|Skip Navigation Links|
|Exit Print View|
|Oracle Solaris Trusted Extensions Configuration and Administration Oracle Solaris 11 Express 11/10|
In Trusted Extensions, roles are the conventional way to administer the system. Typically, superuser is not used. Roles are created just as they are in the Oracle Solaris OS, and most tasks are performed by roles. In Trusted Extensions, the root user is not used to perform administrative tasks.
The following roles are typical of a Trusted Extensions site:
root role – Created by the initial setup team
Security Administrator role – Created during or after initial configuration by the initial setup team
System Administrator role – Created by the Security Administrator role
As in the Oracle Solaris OS, you might also create an Operator role, and so on.
As in the Oracle Solaris OS, only users who have been assigned a role can assume that role. On the trusted desktop, you can assume a role when your user name is displayed in the trusted stripe. The role choices appear when you click your user name.
To administer Trusted Extensions, you create roles that divide system and security functions. The initial setup team created the Security Administrator role during configuration. For details, see Create the Security Administrator Role in Trusted Extensions.
The process of creating a role in Trusted Extensions is identical to the Oracle Solaris OS process.
For an overview of role creation, see Chapter 10, Role-Based Access Control (Reference), in System Administration Guide: Security Services and Using RBAC (Task Map) in System Administration Guide: Security Services.
To create roles, see How to Create a Role in System Administration Guide: Security Services.
Unlike the Oracle Solaris OS, Trusted Extensions provides a Rolename menu item from the Trusted Path menu. After confirming the role password, the software activates a role workspace with the trusted path attribute. Role workspaces are administrative workspaces. Such workspaces are in the global zone.