This section highlights information for existing customers about important new features in user rights, also called rights based access control (RBAC) and process rights, also called privileges.
A rights profile that the administrator assigns as an authenticated rights profile forces the user to provide a password before running a privileged command. If the user does not supply a password, the command runs without privilege. The password remains effective for a configurable period of time. See Example 3–11.
You can assign an authenticated rights profile to anyone who logs in to the system by adding the profile as a value of the AUTH_PROFS_GRANTED keyword in the policy.conf file.
You can restrict user and group access to hosts by time and timezone by assigning the access_times and access_tz rights. For an example, see the user_attr (4) man page.
Oracle Solaris provides the Authorization Roles Managed on RBAC (ARMOR) set of standardized roles in the armor package. For more information, see User and Process Rights Provide an Alternative to the Superuser Model and Example 3–1.
A User Manager GUI is available to manage the rights of users and roles. For more information, see Chapter 3, Managing User Accounts by Using the User Manager GUI, in Managing User Accounts and User Environments in Oracle Solaris 11.2 .