The root role is mainly responsible for installing the Trusted Solaris 8 CD-ROM. After the initial Trusted Solaris installation, the root role is mostly not useful. In place of root or superuser, the Trusted Solaris environment suggests creating three or four administrative roles for managing the environment:
The security administrator is responsible for security-related tasks, such as setting up and assigning sensitivity labels, configuring auditing, and setting password policy.
The system administrator is responsible for the non-security aspects of setup, maintenance, and general administration.
The primary administrator is responsible for creating rights profile for the security administrator, and for fixing things when the security and system administrators do not have the power.
A less trusted role called "oper" for operator is responsible for backing up files.
As part of your administration strategy, you need to decide:
Which users will be handling which administration responsibilities.
Which non-administrative users will be allowed to run trusted applications, that is, will be permitted to override security policy when necessary.
Which users will have access to which groups of data.