|Skip Navigation Links|
|Exit Print View|
|Oracle Solaris 11.1 Administration: Security Services Oracle Solaris 11.1 Information Library|
The RBAC features include the following:
The pfedit command enables a non-root user or role to edit specified system files. The user or role must be assigned the solaris.admin.edit/path-to-system-file authorization. This command can be used by the root role to ensure that root actions are placed in the audit record. For more information, see the pfedit(1M) man page.
Extended privilege policy enables specific privileges to be applied to specific filenames, port numbers, and user IDs. For more information, see the ppriv(1) and privileges(5) man pages. For an example of applying extended privilege policy to a port number, see How to Apply Extended Privilege Policy to a Port.
The pam_policy security attribute enables an administrator to configure PAM policy at the system, rights profile, user, and module levels. For more information, see Changes to PAM for This Release and How to Assign a Customized PAM Policy to a User.
The auths command is extended similar to the profiles command. Authorizations can be managed from the command line for the files and LDAP repositories. For more information, see How to Create an Authorization and the auths(1) man page.
A User Manager GUI is available to manage users and roles. For more information, see Chapter 3, Managing User Accounts by Using the User Manager GUI (Tasks), in Managing User Accounts and User Environments in Oracle Solaris 11.1.