Creating a New Role
Sites may create a new administrative role to enable a users to perform a defined set of administrative tasks. While in the role, the users share the role's home directories (at different labels) and ownership of files. A site might create a new administrative role, for example, to handle auditing review.
If the new role needs capabilities that the Security Administrator role does not have to give away, the Primary Administrator role creates the new role. The procedure is described in "To Modify a Role".
Caution - If site security policy permits, root's capabilities can be extended to allow root to do NIS+ administration from a NIS+ client, although this is not recommended. See "To Enable a Role to Administer NIS+" for the procedure.
A new role may require a new profile. If the profile needs capabilities that the Security Administrator role does not have, the primary administrator role must create the profile.
Before creating the profile, the Security Administrator role should analyze whether any of the commands or actions in the new profile need privilege to be successful, as described in "To Find Out Which Privileges a Program Needs". See the man pages for individual commands for the required and override privileges a command might need.
- © 2010, Oracle Corporation and/or its affiliates