authorizationdb read right-name
authorizationdb write right-name [allow|deny|rulename]
authorizationdb remove right-name
Read/Modify authorization policy database. Without a rulename write will read a dictionary as a
plist from stdin.
Examples
security> security authorizationdb read system.privilege.admin > /tmp/aewp-def
Read definition of system.privilege.admin right.
security> security authorizationdb write system.preferences < /tmp/aewp-def
Set system.preferences to definition of system.privilege.admin right.
security> security authorizationdb write system.preferences authenticate-admin
Every change to preferences requires an Admin user to authenticate.
“Even in the common affairs of life, in love, friendship, and marriage, how little security have we when we trust our happiness in the hands of others!” ~ William Hazlitt (On Living to One’s-Self)
Local man page: security-authorizedb - Command line help page on your local machine.
security - Administer Keychains, keys, certificates and the Security framework.