Caution - Be careful when using the usermod and rolemod commands to add authorizations, rights profiles, or roles.
For the Oracle Solaris 11 OS, add values by using the plus sign (+) for each authorization you add.
For example, the usermod -A +authusername command grants the auth authorization to the username user; similarly for the rolemod command.
For the Oracle Solaris 10 OS, the usermod or rolemod command replaces any existing values.
To add values instead of replacing them, specify a comma-separated list of existing values and the new values.
The advantage of using this procedure is that only a user who has been assigned a specific role can assume that role. When assuming a role, a password is required if the role has been assigned a password. These two layers of security prevent a user who has not been assigned a role from assuming that role even though he has the password.
How to Create a Role and Assign the Role to a User