Rights in Oracle Solaris exist on every process. You can add rights to users and roles, and remove rights. Rights include privileges on the user's process, privileges or special IDs on a command that the user runs, and authorizations to perform a particular action. To ease the administrative burden of assigning rights, Oracle Solaris collects rights for services and administrative actions into rights profiles. Rather than assign individual rights to users and roles, you can assign a rights profile that includes all the authorizations and privileges that the administrative task requires.
Roles give a name to the administrative task that a user can perform, such as auditadm. To perform an administrative action, the user assumes an assigned role to perform the action. Roles can be required by security policy and they can simply be convenient. You can create roles or you can install the armor package which creates seven roles and their local home directories. For more information about roles, see User and Process Rights Provide an Alternative to the Superuser Model.