Use this procedure to prevent users on the console of a system from suspending the system or powering it down. This software solution is not effective if the system hardware can be unplugged by the console user.
Before You Begin
You must assume the root role. For more information, see Using Your Assigned Administrative Rights in Securing Users and Processes in Oracle Solaris 11.2 .
% profiles -p "Console User" info name=Console User desc=Manage System as the Console User auths=solaris.system.shutdown,solaris.device.cdrw, solaris.smf.manage.vbiosd,solaris.smf.value.vbiosd profiles=Suspend To RAM,Suspend To Disk,Brightness,CPU Power Management, Network Autoconf User help=RtConsUser.html
For instructions, see How to Create a Rights Profile in Securing Users and Processes in Oracle Solaris 11.2 .
If you have many users that share a rights profile, setting this value in a rights profile can be a scalable solution.
# usermod -P shared-profile username
You can also assign the profile per system in the policy.conf file.
# pfedit /etc/security/policy.conf... #PROFS_GRANTED=Basic Solaris User PROFS_GRANTED=shared-profile,Basic Solaris User
For more information, see policy.conf File in Securing Users and Processes in Oracle Solaris 11.2 and the policy.conf(4) and usermod(1M) man pages.