JavaScript is required to for searching.
Skip Navigation Links
Exit Print View
Getting Started With Oracle Solaris 11 Express     Oracle Solaris 11 Express 11/10
search filter icon
search icon

Document Information

1.  Exploring Oracle Solaris 11 Express

2.  Preparing to Install Oracle Solaris 11 Express

3.  Installing Oracle Solaris 11 Express

4.  Verifying and Finalizing Your Installed System

5.  Understanding Users and Roles

User Accounts, Roles, and Rights Profiles

How User Accounts Are Set Up

Assigning Roles to User Accounts

Related Information

6.  Managing System Services

7.  Setting Up Your Application Development Environment

8.  Keeping Your System Up-To-Date

A.  Managing the GRUB Menu in the Oracle Solaris Release

B.  Troubleshooting the Oracle Solaris 11 Express Release


User Accounts, Roles, and Rights Profiles

The assignment of user accounts, roles, and rights profiles in Oracle Solaris conforms to Role-Based Access Control (RBAC) specifications. RBAC provides a more secure alternative to the all-or-nothing superuser model.

RBAC implements the security principle of least privilege. Least privilege means that a user has only those capabilities that are necessary to perform a specific job. Capabilities that are beyond regular user capabilities are grouped together into rights profiles. These profiles are assigned to special user accounts, called roles. A user assumes a role to perform a job that requires some of superuser's capabilities.

In the default Oracle Solaris system configuration, the user account that is created during installation is assigned the root role if you used the text installation method. If you did not create a user account during the installation, root is set up as an account. See How User Accounts Are Set Up.

To better understand the purpose and function of user accounts, roles, and rights profiles, review the following information:

Oracle Solaris provides predefined rights profiles. These profiles, listed in the /etc/security/prof_attr, can be assigned by the root role to any account. The root role is assigned all privileges and all authorizations, so can perform all tasks, just as root can when root is a user.

To perform administrative functions, you open a terminal and switch the user to root. In that terminal, you can then perform all administrative functions.

$ su - root
Password: Type root password

When you exit the shell, root capabilities are no longer in effect.