test

Trusted Solaris Installation and Configuration

Modifying a Role's Rights

When setting up a network or custom JumpStart install, some required commands may not be available to the role because they are in a path that is not assigned to the role. To add commands, programs, or scripts to the role's rights, the security administrator must modify the role's rights.

To Add a Command to a Role's Rights

  1. Log in as a user who can assume the role secadmin and assume it.

  2. In the secadmin role at ADMIN_LOW, invoke the Solaris Management Console from the Application Manager.

  3. Click the appropriate toolbox under Trusted Solaris Management Console.

    Choose this-host: Scope=Files, Policy=TSOL if you are adding a command for a locally-defined role, or are not using a name service.

    Choose name-server: Scope=name-service, Policy=TSOL if you are adding a command for a role defined on the network, such as for the admin role when setting up network install.

  4. In the Navigation pane, click Trusted Solaris Configuration, then click Users.

    Note -

    If toolbox icons display as red stop signs, the toolboxes will not load. To load them, see Step 2 in "Initialize the SMC Server".

  5. Supply a role password if prompted, then double-click Rights.

  6. In the View pane, scroll to the Custom Rolename Role and double-click.

  7. Follow the online help for assistance in setting up the Custom Rolename Role right.

    For a network installation example, use the Commands tab to add the add_install_client command from a non-standard directory, such as /export/ultra_install_tsol/Trusted_Solaris_8/Tools to the Custom Admin Role right. The command should have all privileges.

  8. Make sure that the Custom Rolename Role right is assigned to Rolename. If it is not, assign it to Rolename.

    1. Navigate to Administrative Roles.

    2. Double-click the Rolename role.

    3. Click the Rights tab.

    4. Open the rights displayed in the Granted Rights column.

      If it has already been granted, click the Cancel button. If the Custom Rolename Role right is not granted, continue.

    5. Add Custom Rolename Role to the role's Granted Rights.

    6. Click OK to save your work.

To Verify That a Command is Available to a Role

  1. Log in as a user who can assume the role whose profile has been updated.

  2. Assume the role and launch a terminal from the role's workspace.

  3. Verify that the new profile is in effect in the new terminal by using the profiles(1) command.

    For example, to verify that the setup_install_server command is included in the admin role's rights profile with all privileges, in the admin role enter the following: 


    $ profiles -l | grep setup_install_server
/export/ultra_install_tsol//Trusted_Solaris_8/Tools/setup_install_server: all
To Remove a Command from a Role's Rights

  1. In the secadmin role at ADMIN_LOW, in the Solaris Management Console use the same toolbox that you used to add the command to the rights profile, and navigate to Rights.

  2. In the View pane, select the Custom Rolename Profile.

  3. Follow the online help for how to remove the command from the profile.