR command has the following form:

.sp
.in +2
.nf
example% \fBroles tester01 tester02\fRtester01 : admin
tester02 : secadmin, root
example%
.fi
.in -2
.sp

.SH EXIT STATUS
.sp
.LP
The following exit values are returned:
.sp
.ne 2
.mk
.na
\fB\fB0\fR\fR
.ad
.RS 5n
.rt  
Successful completion.
.RE

.sp
.ne 2
.mk
.na
\fB\fB1\fR\fR
.ad
.RS 5n
.rt  
An error occurred.
.RE

.SH FILES
.sp
.LP
\fB/etc/user_attr\fR
.sp
.LP
\fB/etc/security/auth_attr\fR
.sp
.LP
\fB/etc/security/prof_attr\fR
.SH ATTRIBUTES
.sp
.LP
See \fBattributes\fR(5) for descriptions of the following attributes:
.sp

.sp
.TS
tab() box;
cw(2.75i) |cw(2.75i) 
lw(2.75i) |lw(2.75i) 
.
ATTRIBUTE TYPEATTRIBUTE VALUE
_
Availabilitysystem/core-os
.TE

.SH SEE ALSO
.sp
.LP
\fBauths\fR(1), \fBpfexec\fR(1), \fBprofiles\fR(1), \fBrlogin\fR(1), \fBssh\fR(1), \fBsu\fR(1M), \fBauth_attr\fR(4), \fBpasswd\fR(4), \fBprof_attr\fR(4), \fBshadow\fR(4), \fBuser_attr\fR(4), \fBattributes\fR(5)