Creating Roles and Users

The install team creates the administrative roles (other than root) to be used at the site. The team assigns each role its rights profiles. Initial rights profiles are provided on the installation CD-ROM.

Prerequisite: The name service, home directory, and mail server must be set up before you create the administrative roles secadmin, admin, and oper.

In previous releases, roles were local. In the Trusted Solaris 8 4/01 operating environment, every role except root can be distributed. The roles are created by the install team.

Create Domain-wide Roles and Users

1. Create roles and users for the domain, following the procedures in "Creating Roles and Users" within the appropriate scope.

   • The appropriate scope for NIS domains is name-server: Scope=NIS, Policy=TSOL

   • The appropriate scope for NIS+ domains is name-server: Scope=NIS+, Policy=TSOL.

Add Roles to the NIS+ Admin Group (NIS+ domains only)

1. Open the System_Admin folder in the Application Manager.

2. Double-click the Add to NIS+ Administrative Group action.

3. Add the admin role to the NIS+ admin group.

   Use your domain name with the format subdomain.domain.suffix.. For example:

   Group Name: admin Principal Name: admin.aviary.example.org.

   ---

   Note -

   Remember to type a period (.) at the end of the principal name.

   ---

4. Double-click the Add to NIS+ Administrative Group action to add the secadmin role.

   For example:

   Group Name: admin Principal Name: secadmin.aviary.example.org.

5. Double-click the Add to NIS+ Administrative Group action to add the primaryadmin role.

   For example:

   Group Name: admin Principal Name: primaryadmin.aviary.example.org.