On a system that is running Oracle Solaris software without Trusted Extensions, roles are optional. On a system that is configured with Trusted Extensions, several roles other than root administer the system. Typically, the System Administrator role and the Security Administrator role perform most administrative functions. In some cases, the root role can administer after initial setup. On a desktop system, the workspace changes to a role workspace when a user assumes a role.
The programs that are available to a role in Trusted Extensions have a special property, the trusted path attribute. This attribute indicates that the program is part of the TCB. The trusted path attribute is available when a program is launched from the global zone.
As in Oracle Solaris, rights profiles are the basis of a role's capabilities. For information about rights profiles and roles, see Chapter 1, About Using Rights to Control Users and Processes, in Securing Users and Processes in Oracle Solaris 11.2 .