The Security Administrator role can assign audit classes to users after the user account is created. These audit classes are exceptions to the audit classes set up in the /etc/security/audit_control file on the system. See Trusted Solaris Audit Administration for more about auditing.