When a user is directly assigned privileges, in effect, the privileges are in every shell. When a user is not directly assigned privileges, then the user must open a profile shell. For example, when commands with assigned privileges are in a rights profile that is in the user's list of rights profiles, then the user must execute the command in a profile shell.
To view privileges online, see privileges(5). The privilege format that is displayed is used by developers.
$ man privileges Standards, Environments, and Macros privileges(5) NAME privileges - process privilege model ... The defined privileges are: PRIV_CONTRACT_EVENT Allow a process to request reliable delivery of events to an event endpoint. Allow a process to include events in the critical event set term of a template which could be generated in volume by the user. ...Example 9-2 Viewing Directly-Assigned Privileges
If you have been directly assigned privileges, then your basic set contains more than the default basic set. In the following example, the user always has access to the proc_clock_highres privilege.
$ /usr/bin/whoami jdoe $ ppriv -v $$ 1800: pfksh flags = <none> E: file_link_any,…,proc_clock_highres,proc_session I: file_link_any,…,proc_clock_highres,proc_session P: file_link_any,…,proc_clock_highres,proc_session L: cpc_cpu,dtrace_kernel,dtrace_proc,dtrace_user,…,sys_time $ ppriv -vl proc_clock_highres Allows a process to use high resolution timers.
To view authorizations, use the auths command:
$ auths list
The output of this command produces a more readable summary (one per line) of the authorizations that are assigned to a user. Starting with Oracle Solaris 11.1, several new options have been added to the auths command. For example, the check option is useful for scripting. Other new options provide the ability to add, modify, and remove authorizations to and from files or LDAP. See auths(1).