Chapter 6. Administering Rights and Roles

Starting with the Solaris 8 Operating Environment, role-based access control (RBAC) provides a flexible way to package certain superuser privileges for assignment to user accounts. You no longer need to give users all superuser privileges to enable them to perform a set of tasks that require superuser privileges.

With traditional security models, superuser has full superuser privileges and other users do not have enough power to fix their own problems. With role-based access control (RBAC), you now have an alternative to the traditional all-or-nothing security model.

With RBAC, you can divide superuser capabilities into several packages and assign them separately to individuals sharing administrative responsibilities. When you separate superuser privileges with RBAC, users can have a variable degree of access, and you can control delegation of privileged operations to other users.

RBAC includes the following features.

• Right— A right used to grant access to a restricted function.

• Role— A special type of user account that can be used to perform a set of administrative tasks.