The actions that a role performs can be audited. Included in the audit record is the login name of the user who assumed the role, the role name, and the action that the role performed. The 6180:AUE_prof_cmd:profile command:ua,as audit event collects the information. By preselecting the as class or the ua class, you can audit role actions.
Plan for auditing and edit the audit configuration files.
For more information, see Solaris Auditing (Task Map).
Include the ua class or the as class in the flags line of the audit_control file.
## audit_control file flags:lo,as naflags:lo plugin:name=audit_binfile.so; p_dir=/var/audit
The ua class and the as class include other audit events. To see the audit events that are included in a class, read the audit_event file. You can also use the bsmrecord command, as shown in Example 30–27.
Finish configuring the auditing service, then enable auditing.
For more information, see Configuring and Enabling the Audit Service (Tasks).