Devising an Administration Strategy for Trusted Extensions

The root user or the System Administrator role is responsible for loading the packages from the Solaris Trusted Extensions installation media. You can create roles to divide administrative responsibilities among several functional areas:

• The security administrator is responsible for security-related tasks, such as setting up and assigning sensitivity labels, configuring auditing, and setting password policy.

• The system administrator is responsible for the non-security aspects of setup, maintenance, and general administration.

• The primary administrator is responsible for creating rights profile for the security administrator, and for fixing problems when the security and system administrators do not have sufficient privilege.

• More limited roles can be configured. For example, an operator could be responsible for backing up files.

As part of your administration strategy, you need to decide the following:

• Which users are handling which administration responsibilities

• Which non-administrative users are allowed to run trusted applications, meaning which users are permitted to override security policy, when necessary

• Which users have access to which groups of data