Oracle Solaris provides rights profiles for configuring the audit service, for enabling and disabling the service, and for analyzing the audit trail. You must have the privileges of root to edit an audit configuration file.
Audit Configuration – Enables an administrator to configure the parameters of the audit service and to run the auditconfig command.
Audit Control – Enables an administrator to start, refresh, and disable the audit service and to run the audit command to start, refresh, or stop the service.
Audit Review – Enables an administrator to analyze audit records. This rights profile grants authorization to read audit records with the praudit and auditreduce commands. This administrator can also run the auditstat command.
System Administrator – Includes the Audit Review rights profile. An administrator with the System Administrator rights profile can analyze audit records.
To configure roles to handle the audit service, see Creating a Role in Securing Users and Processes in Oracle Solaris 11.4.