Go to main content

man pages section 7: Standards, Environments, Macros, Character Sets, and Miscellany

Exit Print View

Updated: Wednesday, January 24, 2018

armor (7)


armor - authorization roles managed on RBAC




ARMOR defines a number of roles and the administrative functions configured for each of those roles.


Audit Administrator

The Audit Administrator role configures the system's auditing and logging policies. This includes both per-user and system-wide attributes. The role can view the audit trail. The role can also specify polices for remote auditing and logging.


File System Administrator

The File System Administrator role creates file systems and makes them available. Operations relating to availability includes specifying mount policies, sharing policies, quotas, compression, RAID, and file system formats. The role can also archive file systems and specify archiving policies.


Software Package Administrator

The Software Package Administrator role installs, updates, and removes system software. This can include upgrading a system to a new release or reverting it to a previous release. The role can be constrained to only load software from approved repositories or media.


Security Administrator

The Security Administrator role assigns non-default rights to users and roles. The rights can include membership in groups and roles, authorizations, privileges, and clearances. The role can assign passwords for new accounts and unlock locked accounts. The role also assigns non-default security attributes to system objects. The attributes can include security labels, access control lists, ownership, and membership.


Service Administrator

The Service Administrator role enables, configures, and disables system services. The role can specify networking attributes such as IP addresses and routes, as well as firewall policies. The role can specify which services are available to local and remote clients and service configuration properties.


System Operator

The System Operator role runs system diagnostics and performs routine system maintenance. These tasks can include purging log files and print queues, shutting down systems and restarting systems, and bringing hardware online or offline.


User Administrator

The User Administrator role creates, modifies, and deletes the accounts for users defined by default security settings. The role can also create additional roles with default security settings. The role does not manage passwords. This can include the administration of non-local users.


Example 1 Displaying the Rights of an ARMOR Role.

To see the Rights Profiles of the useradm role:

profiles useradm

To see details of the authorizations and commands with security attributes of the sysop role:

profiles -l sysop
Example 2 Assigning ARMOR Roles to Users

To assign the secadm role to user alice :

usermod -R+secadm alice
Example 3 Displaying Assigned Roles

To display to roles assigned to user bob, including ARMOR roles:

roles bob
Example 4 Assuming an ARMOR Role

If a active user has the svcadm role assigned:

su - svcadm


The home directory of each of the ARMOR roles is a ZFS dataset in /export/home.


See attributes(7) for descriptions of the following attributes:

Interface Stability

See Also

profiles(1), roles(1), rbac_chkauth(3C), attributes(7), su(8), usermod(8)