In Trusted Extensions, roles are the conventional way to administer the system. Superuser is the root role, and is required for few tasks, such as setting audit flags, changing an account's password, and editing system files. Roles are created just as they are in Oracle Solaris.
The following roles are typical of a Trusted Extensions site:
root role – Created at Oracle Solaris installation
Security Administrator role – Created during or after initial configuration by the initial setup team
System Administrator role – Created during or after initial configuration by the initial setup team
To administer Trusted Extensions, you create roles that divide system and security functions.
The process of creating a role in Trusted Extensions is identical to the Oracle Solaris process. By default, roles are assigned the administrative label range of ADMIN_HIGH to ADMIN_LOW.
For an overview of role creation, see Assigning Rights to Users in Securing Users and Processes in Oracle Solaris 11.2 .
To create roles, see Creating Roles and Users in Trusted Extensions.
On the trusted desktop, you can assume an assigned role by clicking your user name in the trusted stripe for the role choices. After confirming the role password, the current workspace is changed into a role workspace. A role workspace is in the global zone and has the trusted path attribute. Role workspaces are administrative workspaces.