Solaris 10 RBAC configuration is controlled through files located in the /etc/security directory. Append the following lines to the exec_attr file:
ACSSINITIAL:solaris:cmd:::<Service EM Base>/agent_home/core/<version>/root.sh:uid=0 ACSSINITIAL:solaris:cmd:::<Service EM Base>/agent_home/agent_<version>/<version>/root.sh:uid=0 ACSSINITIAL:solaris:cmd:::/opt/ipmitool/bin/ipmitool:uid=0 ACSSINITIAL:solaris:cmd:::/opt/ipmitool/sbin/ipmitool:uid=0 ACSSINITIAL:solaris:cmd:::/usr/bin/chmod:uid=0 ACSSINITIAL:solaris:cmd:::/usr/bin/chown:uid=0 ACSSINITIAL:solaris:cmd:::/usr/bin/chgrp:uid=0 ACSSINITIAL:solaris:cmd:::/usr/bin/crontab:uid=0 ACSSINITIAL:solaris:cmd:::/usr/bin/cp:uid=0 ACSSINITIAL:solaris:cmd:::/usr/bin/ex:uid=0 ACSSINITIAL:solaris:cmd:::/usr/bin/vim:uid=0 ACSSINITIAL:solaris:cmd:::/usr/bin/grep:uid=0 ACSSINITIAL:solaris:cmd:::/usr/sbin/groupadd:uid=0 ACSSINITIAL:solaris:cmd:::/usr/bin/ls:uid=0 ACSSINITIAL:solaris:cmd:::/usr/bin/mkdir:uid=0 ACSSINITIAL:solaris:cmd:::/usr/bin/rmdir:uid=0 ACSSINITIAL:solaris:cmd:::/usr/bin/passwd:uid=0 ACSSINITIAL:solaris:cmd:::/usr/sbin/svcadm:uid=0 ACSSINITIAL:solaris:cmd:::/usr/sbin/useradd:uid=0 ACSSINITIAL:solaris:cmd:::/usr/sbin/usermod:uid=0 ACSSINITIAL:solaris:cmd:::/usr/bin/tfactl:uid=0
If Oracle Enterprise Manager (OEM) agents are installed on an Exalogic, an NFS mount is configured by Oracle, and the user must also have the following command added to the profile:
ACSSINITIAL:solaris:cmd:::/sbin/mount:uid=0
Append the following line to the prof_attr file:
ACSSINITIAL:::Oracle Install Profile:
Once these entries have been added, update the user that will be used for the initial installation to allow access to the profile:
usermod -P ACSSINITIAL <user>