To Create a Rights Profile

1. Assume the Security Administrator role and go to an ADMIN_LOW workspace.

2. Create a help file for the new rights profile.

   Use the procedure "To Create a Help File for a Rights Profile".

3. Bring up the SMC in the desired scope and click the Users tool. Supply a password when prompted.

4. Double-click the Rights tool.

5. To create a rights profile, select Add Right from the Action menu.

   Use the online help when creating the new right.

6. Name the profile Custom rolename Role, and describe it.

   For example, for a role whose username is auditadmin, you would create an empty Custom Auditadmin Role profile. In the profile's description you would enter:

   Modify this rights profile to customize the Audit Administrator role

7. Select the action or command to add to the right.

   See the Trusted Solaris man pages for individual commands for the security attributes needed by the command or any of its options to succeed. For example, if the command requires privilege to accomplish a task, adding the privilege to the command enables it to execute with the specified inherited privileges when a user or role has been assigned this rights profile.

8. Click the Set Security Attributes button to enter the information requested in the help for the Ownership and Extended Attributes areas.

   For example, by adding the name of an installation program to a rights profile, assigning to the program a real UID of 0, and then assigning the profile to a role, the Security Administrator can enable an installation program to succeed when run by a role that has another UID, such as the System Administrator role.

9. Add authorizations if needed.

   A rights profile can contain commands only, actions only, authorizations only, or a combination of commands, actions, and authorizations.

10. Click OK to save the new rights profile.