Setting Up User Access
You have the following options for controlling a user's access:
- Assign RBAC profiles to users. A profile is a set of authorizations for a typical activity.
- Assign authorizations to users. This controls access with precision.
- Assign a combination of profiles and authorizations. Use profiles for common activities and assign specific authorizations to specific users as required. See About User Access for descriptions of each profile and authorization.
How To Assign a Profile to a User Account
Edit the /etc/security/prof_attr file to assign a profile to an account.
To assign a profile:
- Log in with superuser access.
- Open the file in a text editor, for example:
vi /etc/security/prof_attr
- Enter the following text:
account_name::::type=normal;profiles=profile_name
For example, to assign the MMS User profile to the account LEE1108:
LEE1108::::type=normal;profiles=MMS User
- Save and exit the editor.
- Verify the assignment.
In the example, the resulting RBAC profile:
MMS User
Basic Solaris User
All
How to Assign an Authorization to an Account
You can assign the authorization to perform a specific operation in addition to the set of authorizations defined in a profile. To add an authorizations:
- Log in with superuser access.
- Edit the file in a text editor.
vi /etc/security/prof_attr
- Add the name of the specific authorization. The following example adds the solaris.mms.io. authorizations to the account LEE1108.*
LEE1108::::type=normal;auths=solaris.mms.io.*
- Save and exit the editor.
- Verify the profile assignment.
- Verify the authorizations for the user.
|
