Name service scope affects when assigned rights are available. The scope of a role might be limited to an individual host. Alternatively, the scope might include all hosts that are served by a naming service such as LDAP. The name service scope for a system is specified in the name switch service, svc:/system/name-service/switch. A lookup stops at the first match. For example, if a rights profile exists in two name service scopes, only the entries in the first name service scope are used. If files is the first match, then the scope of the role is limited to the local host. For information about naming services, see the nsswitch.conf (4) man page, Working With Oracle Solaris 11.2 Directory and Naming Services: DNS and NIS , and Working With Oracle Solaris 11.2 Directory and Naming Services: LDAP .