Oracle Solaris Trusted Extensions Administrator's Procedures

ProcedureHow to Enable a User to Change the Security Level of Data

A regular user or a role can be authorized to change the security level, or labels, of files and directories. The user or role, in addition to having the authorization, must be configured to work at more than one label. And, the labeled zones must be configured to permit relabeling. For the procedure, see How to Enable Files to be Relabeled From a Labeled Zone.

Caution – Caution –

Changing the security level of data is a privileged operation. This task is for trustworthy users only.

Before You Begin

You must be in the Security Administrator role in the global zone.

  1. Follow the procedure How to Create a Rights Profile for Convenient Authorizations to create a rights profile.

    The following authorizations enable a user to relabel a file:

    • Downgrade File Label

    • Upgrade File Label

    The following authorizations enable a user to relabel information within a file:

    • Downgrade DragNDrop or CutPaste Info

    • DragNDrop or CutPaste Info Without Viewing

    • Upgrade DragNDrop or CutPaste Info

  2. Use the Solaris Management Console to assign the profile to the appropriate users and roles.

    For assistance, use the online help. For a step-by-step procedure, see How to Change the RBAC Properties of a User in System Administration Guide: Security Services.