Oracle Solaris implements role-based access control (RBAC) to control system access. To perform specific tasks and run privileged commands on the system, you must have the profiles that provide you the authorization.
The following list shows some of the profiles that need to be assigned to you to work on manifests and building and installing these images.
Install Client Management enables you to install Oracle Solaris on client systems.
Install Manifest Management enables you to create or configure manifests to customize the installation.
Install Profile Management enables you to create and configure system configuration profiles to customize the installation.
Some profiles are supersets of a combination of profiles. For example, the Install Service Management profile contains the three profiles in the previous list.
The list of required profiles expands if you perform additional tasks that might be indirectly connected to your current one, such as network configuration or zone configuration.
An administrator that has the solaris.delegate.* authorization can assign the necessary profiles to users to enable them to perform administrative tasks in Oracle Solaris.
For example, an administrator assigns the Install Service Management rights profile to user jdoe. Before jdoe executes a privileged installation command, jdoe must be in a profile shell. The shell can be created by issuing the pfbash command. Or, jdoe can combine pfexec with every privilege command that is issued, such as pfexec installadm.
As an alternative, instead of assigning profiles directly to users, a system administrator can create a role that would contain a combination of required profiles to perform a range of tasks.
Suppose that a role installadmin is created with the profiles for installation as well as for zone creation and configuration. User jdoe can issue the su command to assume that role. All roles automatically get pfbash as the default shell.
For more information about rights profiles, see Using Your Assigned Administrative Rights in Securing Users and Processes in Oracle Solaris 11.4.