Skip Navigation Links | |
Exit Print View | |
Trusted Extensions Administrator's Procedures Oracle Solaris 10 1/13 Information Library |
1. Trusted Extensions Administration Concepts
2. Trusted Extensions Administration Tools
3. Getting Started as a Trusted Extensions Administrator (Tasks)
4. Security Requirements on a Trusted Extensions System (Overview)
5. Administering Security Requirements in Trusted Extensions (Tasks)
6. Users, Rights, and Roles in Trusted Extensions (Overview)
User Security Features in Trusted Extensions
Decisions to Make Before Creating Users in Trusted Extensions
Default User Security Attributes in Trusted Extensions
policy.conf File Defaults in Trusted Extensions
Configurable User Attributes in Trusted Extensions
Security Attributes That Must Be Assigned to Users
Security Attribute Assignment to Users in Trusted Extensions
.copy_files and .link_files Files
7. Managing Users, Rights, and Roles in Trusted Extensions (Tasks)
8. Remote Administration in Trusted Extensions (Tasks)
9. Trusted Extensions and LDAP (Overview)
10. Managing Zones in Trusted Extensions (Tasks)
11. Managing and Mounting Files in Trusted Extensions (Tasks)
12. Trusted Networking (Overview)
13. Managing Networks in Trusted Extensions (Tasks)
14. Multilevel Mail in Trusted Extensions (Overview)
15. Managing Labeled Printing (Tasks)
16. Devices in Trusted Extensions (Overview)
17. Managing Devices for Trusted Extensions (Tasks)
18. Trusted Extensions Auditing (Overview)
19. Software Management in Trusted Extensions (Tasks)
A. Quick Reference to Trusted Extensions Administration
The System Administrator role creates user accounts. The Security Administrator role sets up the security aspects of an account.
If you are using the Oracle Directory Server Enterprise Edition for the LDAP naming service, check that the initial setup team configured the tsol_ldap.tbx toolbox. For the procedure, see Configuring the Solaris Management Console for LDAP (Task Map) in Trusted Extensions Configuration Guide.
For details on setting up users and roles, see the following:
Setting Up User Accounts (Task Map) in Oracle Solaris Administration: Basic Administration
Part III, Roles, Rights Profiles, and Privileges, in System Administration Guide: Security Services
In Trusted Extensions, the System Administrator role is responsible for determining who can access the system. The system administrator is responsible for the following tasks:
Adding and deleting users
Adding and deleting roles
Modifying user and role configurations, other than security attributes
In Trusted Extensions, the Security Administrator role is responsible for all security attributes of a user or role. The security administrator is responsible for the following tasks:
Assigning and modifying the security attributes of a user, role, or rights profile
Creating and modifying rights profiles
Assigning rights profiles to a user or role
Assigning privileges to a user, role, or rights profile
Assigning authorizations to a user, a role, or rights profile
Removing privileges from a user, role, or rights profile
Removing authorizations from a user, role, or rights profile
Typically, the Security Administrator role creates rights profiles. However, if a profile needs capabilities that the Security Administrator role cannot grant, then superuser or the Primary Administrator role can create the profile.
Before creating a rights profile, the security administrator needs to analyze whether any of the commands or actions in the new profile need privilege or authorization to be successful. The man pages for individual commands list the privileges and authorizations that might be needed. For examples of actions that require privileges and authorizations, see the exec_attr database.