1. Securing Systems and Attached Devices in Oracle Solaris 11.4
  2. Controlling Access to Devices
  3. Managing Device Allocation
  4. Authorizing Users to Allocate a Device
  5. How to Authorize Users to Allocate a Device

How to Authorize Users to Allocate a Device

You must become an administrator who is assigned the User Security rights profile. Your rights profiles must include the solaris.auth.delegate authorization. For more information, see Using Your Assigned Administrative Rights in Securing Users and Processes in Oracle Solaris 11.4.

  1. Create a rights profile that contains the appropriate authorization and commands.

    Typically, you would create a rights profile that includes the solaris.device.allocate authorization. Follow the instructions in How to Create a Rights Profile in Securing Users and Processes in Oracle Solaris 11.4. Give the rights profile appropriate properties, such as the following:

    • Rights profile name: Device Allocation

    • Granted authorizations: solaris.device.allocate

    • Commands with privileges: mount with the sys_mount privilege, and umount with the sys_mount privilege

  2. (Optional) Create a role for the rights profile.

    Follow the instructions in Assigning Rights to Users in Securing Users and Processes in Oracle Solaris 11.4. Use the following role properties as a guide:

    • Role name: devicealloc

    • Role full name: Device Allocator

    • Role description: Allocates and mounts allocated devices

    • Rights profile: Device Allocation

      This rights profile must be the first in the list of profiles that are included in the role.

  3. Assign the rights profile to authorized users or authorized roles.

Additional Action: Teach the users how to use device allocation.

For examples of allocating removable media, see How to Allocate a Device.