The Logical Domains Manager package adds the following predefined rights profiles to the local rights configuration. These rights profiles delegate administrative privileges to unprivileged users:
The LDoms Management profile permits a user to use all ldm subcommands.
The LDoms Review profile permits a user to use all list-related ldm subcommands.
The LDoms Consoles profile permits a user to connect to all domain consoles.
These rights profiles can be assigned directly to users or to a role that is then assigned to users. When one of these profiles is assigned directly to a user, you must use the pfexec command or a profile shell, such as pfbash or pfksh, to successfully use the ldm command to manage your domains. Determine whether to use roles or rights profiles based on your rights configuration. See System Administration Guide: Security Services or Securing Users and Processes in Oracle Solaris 11.4.
Users, authorizations, rights profiles, and roles can be configured in the following ways:
Locally on the system by using files
Centrally in a naming service, such as LDAP
Installing the Logical Domains Manager adds the necessary rights profiles to the local files. To configure profiles and roles in a naming service, see System Administration Guide: Naming and Directory Services (DNS, NIS, and LDAP). For an overview of the authorizations and execution attributes delivered by the Logical Domains Manager package, see Logical Domains Manager Profile Contents. All of the examples in this chapter assume that the rights configuration uses local files.