Administrative Roles Review

By default, Trusted Solaris administrative tasks are divided between two major administrative roles: the security administrator role and the administrator role. The roles do not have direct logins. A user first logs in with her own user name, authenticates herself by providing a password, sets a session clearance (if allowed to work at more than one label), and begins work in a normal user workspace; all processes started by the account have the account's UID. Users who are able to assume an administrative role see an Assume Role option on the Trusted Path menu. Before doing administrative tasks, the user must take another step and select the option from the Trusted Path menu to assume an administrative role. The user has to re-authenticate herself with the role password.

Once the role is assumed, an administrative workspace is then created with a number of unique attributes. The normal user can only work at labels within the user's clearance and cannot have a clearance or minimum sensitivity label outside of the user accreditation range (unless that user has the use all defined labels authorization). The default roles can work at any valid label in the system including the two administrative labels, ADMIN_LOW and ADMIN_HIGH. In the default configuration, the ADMIN_LOW sensitivity label is assigned to an administrative role's initial workspace and to the three additional workspaces that are created and made available in the workspace switch area of the front panel. After the initial assumption of the role, the role can start new role workspaces and label them with any valid sensitivity label in that role`s account accreditation range. An application can be launched with the trusted path process attribute only in administrative role workspace.

In the Trusted Solaris environment, the security administrator and administrator roles work together to install and configure hosts and set up users. The security administrator role oversees the installation to ensure that decisions related to the site's security policy are enforced correctly, specifies label ranges and views for each account, and provides the organization's label_encodings(4) file.

Decision to Make for the Install Team to Follow

Decide whether your site's security policy requires a single sensitivity label or multiple labels

Decide whether or not your site's security policy requires that the names of upgraded files and directories be hidden