System Administration Guide: Security Services

What's New in RBAC?

Solaris 10 8/07: Starting in this release, the project.max-locked-memory and zone.max-locked-memory resource controls were introduced. If the PRIV_PROC_LOCK_MEMORY privilege is assigned to a user or non-global zone, these resource controls can be set to prevent the user or zone from locking all memory. For more discussion, see Privileges and System Resources.

Solaris 10 10/08: In this release, the solaris.admin.usermgr authorizations have been reorganized to support separation of duty, a security requirement at highly secure installations. To satisfy separation of duty, two accounts are required to create a user account. To configure the software for this requirement, see Create Rights Profiles That Enforce Separation of Duty in Oracle Solaris Trusted Extensions Configuration Guide. Also in this release, this guide describes how to change the password of a role in How to Change the Password of a Role.

Solaris 10 9/10: In this release, the net_access privilege is added to the basic set of privileges. For a description of the privilege, see the privileges(5) man page.