JavaScript is required to for searching.
Skip Navigation Links
Exit Print View
Transitioning From Oracle Solaris 10 to Oracle Solaris 11     Oracle Solaris 11 Information Library
search filter icon
search icon

Document Information


1.  Transitioning From Oracle Solaris 10 to Oracle Solaris 11 (Overview)

2.  Transitioning to an Oracle Solaris 11 Installation Method

3.  Managing Devices

4.  Managing Storage Features

5.  Managing File Systems

6.  Managing Software

7.  Managing Network Configuration

8.  Managing System Configuration

9.  Managing Security

Security Feature Changes

Network Security Features

Removed Security Features

Roles, Rights, Privileges, and Authorizations

Viewing Your Privileges

File and File System Security Changes

aclmode Property Is Reintroduced

Encrypting ZFS File Systems

Immutable Zones

10.  Managing Oracle Solaris Releases in a Virtual Environment

11.  User Account Management and User Environment Changes

12.  Using Oracle Solaris Desktop Features

A.  Transitioning From Previous Oracle Solaris 11 Releases to Oracle Solaris 11

Roles, Rights, Privileges, and Authorizations

The following information describes how roles, rights and privileges work in Oracle Solaris 11:

Viewing Your Privileges

When a user is directly assigned privileges, in effect, the privileges are in every shell. When a user is not directly assigned privileges, then the user must open a profile shell. For example, when commands with assigned privileges are in a rights profile that is in the user's list of rights profiles, then the user must execute the command in a profile shell.

To view privileges online, see privileges(5). The privilege format that is displayed is used by developers.

$ man privileges
Standards, Environments, and Macros                 privileges(5)

     privileges - process privilege model
     The defined privileges are:


         Allow a process to request reliable delivery  of  events
         to an event endpoint.

         Allow a process to include events in the critical  event
         set  term  of  a  template  which  could be generated in
         volume by the user.

Example 9-1 Viewing Directly-Assigned Privileges

If you have been directly assigned privileges, then your basic set contains more than the default basic set. In the following example, the user always has access to the proc_clock_highres privilege.

$ /usr/bin/whoami
$ ppriv -v $$
1800:   pfksh
flags = <none>
        E: file_link_any,…,proc_clock_highres,proc_session
        I: file_link_any,…,proc_clock_highres,proc_session
        P: file_link_any,…,proc_clock_highres,proc_session
        L: cpc_cpu,dtrace_kernel,dtrace_proc,dtrace_user,…,sys_time
$ ppriv -vl proc_clock_highres
        Allows a process to use high resolution timers.