Role-based access control (RBAC), a feature of Oracle Solaris, is designed to distribute the capabilities of superuser to administrative roles. Superuser, the root user, has access to every resource in the system. With RBAC, you can replace many of root's responsibilities with a set of roles with discrete powers. For example, you can set up one role to handle user account creation and another role to handle system file modification. Although you might not modify the root account, you can leave the account as a role, then not assign the role. This strategy effectively removes root access to the system.
Each role requires that a known user log in with her or his user name and password. After logging in, the user then assumes the role with a specific role password. For more information about RBAC, see User Rights Management in Securing Users and Processes in Oracle Solaris 11.2 .