How to see all the commands that a user can run on a host?
An administrator can get a listing for a specific user by running "pmcheck -u <user> pmlist" on the master as root.
pmcheck is a policy verification tool, and can also be used generally to test whether a command will be accepted or rejected by the policy given the specified criteria.
For example, to test whether the policy will allow user jdoe to run "/bin/su -" from host testserver, the admin could run the following on the master host:
pmcheck -u jdoe - s testserver /bin/su -