This chapter describes the privileges that system administrators can use to grant access to DTrace to particular users or processes. DTrace enables visibility into all aspects of the system including user-level functions, system calls, kernel functions, and more. It allows for powerful actions, some of which can modify a program's state. Just as it would be inappropriate to allow a user access to another user's private files, a system administrator must not grant every user full access to all the facilities that DTrace offers. By default, only the root account can use DTrace. The RBAC facility controls the use of DTrace by other accounts.