test

Trusted Solaris Administrator's Procedures

To Add an Authorization to the Environment

  1. Log in and assume the Security Administrator role and go to an ADMIN_LOW workspace.

  2. Use the Admin Editor action in the System_Admin folder in the Application Manager to open the auth_attr file for editing.

    Note -

    If you are using a name service, you need to make the changes in this procedure to the auth_attr(4) file in the location from which you populate the entries to the NIS map or NIS+ table. See the Solaris Naming Administration Guide for how to populate the name service databases with the new entries.

  3. Create a heading for the new authorizations, using the reverse-order Internet domain name of your organization followed by optional additional arbitrary components. Separate components by dots. End heading names with a dot.

    The example shows a heading constructed for a company whose Internet domain name is newco.com. The name of the company is followed by a dot (.). 


    com.newco.:::NewCo Header::help=NewCo.html

  4. Add new authorization entries.

    The example shows the authorization to grant all NewCo authorizations, followed by the authorization to grant NewCo's device authorizations, followed by a new tape device allocation authorization, followed by a new floppy device allocation authorization. 


    com.newco.grant:::Grant All NewCo Authorizations::
help=GrantNewco.html
com.newco.grant.device:::Grant NewCo Device Authorizations::
help=GrantNewcoDevice.html
com.newco.device.allocate.tape:::Allocate Tape Device::
help=TapeAllocate.html
com.newco.device.allocate.floppy:::Allocate Floppy Device::
help=FloppyAllocate.html

    Enter the authorizations one per line. The lines above are split here to fit on the page.

  5. Save and close the file.


    :wq

  6. If you are using a naming service, update the auth_attr NIS map or NIS+ table.

    See the nistbladm(1) man page and the Solaris Naming Administration Guide for how to update the auth_attr(4) map or table.

  7. Add the authorization to the database that defines which authorizations the application requires.

    For example, to assign the new device allocation authorization, you would use the Device Allocation Manager. See "To Add Site-Specific Authorizations to a Device" for the procedure.

  8. Use the Rights tool to add the new authorizations to the Custom rolename Role, and make sure the Custom rolename Role rights profile is assigned to the role.