Caution - Be careful when using the usermod and rolemod commands to add authorizations, rights profiles, or roles.
For the Oracle Solaris 10 OS, the usermod or rolemod command replaces any existing values.
To add values instead of replacing them, specify a comma-separated list of existing values and the new values.
For the Oracle Solaris 11 OS, add values by using the plus sign (+) for each authorization you add.
For example, the usermod -A +authusername command grants the auth authorization to the username user; similarly for the rolemod command.
The advantage of using this procedure is that only a user who has been assigned a specific role can assume that role. When assuming a role, a password is required if the role has been assigned a password. These two layers of security prevent a user who has not been assigned a role from assuming that role even though he has the password.
How to Create a Role and Assign the Role to a User