📖 ~1 min read
Table of contents
Symptom & Impact
Non-root admins get ‘Operation not permitted’ even after being assigned a role.
Environment & Reproduction
Happens after enabling Enhanced RBAC without running setkst or with stale role definitions.
Root Cause Analysis
The kernel security tables (KST) are out of sync with the role database.
Quick Triage
Run lsrole -a, lsuser -a roles username, and rolelist -u username.
Step-by-Step Diagnosis
Check authorizations with lsauth and ensure setsecattr was applied.
Solution – Primary Fix
Refresh KST with setkst and re-run swrole rolename to validate the change.
Still having issues? Our IT Solutions & Services team can diagnose and resolve this for you. Get in touch for a free consultation.
Solution – Alternative Approaches
Rebuild a custom role with mkrole then chuser roles=ROLE user.
Verification & Acceptance Criteria
The user runs privileged commands successfully and audit logs show expected authorizations.
Rollback Plan
Remove the role with chuser roles= user and disable RBAC enforcement temporarily.
Prevention & Hardening
Always run setkst after role/authorization changes and audit with lssecattr.
Related Errors & Cross-Refs
Often paired with sudo replacement and audit trail discussions.
Related tutorial: View the step-by-step tutorial for aix-7.3.
View all aix-7.3 tutorials on the Tutorials Hub →
Browse all common problems & solutions on the Tutorials Hub.
References & Further Reading
IBM AIX 7.3 RBAC administrator guide – setkst and rolelist.
Need Expert Help?
If you cannot resolve this yourself, our team offers hands-on Server Management, Managed IT Services, and flexible Support Plans. Contact us today — we respond within one business day.
