Oracle Solaris implements role-based access control (RBAC) to control system access. To perform tasks associated with network configuration, you must be assigned at least the Network Management profile. This profile is a superset that consists of other network-related profiles such as in the following partial list:
Name Service Management for configuring name services.
Network Wifi Management for configuring WiFi.
Elastic Virtual Switch Administration for configuring the elastic virtual switch.
Network Observability for accessing observability devices.
To obtain a complete list of the profiles in the Network Management profile, type:
$ profiles -p "Network Management" info
An administrator that has the solaris.delegate.* authorization can assign the Network Management profile to users to enable them to administer the network.
For example, an administrator assigns the Network Management rights profile to user jdoe. Before jdoe executes a privileged network configuration command, jdoe must be in a profile shell. The shell can be created by issuing the pfbash command. Or, jdoe can combine pfexec with every privileged command that is issued, such as pfexec dladm.
As an alternative, instead of assigning the Network Management profile directly to individual users, a system administrator can create a role that would contain a combination of required profiles to perform a range of tasks.
Suppose that a role netadmin is created with the profiles for network configuration as well as zone creation and configuration. User jdoe can issue the su command to assume that role. All roles automatically get pfbash as the default shell.
For more information about rights profiles, see Using Your Assigned Administrative Rights in Securing Users and Processes in Oracle Solaris 11.4.