Oracle Solaris provides two rights profiles to handle compliance assessment and report generation.
The Compliance Assessor rights profile enables users to perform assessments, place them in the assessment store, generate reports, and delete assessments from the store.
The Compliance Reporter rights profile enables users to generate new reports from existing assessments.
Compliance subcommands require the following rights:
compliance assess command – Requires all privileges and the solaris.compliance.assess authorization. The Compliance Assessor rights profile provides these rights.
compliance delete command – Requires write access to the assessment store and the solaris.compliance.assess authorization. The Compliance Assessor rights profile provides these rights.
compliance list command – Can be run by anyone who has basic rights. This command provides full visibility to both benchmarks and assessments.
compliance report command – Can be run by anyone, but the range of functionality varies according the user's rights. Users who are assigned either the Compliance Assessor or Compliance Reporter profile can generate new reports in the assessment store. All users can view existing reports, but users with only basic rights cannot generate reports.