When configuring the Trusted Solaris environment on every system, the Security Administrator role sets device policy. After the system is up and running, the System Administrator role uses the Device Allocation Manager to add and configure devices, and to revoke an allocation, reclaim an allocated device from an allocate error state, or delete a device.
At system configuration, the Security Administrator needs to make the following decisions:
Decide whether the default label range settings on nonallocatable devices are consistent with the site's security policy.
Decide whether the default settings for the allocatable devices are consistent with the site's security policy.
Decide whether to make additional devices allocatable.
Decide which users, if any, should be allowed to allocate devices.
Decide whether to use the default Allocate Device authorization or to create and require other authorizations for device allocation.
Decide whether to require separate conditions for a device to be allocated locally from the trusted path and for a device to be allocated without the trusted path either remotely or from a script. See the example of adding new device allocation authorizations in "To Add an Authorization to the Environment".