The following defines what needs to be done and can help to identify who should do this task:
The security administrator is the person who defines and plans the implementation of an organization's security policy, establishes information-protection procedures, makes sure computer users and administrators are properly trained, and monitors compliance.
The task of implementing security policy is performed by an administrator who logs in and then assumes an administrative role called the security administrator role.
The security administrator who defines the site's security policy may or may not be the same person who implements the policy while working in the security administrator role.
The security administrator role is assigned to one or more administrators who fully understand Trusted Solaris administration and who are cleared to view and to protect the highest level of information processed on the Trusted Solaris system.
The security administrator role has the tools and capabilities to put the organization's security policy into effect while configuring the system.
The components that make up labels are specified in each organization's label_encodings(4) file.
The security administrator specifies the numeric values and bits that make up the internal representation of label components.
Certain types of labels must be defined.
The labeling software translates between the internal and human-readable forms of labels, from their binary representation to the character strings assigned to them, based on the rules in the label_encodings file.
A default version of the label_encodings file is initially installed on every Trusted Solaris host.
The install team usually replaces the initially-installed label_encodings file with a version with the site's own labels. (The default version may sometimes be used in non-production environments while administrators or programmers are learning the system.)
One of the responsibilities of the security administrator role is to create the label_encodings(4) file to replace the default version.
Every computer in the system needs its own copy of the master label_encodings file. For interoperability, the label encodings file on every computer in the system should be the same, or at least should recognize each other's labels.