Site security might require that users be permitted fewer privileges than users are assigned by default. For example, at a site that uses Trusted Extensions on Sun Ray systems, you might want to prevent users from viewing other users' processes on the Sun Ray server.
You must be in the Security Administrator role in the global zone.
Open a Trusted Extensions toolbox in the Solaris Management Console.
Use a toolbox of the appropriate scope. For details, see Initialize the Solaris Management Console Server in Trusted Extensions in Oracle Solaris Trusted Extensions Configuration Guide.
Under System Configuration, navigate to User Accounts.
A password prompt might be displayed.
Type the role password.
Double–click the icon for the user.
Remove one or more of the privileges in the basic set.
Double-click the icon for the user.
Click the Rights tab.
Click the Edit button to the right of the basic set in the right_extended_attr field.
Remove proc_session or file_link_any.
By removing the proc_session privilege, you prevent the user from examining any processes outside the user's current session. By removing the file_link_any privilege, you prevent the user from making hard links to files that are not owned by the user.
Do not remove the proc_fork or the proc_exec privilege. Without these privileges, the user would not be able to use the system.
To save the changes, click OK.