How to Authorize Users to Allocate a Device

1. Assume the Primary Administrator role, or become superuser.

   The Primary Administrator role includes the Primary Administrator profile. To create the role and assign the role to a user, see Chapter 2, Working With the Solaris Management Console (Tasks), in System Administration Guide: Basic Administration.

2. Create a rights profile that contains the appropriate authorization and commands.

   Typically, you would create a rights profile that includes the solaris.device.allocate authorization. Follow the instructions in How to Create or Change a Rights Profile. Give the rights profile appropriate properties, such as the following:

   • Rights profile name: Device Allocation

   • Granted authorizations: solaris.device.allocate

   • Commands with security attributes: mount with the sys_mount privilege, and umount with the sys_mount privilege

3. Create a role for the rights profile.

   Follow the instructions in How to Create and Assign a Role by Using the GUI. Use the following role properties as a guide:

   • Role name: devicealloc

   • Role full name: Device Allocator

   • Role description: Allocates and mounts allocated devices

   • Rights profile: Device Allocation

     This rights profile must be at the top of the list of profiles that are included in the role.

4. Assign the role to every user who is permitted to allocate a device.

5. Teach the users how to use device allocation.

   For examples of allocating removable media, see How to Allocate a Device.

   Because the Volume Management daemon (vold) is not running, removable media are not automatically mounted. For examples of mounting a device that has been allocated, see How to Mount an Allocated Device.