Getting Started With Users Tools

Before you begin working with Users tools, you should decide whether to use Role-Based Access Control (RBAC).

RBAC is an alternative to the all-or-nothing superuser model. It provides a means for granting users just the privileges needed to perform their jobs, through roles. Each role, which is a special user account, includes all appropriate privileges, and the user names of those who are permitted to assume that role. A user who assumes a role relinquishes his or her user identity, and takes on all the privileges of that role.

For additional information about RBAC and the Solaris Management Console, see Rights for Users and Roles. For more about roles, and how to plan for them, see the System Administration Guide: Security Services, Role-Based Access Control (Overview).

Choose Whether to Use RBAC

The first administrator to log in to the Solaris Management Console on a specific server must log in as root and then has two choices for how to proceed.

Work Without RBAC

If you choose not to use RBAC at all, then continue working as root to create user accounts, groups, and mailing lists. All administrators will need root access to perform their jobs.

To use RBAC to a limited extent, continue as root user and set up some roles with lesser responsibilities, or assign minor rights directly to users. The advantage is that those roles and users can do their work without access to the root password. The next section, Work With RBAC, describes how to create roles, and you can use that information as a starting point.

Work With RBAC

If you choose to work with RBAC, you will need to do the following, as root user:

Begin in the left (Navigation) pane of the console by opening System Configuration and then Users.

Set Up Accounts

Whether you are working as root user, or have created the Primary Administrator role, proceed to set up groups, user accounts, and mailing lists.

Add Groups, User Accounts, and Mailing Lists

Choose the appropriate Users tool for each task (User Accounts, Groups, Mailing Lists). The Action Menu in each tool provides an Add menu item and you should begin there.

Follow the context-sensitive help that appears when you select the appropriate wizard or dialog box. Add groups appropriate for your organization. By setting up mailing lists now, you can add future user accounts to those lists, as recipients.

Create User Templates

Once you have set up the basic set of users, consider creating user templates. Templates make it easier to create multiple users; a named collection of user properties becomes your starting point for adding new users.

Set Up Administrative Roles

Set up additional roles, as you did for yourself, except with more limited rights (see Users and Roles). Grant rights to each role and list the users who are entitled to take on each role. When users assume a role, they relinquish the properties of their own user account and take on the properties, including the rights, of the role.