This section describes some typical rights profiles. Rights profiles are convenient collections of authorizations and other security attributes, commands with security attributes, and supplementary rights profiles. Oracle Solaris provides many rights profiles. If they are not sufficient for your needs, you can modify existing ones and create new ones.
Rights profiles must be assigned in order, from most to least powerful. For more information, see Order of Search for Assigned Rights.
To view the contents of the following rights profiles, see Viewing the Contents of Rights Profiles.
System Administrator rights profile – Provides access to most tasks that are not connected with security. This profile includes several other profiles to create a powerful role. Note that the All rights profile is assigned at the end of the list of supplementary rights profiles.
Operator rights profile – Provides limited rights to manage files and offline media. This profile includes supplementary rights profiles to create a simple role.
Printer Management rights profile – Provides a limited number of commands and authorizations to handle printing. This profile is one of several profiles that cover a single area of administration.
Basic Solaris User rights profile – Enables users to use the system within the bounds of security policy. This profile is listed by default in the policy.conf file. Note that the convenience that is offered by the Basic Solaris User rights profile must be balanced against site security requirements. Sites that need stricter security might prefer to remove this profile from the policy.conf file or assign the Stop rights profile. For the implementation of the Basic Solaris User rights profile, see Example 6–16.
Console User rights profile – For the workstation owner, provides access to authorizations, commands, and actions for the person who is seated at the computer.
All rights profile – For roles, provides access to commands that do not have security attributes. This profile can be appropriate for users with limited rights.
Stop rights profile – A special rights profile that stops the evaluation of further profiles. This profile prevents the evaluation of the AUTHS_GRANTED, PROFS_GRANTED, and CONSOLE_USER variables in the policy.conf file. With this profile, you can provide roles and users with a restricted profile shell.
Each rights profile has an associated help file. The help files are in HTML and are customizable. The files reside in the /usr/lib/help/profiles/locale/C directory.