The SMC 2.1 System Configuration/User Accounts tool enables you to assign a subset of superuser rights to individual user accounts. You can grant or deny individual rights, enable all rights, or disable all rights. When rights are granted, users have superuser access to the commands and tools associated with the set of rights that you grant.
Table 42. Available Rights
|
All | Automatically assigned to each user. It grants the right for a user or role to use any command when working in an administrator's shell such as Administrator's Korn or Administrator's C shells. The All right should always be the last right in the list. If All is first, no other rights are consulted when command attributes are looked up. |
Audit Control | Grants the right to manage the audit subsystem but not the right to read audit files. |
Audit Review | Grants the right to read the audit trail but not to manage the audit subsystem. |
Basic Solaris User | Assigned to every user who logs in to SMC. Provides read permissions to users of applications and enables users to add cron jobs to their own crontab files. The Basic Solaris User right always includes the All right. |
Cron Management | Grants the right to manage the cron table and daemon. |
Device Management | Grants the right to allocate and deallocate devices and to correct error conditions relating to those devices. |
Device Security | Grants the right to manage and configure devices and volume manager. |
DHCP Management | Grants the right to manage the DHCP service. |
File System Management | Grants the right to manage file system mounts and shares. |
File System Security | Grants the right to manage file system security attributes. |
FTP Management | Grants the right to configure the FTP server. |
iPlanet Directory Management | Grants the rights to manage iPlanet directory servers. |
Log Management | Grants the right to manage log files. |
Mail Management | Grants the right to configure sendmail, modify mailing lists, and check mail queues. |
Maintenance and Repair | Grants the right to use commands needed to maintain or repair a system. |
Media Backup | Grants the right to back up files but not the right to restore them. |
Media Restore | Grants the right to restore backed-up files but not the right to perform system backup. |
Message Queue Management | Grants the right to manage message queues. |
Name Service Management | Grants the right to control the daemons used by a nameservice. |
Name Service Security | Grants the right to manage all nameservice properties and table data. |
Network Management | Grants the right to manage the host and network configuration. |
Network Security | Grants the right to manage network and host security with authorizations for modifying trusted network databases. |
Object Access Management | Grants the right to file ownership and permissions. |
Operator | Contains Printer Management, Media Backup, and All rights. Operator rights also include Process Management, Rights Delegation, and Software Installation rights. |
Primary Administrator | Assigns all the rights of the root user and is responsible for assigning rights to users, assigning users to roles, creating new roles, and changing the rights associated with administrative roles. The Primary Administrator can designate other users as a Primary Administrator. The Primary Administrator can also grant Rights Delegation, which gives other administrators the limited ability to grant to others only rights the delegators already have or rights to roles to which the delegators are already assigned. |
Printer Management | Grants the right to manage printer devices, daemons, and spooling. |
Process Management | Grants the right to manage current processes and daemons. |
Project Management | Grants the right to perform project management. |
Rights Delegation | Grants the user or role limited ability to assign to other users or roles those rights and roles already assigned to the user with the Rights Delegation right. |
Software Installation | Grants the right to add and remove application software. |
System Administrator | Contains Audit Review, Cron Management, Device Management, File System Management, Mail Management, Maintenance and Repair, Media Backup, Media Restore, Name Service Management, Network Management, Object Access Management, Printer Management, Process Management, Software Installation, User Management, and All rights. |
User Management | Grants the right to create and modify user accounts—except for its own user account. It does not grant the right to modify user passwords. |
User Security | Grants the right to create and modify user passwords. |
