In Trusted Extensions, the Security Administrator role is responsible for all security attributes of a user or role. The security administrator is responsible for the following tasks:
Assigning and modifying the security attributes of a user, role, or rights profile
Creating and modifying rights profiles
Assigning rights profiles to a user or role
Assigning privileges to a user, role, or rights profile
Assigning authorizations to a user, a role, or rights profile
Removing privileges from a user, role, or rights profile
Removing authorizations from a user, role, or rights profile
Typically, the Security Administrator role creates rights profiles. However, if a profile needs capabilities that the Security Administrator role cannot grant, then the root role can create the profile.
Before creating a rights profile, the security administrator needs to analyze whether any of the commands in the new profile need privilege or authorization to be successful. The man pages for individual commands list the privileges and authorizations that might be needed.