Skip Navigation Links | |
Exit Print View | |
System Administration Guide: Security Services Oracle Solaris 11 Express 11/10 |
1. Security Services (Overview)
Part II System, File, and Device Security
2. Managing Machine Security (Overview)
3. Controlling Access to Systems (Tasks)
4. Virus Scanning Service (Tasks)
5. Controlling Access to Devices (Tasks)
6. Using the Basic Audit Reporting Tool (Tasks)
7. Controlling Access to Files (Tasks)
Part III Roles, Rights Profiles, and Privileges
8. Using Roles and Privileges (Overview)
9. Using Role-Based Access Control (Tasks)
10. Role-Based Access Control (Reference)
System Administrator Rights Profile
Printer Management Rights Profile
Basic Solaris User Rights Profile
Viewing the Contents of Rights Profiles
Authorization Naming and Delegation
Authorization Naming Conventions
Example of Authorization Granularity
Delegation Authority in Authorizations
RBAC Databases and the Naming Services
Commands That Require Authorizations
Part IV Oracle Solaris Cryptographic Services
13. Oracle Solaris Cryptographic Framework (Overview)
14. Oracle Solaris Cryptographic Framework (Tasks)
15. Oracle Solaris Key Management Framework
Part V Authentication Services and Secure Communication
16. Using Authentication Services (Tasks)
19. Using Solaris Secure Shell (Tasks)
20. Solaris Secure Shell (Reference)
21. Introduction to the Kerberos Service
22. Planning for the Kerberos Service
23. Configuring the Kerberos Service (Tasks)
24. Kerberos Error Messages and Troubleshooting
25. Administering Kerberos Principals and Policies (Tasks)
26. Using Kerberos Applications (Tasks)
27. The Kerberos Service (Reference)
Part VII Oracle Solaris Auditing
28. Oracle Solaris Auditing (Overview)
29. Planning for Oracle Solaris Auditing
30. Managing Oracle Solaris Auditing (Tasks)
A user or role can be assigned security attributes directly or through a rights profile. The order of search affects which security attribute value is used. The value of the first found instance of the attribute is used.
Note - The order of authorizations is not important. Authorizations are cumulative.
When a user logs in, security attributes are assigned in the following search order:
user_attr attribute=value pairs. For a list, see user_attr Database.
profiles= value in user_attr database. The profile names in the user's entry in the user_attr
database are searched in order. The order is first profile in the list, then its list of rights profiles, second profile in the list, then its list of profiles, and so on. The first instance of a value is the one used, except for profiles and auths. For a list of attributes in rights profiles, see prof_attr Database.
If the Stop profile is assigned, the evaluation of security attributes stops. No attributes are assigned after the Stop profile is assigned. For a description, see Stop Rights Profile.
Console User rights profile value. For a description, see Console User Rights Profile.
PROFS_GRANTED value in the policy.conf file.