Where site security policy permits, you might want to create a rights profile that contains authorizations for users who can perform tasks that require authorization. To enable every user of a particular system to be authorized, see How to Modify policy.conf Defaults.
Before You Begin
You must be in the Security Administrator role in the global zone.
For the step-by-step procedure, see How to Create a Rights Profile in Securing Users and Processes in Oracle Solaris 11.3.
The following authorizations that might be convenient for users:
solaris.device.allocate – Authorizes a user to allocate a peripheral device, such as a microphone or CD-ROM.
By default, Oracle Solaris users can read and write to a CD-ROM. However, in Trusted Extensions, only users who can allocate a device can access the CD-ROM drive. To allocate the drive for use requires authorization. Therefore, to read and write to a CD-ROM in Trusted Extensions, a user needs the Allocate Device authorization.
solaris.label.file.downgrade – Authorizes a user to lower the security level of a file
solaris.label.file.upgrade – Authorizes a user to heighten the security level of a file.
solaris.label.win.downgrade – Authorizes a user to select information from a higher-level file and place that information in a lower-level file.
solaris.label.win.noview – Authorizes a user to move information without viewing the information that is being moved.
solaris.label.win.upgrade – Authorizes a user to select information from a lower-level file and place that information in a higher-level file.
solaris.login.remote – Authorizes a user to remotely log in.
solaris.print.nobanner - Authorizes a user to print hard copy without a banner page.
solaris.print.unlabeled – Authorizes a user to print hard copy that does not display labels.
solaris.system.shutdown – Authorizes a user to shut down the system and to shut down a zone.
For step-by-step instructions, see Assigning Rights to Users in Securing Users and Processes in Oracle Solaris 11.3.