The SMC 2.1 System Configuration/User Accounts tool enables you to assign a subset of superuser rights to individual user accounts. You can grant or deny individual rights, enable all rights, or disable all rights. When rights are granted, users have superuser access to the commands and tools associated with the set of rights that you grant.
Table 42. Available Rights
Automatically assigned to each user. It grants the right for a user or role to use any command when working in an administrator's shell such as Administrator's Korn or Administrator's C shells. The All right should always be the last right in the list. If All is first, no other rights are consulted when command attributes are looked up.
Grants the right to manage the audit subsystem but not the right to read audit files.
Grants the right to read the audit trail but not to manage the audit subsystem.
Basic Solaris User
Assigned to every user who logs in to SMC. Provides read permissions to users of applications and enables users to add cron jobs to their own crontab files. The Basic Solaris User right always includes the All right.
Grants the right to manage the cron table and daemon.
Grants the right to allocate and deallocate devices and to correct error conditions relating to those devices.
Grants the right to manage and configure devices and volume manager.
Grants the right to manage the DHCP service.
File System Management
Grants the right to manage file system mounts and shares.
File System Security
Grants the right to manage file system security attributes.
Grants the right to configure the FTP server.
iPlanet Directory Management
Grants the rights to manage iPlanet directory servers.
Grants the right to manage log files.
Grants the right to configure sendmail, modify mailing lists, and check mail queues.
Maintenance and Repair
Grants the right to use commands needed to maintain or repair a system.
Grants the right to back up files but not the right to restore them.
Grants the right to restore backed-up files but not the right to perform system backup.
Message Queue Management
Grants the right to manage message queues.
Name Service Management
Grants the right to control the daemons used by a nameservice.
Name Service Security
Grants the right to manage all nameservice properties and table data.
Grants the right to manage the host and network configuration.
Grants the right to manage network and host security with authorizations for modifying trusted network databases.
Object Access Management
Grants the right to file ownership and permissions.
Contains Printer Management, Media Backup, and All rights. Operator rights also include Process Management, Rights Delegation, and Software Installation rights.
Assigns all the rights of the root user and is responsible for assigning rights to users, assigning users to roles, creating new roles, and changing the rights associated with administrative roles. The Primary Administrator can designate other users as a Primary Administrator. The Primary Administrator can also grant Rights Delegation, which gives other administrators the limited ability to grant to others only rights the delegators already have or rights to roles to which the delegators are already assigned.
Grants the right to manage printer devices, daemons, and spooling.
Grants the right to manage current processes and daemons.
Grants the right to perform project management.
Grants the user or role limited ability to assign to other users or roles those rights and roles already assigned to the user with the Rights Delegation right.
Grants the right to add and remove application software.
Contains Audit Review, Cron Management, Device Management, File System Management, Mail Management, Maintenance and Repair, Media Backup, Media Restore, Name Service Management, Network Management, Object Access Management, Printer Management, Process Management, Software Installation, User Management, and All rights.
Grants the right to create and modify user accounts—except for its own user account. It does not grant the right to modify user passwords.
Grants the right to create and modify user passwords.