Clusters of Rights

The Solaris operating environment provides most of the rights needed to administer users and networks. For convenience, the individual rights are clustered into three groups: Primary Administrator, System Administrator, and Operator. These rights can be assigned to individuals, or they can be assigned to roles, which can then be assumed by users.

The three groups, and the rights each contains, are described here. (For more about rights, see Rights for Users and Roles.)

Primary Administrator

    All - Execute any command allowed as a normal user or role.

    Audit Control - Allows managing of the audit subsystem, but does not allow reading of files.

    Audit Review - Allows reading of the audit trail.

    Basic Solaris User - Provides all rights of a normal user, including the right to view applications.

    Cron Management - For managing cron table and daemon.

    Device Management - For allocating and deallocating devices, and for correcting error conditions.

    Device Security - For managing and configuring devices and volume manager.

    File System Management - For managing mounts and shares of file systems.

    File System Security - For managing the security of file systems.

    Mail Management - For configuring sendmail, modifying mailing lists, and checking mail queues.

    Maintenance and Repair - Provides commands needed to maintain or repair a system.

    Media Backup - Provides the ability to back up files.

    Media Restore - Provides the ability to restore files that were backed up.

    Name Service Management - Control name service daemon, scripts, and commands.

    Name Service Security - Manage name service properties and table data.

    Network Management - Allows management of the host and network configuration.

    Network Security - Allows management of network and host security, with authorizations for modifying trusted network databases.

    Object Access Management - Provides ability to change file ownership and permissions.

    Printer Management - For managing printer devices, daemons, and spooling.

    Process Management - For managing current processes and daemons.

    Rights Delegation - Allows delegation of the ability to assign users to roles, rights to roles, and rights to users.

    Software Installation - For adding and removing system application software.

    User Management - For managing users, groups, mailing lists.

    User Security - For creating and modifying users' passwords.

System Administrator

    All - Execute any command allowed as a normal user or role.

    Audit Review - Allows reading of the audit trail.

    Basic Solaris User - Provides all rights of a normal user, including the right to view applications.

    Cron Management - For managing cron table and daemons.

    Device Management - For allocating and deallocating devices, and for correcting error conditions.

    File System Management - For managing mounts and shares of file systems.

    Mail Management - For configuring sendmail, modifying mailing lists, and checking mail queues.

    Maintenance and Repair - Provides commands needed to maintain or repair a system.

    Media Backup - Provides the ability to back up files.

    Media Restore - Provides the ability to restore files that were backed up.

    Name Service Administration - Control name service daemon.

    Network Management - Allows management of the host and network configuration.

    Object Access Management - Provides ability to change file ownership and permissions.

    Printer Administration - For managing printer devices, daemons, and spooling.

    Process Management - For managing current processes, including cron and at jobs.

    Software Installation - For adding application software to the system.

    User Management - For managing users, groups, mailing lists.

Operator

    All - Execute any command allowed as a normal user or role.

    Basic Solaris User - Provides all rights of a normal user, including the right to view applications.

    Media Backup - Provides the ability to back up files.

    Printer Administration - For managing printer devices, except for the security aspects.