Required Permissions

You can use root user for managing your applications, however it is recommended to use a minimum permission user. For example, a sudo user for managing your applications.

If you want to use a sudo user to perform the operations, the sudo user must be configured with the following rights and permissions.

Rights to execute the following commands with root privilege:

Copy

/bin/chmod, /usr/sbin/useradd, /usr/sbin/usermod,/usr/sbin/userdel,
/usr/sbin/groupadd, /usr/sbin/groupmod, /usr/sbin/groupdel, /usr/bin/passwd,
/usr/bin/groups, /usr/bin/date, /bin/rm -f spt_tmp_*, /bin/echo,
/bin/cat /etc/shadow, /bin/cat /etc/passwd, /bin/cat /etc/group,
/bin/cat /etc/user_attr, /usr/bin/getent, /bin/grep -i * /etc/default/login,
/bin/grep -i * /etc/security/policy.conf, /usr/bin/finger, /usr/bin/dispuid, /usr/bin/awk

An entry in the /etc/sudoers file must look similar to the following:

Copy

username ALL = (root) PASSWD: /bin/chmod, /usr/sbin/useradd, /usr/sbin/usermod,
/usr/sbin/userdel, /usr/sbin/groupadd, /usr/sbin/groupmod, /usr/sbin/groupdel,
/usr/bin/passwd, /usr/bin/groups, /usr/bin/date, /bin/rm -f spt_tmp_*,
/bin/echo, /bin/cat /etc/shadow, /bin/cat /etc/passwd, /bin/cat /etc/group,
/bin/cat /etc/user_attr, /usr/bin/getent, /bin/grep -i * /etc/default/login,
/bin/grep -i * /etc/security/policy.conf, /usr/bin/finger, /usr/bin/dispuid, /usr/bin/awk

Note

If any part of the command is modified in the source XML, then the respective changes in the /etc/sudoers file entry should also be performed. Verify command paths on the Solaris systems as they might differ from the values mentioned here.
If you want to use a sudo user to perform the provisioning operations, configure the home directory with proper write access for this sudo user. For example, if the sudo user is using the Guest home directory, then ensure it has proper write access over this directory.

Read Only permissions

If you want to use a sudo user to perform read only operations, you must configure the sudo user with the following rights and permissions.

For Account Aggregation only

Rights to execute the following commands with root privilege:

Copy

/bin/echo, /bin/cat /etc/group, /bin/grep, /bin/rm -f spt_tmp_*, /bin/cat /etc/passwd,
/bin/cat /etc/shadow, /bin/cat /etc/user_attr, /usr/bin/date,
/bin/grep -i 'RETRIES=' /etc/default/login, /bin/grep -i 'Lock_After_Retries=' /etc/security/policy.conf

An entry in the /etc/sudoers file must look similar to the following:

Copy

username ALL = (root) PASSWD: /bin/echo, /bin/cat /etc/group, /bin/grep,
/bin/rm -f spt_tmp_*, /bin/cat /etc/passwd, /bin/cat /etc/shadow,
/bin/cat /etc/user_attr, /usr/bin/date, /bin/grep -i 'RETRIES=' /etc/default/login,
/bin/grep -i 'Lock_After_Retries=' /etc/security/policy.conf

For Entitlements Aggregation only

Rights to execute the following commands with root privilege:

Copy

/bin/echo, /bin/cat /etc/group, /bin/rm -f spt_tmp_*, /bin/grep

An entry in the /etc/sudoers file must look similar to the following:

Copy

username ALL = (root) PASSWD: /bin/echo, /bin/cat /etc/group, /bin/rm -f spt_tmp_*, /bin/grep

Feedback is provided as an informational resource only and does not form part of SailPoint's official product documentation. SailPoint does not warrant or make any guarantees about the feedback (including without limitation as to its accuracy, relevance, or reliability). All feedback is subject to the terms set forth at https://developer.sailpoint.com/discuss/tos.


	You are here:

Required Permissions

Read Only permissions

For Entitlements Aggregation only

Documentation Feedback