Users Tools: Getting Started

The first administrator to log in to the Solaris Management Console on a specific server must first decide whether to use Role-Based Access Control (RBAC), and then set up user and group accounts, based on that decision.

RBAC is an alternative to the all-or-nothing superuser model. It provides a means for granting users just the privileges needed to perform their jobs, through roles. Each role, which is a special user account, includes all appropriate privileges, and the user names of those who are permitted to assume that role. A user who assumes a role relinquishes his or her user identity, and takes on all the privileges of that role.

For more about roles, and how to plan for them, see the System Administration Guide: Security Services, Role-Based Access Control (Overview).

Choose Whether to Use RBAC

If you are that first administrator and, as prompted in the Login dialog box, you logged in as the root user, you have two choices for how to proceed.

Work Without RBAC

If you choose not to use RBAC at all, then continue working as root to create user accounts, groups, and mailing lists. All administrators will need root access to perform their jobs.

To use RBAC to a limited extent, continue as root user and set up some roles with lesser responsibilities, or assign minor rights directly to users. The advantage is that those roles and users can do their work without access to the root password. The next section, Work With RBAC, describes how to create roles, and you can use that information as a starting point.

Work With RBAC

If you choose to work with RBAC, you will need to do the following, as root user:

Begin in the left (Navigation) pane of the Console by opening System Configuration and then Users.

Set Up Accounts

Whether you are working as root user, or have created the Primary Administrator role, proceed to set up groups, user accounts, and mailing lists.

Add Groups, User Accounts, and Mailing Lists

Choose the appropriate Users tool for each task (User Accounts, Groups, Mailing Lists). The Action Menu in each tool provides an Add menu item and you should begin there.

Follow the context-sensitive help that appears when you select the appropriate wizard or dialog box. Add groups appropriate for your organization. By setting up mailing lists now, you can add future user accounts to those lists, as recipients.

Create User Templates

Once you have set up the basic set of users, consider creating user templates. Templates make it easier to create multiple users; a named collection of user properties becomes your starting point for adding new users.

Set Up Administrative Roles

Set up additional roles, as you did for yourself, except with more limited rights. Grant rights to each role and list the users who are entitled to take on each role. When users assume a role, they relinquish the properties of their own user account and take on the properties, including the rights, of the role.