SystemRights

Gets or sets system rights granted to the role.

Syntax

SystemRight SystemRights {get; set;}

Property value

A byte indicating which system rights are granted.

Possible values:

public enum SystemRight  
{  
    // No system rights
       None = 0,  
    // Log in with password  
       LoginWithPassword = 1,  
    // Log in without password (single sign-on)
       LoginWithoutPassword = 2,  
    // Ignore disabled status in Active Directory and log in anyway
       IgnoreDisabled = 4,  
    // Allow using a full shell
       AllowNonRestrictedShell = 8,  
    // NoAudit
       NoAudit = 16,  
    // Audit always required
       AuditRequired = 32  
    // Multi-factor authentication required
       MfaRequired = 512,  
    // Permit login when running in emergency mode
       Rescue = 64  
    // Allow logging in from the console
       ConsoleLogon = 128  
    // Allow logging in remotely (RDP)
       RemoteLogon = 256  
    // Allow powershell remote access
       PsRemote = 1024  
}

Discussion

The Rescue system right allows the user to log in when there are problems with the authorization cache or the auditing service that are preventing all other users from logging in. For example, if auditing is required but the auditing service is not running or not available, only users with the rescue system right will be allowed to log in. The rescue system right requires the IBM Security NSS module to be running in “emergency” mode because the adclient process is not running.