Security Considerations

The Oracle Solaris Account Manager BUI and the useradm application have the same security policy. Neither application requires any special privileges. The authorizations associated with the account that is used for the RAD connection determines the attributes that can be viewed or modified. A user account with the User Security rights profile can assign any of its user attributes (roles, profiles, labels, privileges, and authorizations) to other users. An account with all authorizations such as the root role can create new accounts and assign any attribute to them.

In order to assign user attributes which are not currently assigned to you, the corresponding solaris.*.assign authorization needs to be added to your user attributes. For example, to assign additional profiles to a user, the user who invokes the useradm application must have the solaris.profile.assign authorization. For more information, see User Rights Management in Securing Users and Processes in Oracle Solaris 11.4.