Adding or modifying a role account in the SMC is similar to adding or modifying a user, with the following exceptions.
The Security Administrator role - Creates roles. There is no Wizard or Template for adding a role.
Administrative Roles - The Security Administrator role uses the SMC Administrative Roles icon to create roles.
Role Mailing List - By default, a role mailing list is created.
Login Shell - A role must have a profile shell for its login shell. In the SMC GUI, a profile shell is called an "Administrator's Shell". While working in a profile shell, the role can execute only those commands that are in its set of rights profiles. See the pfexec(1) man page for descriptions of the profile shells.
Group - Each role becomes a member of the sysadmin group 14 by default.
Rights - Except for the root role, which is shipped with a set of rights already assigned, each of the recommended roles has a predefined rights profile. Creating the roles by assigning the appropriate rights profiles is described in "Creating Roles and Users" in Trusted Solaris Installation and Configuration.
Label View - By default, the label view is Internal, not External. Roles do not use the /etc/security/policy.conf file for default values.