This feature enforces that two or more people are required to manage users through the Solaris Management Console (SMC). Separation of duty is enforced by rule. The System Administrator role creates users, but cannot assign passwords and rights. The Security Administrator role assigns passwords and rights, but cannot create users.
Separation of Duty is an accreditation requirement for government customers. SMC now supports this feature and makes it easier to achieve security-level certification.
For more information, see Create Rights Profiles That Enforce Separation of Duty in Solaris Trusted Extensions Configuration Guide.