How to Create a Role and Assign the Role to a User

1. Become an administrator.

   For Oracle Solaris 11.4, see Chapter 1, About Using Rights to Control Users and Processes in Securing Users and Processes in Oracle Solaris 11.4.

2. Create a role.

   # roleadd -P "profile-name" role-name

3. Assign a password to the role.

   You will be prompted to specify and then verify a new password.

   # passwd role-name

4. Assign the role to a user.

   # useradd -R role-name username

5. Assign a password to the user.

   You will be prompted to specify and then verify a new password.

   # passwd username

6. Become the user and provide the password, if necessary.

   # su username

7. Verify that the user has access to the assigned role.

   $ id
   uid=nn(username) gid=nn(group-name)
   $ roles
   role-name

8. Assume the role and provide the password, if necessary.

   $ su role-name

9. Verify that the user has assumed the role.

   $ id
   uid=nn(role-name) gid=nn(group-name)

Example 2-1 Creating a Role and Assigning the Role to a User

This example shows how to create the ldm_read role, assign the role to the user_1 user, become the user_1 user, and assume the ldm_read role.

# roleadd -P "LDoms Review" ldm_read
# passwd ldm_read
New Password:
Re-enter new Password:
passwd: password successfully changed for ldm_read
# useradd -R ldm_read user_1
# passwd user_1
New Password:
Re-enter new Password:
passwd: password successfully changed for user_1
# su user_1
Password:
$ id
uid=95555(user_1) gid=10(staff)
$ roles
ldm_read
$ su ldm_read
Password:
$ id
uid=99667(ldm_read) gid=14(sysadmin)