Go to main content

Trusted Extensions Configuration and Administration

Exit Print View

Updated: March 2019
 
 

How to Create a Rights Profile for Convenient Authorizations

Where site security policy permits, you might want to create a rights profile that contains authorizations for users who can perform tasks that require authorization. To enable every user of a particular system to be authorized, see How to Modify policy.conf Defaults.

Before You Begin

You must be in the Security Administrator role in the global zone.

  1. Create a rights profile that contains one or more of the following authorizations.

    For the step-by-step procedure, see How to Create a Rights Profile in Securing Users and Processes in Oracle Solaris 11.4.

      The following authorizations that might be convenient for users:

    • solaris.device.allocate – Authorizes a user to allocate a peripheral device, such as a microphone or CD-ROM.

      By default, Oracle Solaris users can read and write to a CD-ROM. However, in Trusted Extensions, only users who can allocate a device can access the CD-ROM drive. To allocate the drive for use requires authorization. Therefore, to read and write to a CD-ROM in Trusted Extensions, a user needs the Allocate Device authorization.

    • solaris.label.file.downgrade – Authorizes a user to lower the security level of a file

    • solaris.label.file.upgrade – Authorizes a user to heighten the security level of a file.

    • solaris.login.remote – Authorizes a user to remotely log in.

    • solaris.print.nobanner - Authorizes a user to print hard copy without a banner page.

    • solaris.print.unlabeled – Authorizes a user to print hard copy that does not display labels.

    • solaris.system.shutdown – Authorizes a user to shut down the system and to shut down a zone.

  2. Assign the rights profile to a user or a role.

    For step-by-step instructions, see Assigning Rights to Users in Securing Users and Processes in Oracle Solaris 11.4.