How Much Role-Based Access Control?
As described in Why Use the Solaris Management Console?, a major advantage of using the Solaris management tools is the ability to use Role-Based Access Control (RBAC). RBAC provides administrators with access to just the tools and commands they need to perform their jobs.
Depending on your security needs, you can use varying degrees of RBAC.
|
RBAC Approach |
Description |
For More Information |
|---|---|---|
|
No RBAC |
Allows you to perform all tasks as superuser. You can log in as yourself. When you select a Solaris management tool, you specify root as the user and the root password. | |
|
root as a role |
Eliminates anonymous root logins and prevents users from logging in as root. This approach requires users to log in as themselves before they assume the root role. Note that you can apply this approach whether or not you are using other roles. |
How to Plan Your RBAC Implementation in System Administration Guide: Security Services |
|
Single role only |
Uses the Primary Administrator role, which is roughly equivalent to having root access only. | |
|
Suggested roles |
Uses three roles that are easily configured: Primary Administrator, System Administrator, and Operator. These roles are appropriate for organizations with administrators at different levels of responsibility whose job capabilities roughly fit the suggested roles. |
Role-Based Access Control (Overview) in System Administration Guide: Security Services |
|
Custom roles |
You can add your own roles, depending on your organization's security needs. |
Managing RBAC in System Administration Guide: Security Services and How to Plan Your RBAC Implementation in System Administration Guide: Security Services |
- © 2010, Oracle Corporation and/or its affiliates