To verify each role, assume the role. Then, perform tasks that only that role can perform and attempt tasks that the role is not permitted to perform.
Before You Begin
If you have configured DNS or routing, you must reboot after you create the roles and before you verify that the roles work.
% su - rolename
# ppriv $$ ... flags = PRIV_PFEXEC ...
In the following trusted stripe, the user name is tester.
For the authorizations that are required to change user properties, see the passwd(1) man page.
The System Administrator role should be able to create a user and modify user properties that require the solaris.user.manage authorization, such as the user's login shell. The System Administrator role should not be able to change user properties that require the solaris.account.setpolicy authorization.
The Security Administrator role should be able to change user properties that require the solaris.account.setpolicy authorization. The Security Administrator should not be able to create a user or change a user's login shell.