By default, only the root role can modify system file permissions. Roles and users who are assigned the solaris.admin.edit/path-to-system-file authorization can modify that system-file. Only the root role can search for all files.
Table 2-5 Protecting and Modifying Files Task Map
Configure restrictive file permissions for regular users.
Sets a more restrictive value than 022 for file permissions
for regular users.