1. Oracle Solaris Management Tools (Road Map)
2. Working With the Solaris Management Console (Tasks)
Solaris Management Console (Overview)
What Is the Solaris Management Console?
Solaris Management Console Tools
Why Use the Solaris Management Console?
Organization of the Solaris Management Console
Changing the Solaris Management Console Window
Solaris Management Console Documentation
How Much Role-Based Access Control?
Becoming Superuser (root) or Assuming a Role
How to Become Superuser (root) or Assume a Role
Using the Solaris Management Tools With RBAC (Task Map)
If You Are the First to Log In to the Console
Creating the Primary Administrator Role
Starting the Solaris Management Console
How to Start the Console as Superuser or as a Role
Using the Oracle Solaris Management Tools in a Name Service Environment (Task Map)
Prerequisites for Using the Solaris Management Console in a Name Service Environment
How to Create a Toolbox for a Specific Environment
How to Add a Tool to a Toolbox
How to Start the Solaris Management Console in a Name Service Environment
Adding Tools to the Solaris Management Console
How to Add a Legacy Tool to a Toolbox
How to Install an Unbundled Tool
Troubleshooting the Solaris Management Console
How to Troubleshoot the Solaris Management Console
3. Working With the Oracle Java Web Console (Tasks)
4. Managing User Accounts and Groups (Overview)
5. Managing User Accounts and Groups (Tasks)
6. Managing Client-Server Support (Overview)
7. Managing Diskless Clients (Tasks)
8. Introduction to Shutting Down and Booting a System
9. Shutting Down and Booting a System (Overview)
10. Shutting Down a System (Tasks)
11. Modifying Oracle Solaris Boot Behavior (Tasks)
12. Booting an Oracle Solaris System (Tasks)
13. Managing the Oracle Solaris Boot Archives (Tasks)
14. Troubleshooting Booting an Oracle Solaris System (Tasks)
15. x86: GRUB Based Booting (Reference)
16. x86: Booting a System That Does Not Implement GRUB (Tasks)
17. Working With the Oracle Solaris Auto Registration regadm Command (Tasks)
18. Managing Services (Overview)
20. Managing Software (Overview)
21. Managing Software With Oracle Solaris System Administration Tools (Tasks)
22. Managing Software by Using Oracle Solaris Package Commands (Tasks)
This task map describes the tasks you will need to perform, if you want to use the RBAC security features to perform administration tasks, rather than use the superuser account.
Note - The information in this chapter describes how to use the console with RBAC. RBAC overview and task information is included to show how to initially set up RBAC with the console.
For detailed information about RBAC and how to use it with other applications, see Role-Based Access Control (Overview) in System Administration Guide: Security Services.
|
The following sections provide overview information and step-by-step instructions for using the Solaris Management Console and the RBAC security features.
If you are the first administrator to log in to the console, start the console as a user (yourself). Then, log in as superuser. This method gives you complete access to all of the console tools.
Here are the general steps to follow, depending on whether you are using RBAC:
Without RBAC – If you choose not to use RBAC, continue working as superuser. All other administrators will also need root access to perform their jobs.
With RBAC – You will need to do the following:
If you do not already have an account, set up your user account.
Create the role called Primary Administrator.
Assign the Primary Administrator right to the role that you are creating.
Assign your user account to this role.
For step-by-step instructions on creating the Primary Administrator role, see How to Create the First Role (Primary Administrator).
For an overview of how RBAC works, see Chapter 9, Using Role-Based Access Control (Tasks), in System Administration Guide: Security Services.
An administrator role is a special user account. Users who assume a role are permitted to perform a predefined set of administrative tasks.
The Primary Administrator role is permitted to perform all administrative functions, similar to superuser.
If you are superuser, or a user who is assuming the Primary Administrator role, you can define which tasks other administrators are permitted to perform. With the help of the Add Administrative Role wizard, you can create a role, grant rights to the role, and then specify which users are permitted to assume that role. A right is a named collection of commands, or authorizations, for using specific applications. A right enables you to perform specific functions within an application. The use of rights can be granted or denied by an administrator.
The following table describes the information that you are prompted for when you create the Primary Administrator role.
Table 2-2 Field Descriptions for Adding a Role by Using the Solaris Management Console
|
For detailed information about RBAC and instructions on how to use roles to create a more secure environment, see Role-Based Access Control (Overview) in System Administration Guide: Security Services.
This procedure describes how to create the Primary Administrator role and then assign it to your user account. This procedure assumes that your user account is already created.
% /usr/sadm/bin/smc &
For additional information about starting the console, see How to Start the Console as Superuser or as a Role.
The console online help provides more information about creating a user account for yourself.
The Add Administrative Role wizard opens.
If necessary, see Table 2-2 for a description of the role fields.
After you have created the Primary Administrator role, you will need to log in to the console as yourself, and then assume the Primary Administrator role. When you assume a role, you take on all of the attributes of that role, including the rights. At the same time, you relinquish all of your own user properties.
% /usr/sadm/bin/smc &
For information about starting the console, see How to Start the Console as Superuser or as a Role.
A list shows which roles you are permitted to assume.