In conventional UNIX systems, superuser (root) is all-powerful, with the ability to read and write to any file, run all programs, and send kill signals to any process. In the Trusted Solaris environment, root's capabilities are divided into separate role accounts that can be assigned to different individuals.
Roles are used mainly for security-related tasks. Roles:
Require separate authentication
Are assigned to sysadmin group 14
Are privileged NIS+ principals
Operate in special workspaces that can supply the trusted path attribute to those processes requiring them
Many administrative applications require all four conditions to run successfully.