The dtrace_kernel privilege permits the use of every provider except for the use of the pid and fasttrap providers on processes that are not owned by the user. This privilege also permits the use of all actions and variables except for kernel destructive actions, such as breakpoint, panic, and chill. This privilege permits complete visibility into kernel and user state. The facilities enabled by the dtrace_user privilege are a strict subset of those enabled by dtrace_kernel.
For the dtrace_kernel privilege, you can use the following actions and variables:
Providers – all, except the previously specified restrictions
Actions – all, except the previously specified destructive actions
Variables – All
Address Spaces – User