Before you begin working with Users tools, you should decide whether to use Role-Based Access Control (RBAC).
RBAC is an alternative to the all-or-nothing superuser model. It provides a means for granting users just the privileges needed to perform their jobs, through roles. Each role, which is a special user account, includes all appropriate privileges, and the user names of those who are permitted to assume that role. A user who assumes a role relinquishes his or her user identity, and takes on all the privileges of that role.
For additional information about RBAC and the Solaris Management Console, see Rights for Users and Roles. For more about roles, and how to plan for them, see the System Administration Guide: Security Services, Role-Based Access Control (Overview).
Work Without RBAC
If you choose not to use RBAC at all, then continue working as root to create user accounts, groups, and mailing lists. All administrators will need root access to perform their jobs.
To use RBAC to a limited extent, continue as root user and set up some roles with lesser responsibilities, or assign minor rights directly to users. The advantage is that those roles and users can do their work without access to the root password. The next section, Work With RBAC, describes how to create roles, and you can use that information as a starting point.
Work With RBAC
If you choose to work with RBAC, you will need to do the following, as root user:
Begin in the left (Navigation) pane of the console by opening System Configuration and then Users.
Add Your Own User Account
(If you already have a user account on this server, proceed to "Create the Primary Administrator Role.")
Under Users, select User Accounts. Then click Action->Add User->With Wizard.
Step through the wizard to create a user account with your user name. Proceed to the next step to create the Primary Administrator role.
Create the Primary Administrator Role
Under Users, select Administrative Roles. Then click Action->Add Administrative Role.
Step through the wizard to create the Primary Administrator role, using the context help as a guide. Note the following entries:
Follow the context-sensitive help that appears when you select the appropriate wizard or dialog box. Add groups appropriate for your organization. By setting up mailing lists now, you can add future user accounts to those lists, as recipients.