To use the Trusted Solaris administration tools, you must be in a role account with the assigned rights profiles that contain the desired trusted applications. To access a role workspace, you must log in as a normal user, assume a role using the Trusted Path menu (or by clicking the role workspace button in the Front Panel if it already exists), and supply the role password. Note that the default label for a role workspace is the role's minimum label, usually ADMIN_LOW. If desired, you can switch labels by choosing Change Workspace Label from the Trusted Path menu while the pointer is over the role workspace button. To leave a role workspace temporarily, click any other workspace button. To destroy the workspace, choose Delete from the Trusted Path menu while the pointer is over the role workspace button.
Within the role workspace, you can access four types of trusted applications:
Solaris Management Console tools--The Solaris Management Console (SMC) serves as a launcher for various administration tools and is available from: (1) the Application Manager, (2) the Tools subpanel in the Front Panel, and (3) the command line by typing smc.
commands--In the Trusted Solaris environment, administrative commands and other commands intended for restricted use are assigned to rights profiles. Opening a terminal in a role workspace launches a profile shell that gives you access to all commands assigned to the account's rights profile(s). Any commands you run are at the label of the current workspace.
CDE actions--The System_Admin folder in the Application Manager provides actions for performing miscellaneous system administration tasks. Most of these actions apply a special version of the vi editor, adminvi(1M) (or the dtpad
editor if you prefer), to one of the configuration files. For security purposes, the editing actions cannot save a file to a different name, create a new file, or escape to a
shell. All actions conform with mandatory access control and the local security policy. Any actions you launch are at the label of the current workspace (unless overridden by a rights profile).
enhanced desktop tools--The Trusted Solaris operating environment provides desktop tools for administrators from the Front Panel that have capabilities not available to normal users. For example, the File Manager lets administrators set privileges and labels on executable files. Similarly, the Device Manager makes device administration capabalities available to roles. See "How the Trusted Solaris Environment Controls Device Access".