This chapter provides reference material about RBAC. The following is a list of the reference information in this chapter:Contents of Rights Profiles Authorization Naming and Delegation Databases That Support RBAC RBAC Commands For information on using RBAC, see Chapter 9, Using Role-Based Access Control (Tasks). For overview information, see Role-Based Access Control (Overview). rights profilesmajor rights profiles descriptionsrights profilescontents of typicalThis section describes some typical rights profiles. Rights profiles can include authorizations, commands with security attributes, and supplementary rights profiles. The rights profiles are listed from most to least powerful. For suggestions on how to distribute rights profiles to roles at your site, see How to Plan Your RBAC Implementation.Primary Administrator rights profile – Provides the capabilities of superuser in one profile. System Administrator rights profile – Provides a profile that can do most tasks that are not connected with security. This profile includes several other profiles to create a powerful role. Operator rights profile – Provides limited capabilities to manage files and offline media. This profile includes supplementary rights profiles to create a simple role. Printer Management rights profile – Provides a limited number of commands and authorizations to handle printing. This profile is one of several profiles that cover a single area of administration. Basic Solaris User rights profile – Enables users to use the system within the bounds of security policy. This profile is listed by default in the policy.conf file. All rights profile – For roles, provides access to commands that do not have security attributes. Console User rights profile – For the workstation owner, provides access to authorizations, commands, and actions that you want to reserve for the person who is seated at the computer. Each rights profile has an associated help file. The help files are in HTML and are customizable. The files reside in the /usr/lib/help/profiles/locale/C directory.The Primary Administrator rights profile is assigned to the most powerful role on the system. The role that includes the Primary Administrator rights profile has superuser capabilities.The solaris.* authorization effectively assigns all of the authorizations that are provided by the Solaris software. The solaris.grant authorization lets a role assign any authorization to any rights profile, role, or user. The command assignment *:uid=0;gid=0 provides the ability to run any command with UID=0 and GID=0. You can customize the help file RtPriAdmin.html for your site, if necessary. Help files are stored in the /usr/lib/help/profiles/locale/C directory.Primary Administrator (RBAC)rights profile contentsNote also that if the Primary Administrator rights profile is not consistent with a site's security policy, the profile can be modified or not assigned at all. However, the security capabilities in the Primary Administrator rights profile would need to be handled in one or more other rights profiles. Those other rights profiles would then be assigned to roles.Purpose Contents To perform all administrative tasks Commands: *:uid=0;gid=0Authorizations: solaris.*, solaris.grantHelp File: RtPriAdmin.html System Administrator (RBAC)rights profileThe System Administrator rights profile is intended for the System Administrator role. Because the System Administrator does not have the broad capabilities of the Primary Administrator, no wildcards are used. Instead, this profile is a set of discrete, supplementary administrative rights profiles that do not deal with security. The commands with security attributes from one of the supplementary rights profiles are shown.Note that the All rights profile is assigned at the end of the list of supplementary rights profiles.Purpose Contents To perform most nonsecurity administrative tasks Supplementary rights profiles: Audit Review, Printer Management, Cron Management, Device Management, File System Management, Mail Management, Maintenance and Repair, Media Backup, Media Restore, Name Service Management, Network Management, Object Access Management, Process Management, Software Installation, Project Management, User Management, AllHelp File: RtSysAdmin.html Commands from one of the supplementary profiles Object Access Management rights profile, solaris policy: /usr/bin/chgrp:privs=file_chown, /usr/bin/chmod:privs=file_chown, /usr/bin/chown:privs=file_chown, /usr/bin/setfacl:privs=file_chownsuser policy: /usr/bin/chgrp:euid=0, /usr/bin/chmod:euid=0, /usr/bin/chown:euid=0, /usr/bin/getfacl:euid=0, /usr/bin/setfacl:euid=0 Operator (RBAC)contents of rights profileThe Operator rights profile is a less powerful profile that provides the ability to do backups and printer maintenance. The ability to restore files has more security consequences. Therefore, in this profile, the default is to not include the ability to restore files.Purpose Contents To perform simple administrative tasks Supplementary rights profiles: Printer Management, Media Backup, AllHelp File: RtOperator.html Printer Management rights profilePrinter Management is a typical rights profile that is intended for a specific task area. This profile includes authorizations and commands. The following table shows a partial list of commands.Purpose Contents To manage printers, daemons, and spooling Authorizations: solaris.print.*, solaris.label.print, solaris.admin.printer.delete, solaris.admin.printer.modify, solaris.admin.printer.readCommands: /usr/lib/lp/local/lpadmin:uid=lp;gid =lp, /usr/sbin/lpfilter:euid=lp;uid=lp, /usr/sbin/lpforms:euid=lp, /usr/sbin/lpusers:euid=lp, /usr/sbin/ppdmgr:euid=0Help File: RtPrntMngmnt.html Basic Solaris User rights profilepolicy.conf fileBasic Solaris User rights profileBy default, the Basic Solaris User rights profile is assigned automatically to all users through the policy.conf file. This profile provides basic authorizations that are useful in normal operations. Note that the convenience that is offered by the Basic Solaris User rights profile must be balanced against site security requirements. Sites that need stricter security might prefer to remove this profile from the policy.conf file.Purpose Contents To automatically assign rights to all users Authorizations: solaris.profmgr.read, solaris.jobs.user, solaris.mail.mailq, solaris.device.mount.removable, solaris.admin.usermgr.read, solaris.admin.logsvc.read, solaris.admin.fsmgr.read, solaris.admin.serialmgr.read, solaris.admin.diskmgr.read, solaris.admin.procmgr.user, solaris.compsys.read, solaris.admin.printer.read, solaris.admin.prodreg.read, solaris.admin.dcmgr.read, solaris.snmp.read, solaris.project.read, solaris.admin.patchmg.read, solaris.network.hosts.read, solaris.admin.volmgr.readCommands: /usr/bin/cdda2wav.bin:privs=file_dac_read,sys_devices, proc_priocntl,net_privaddr, /usr/bin/cdrecord.bin:privs=file_dac_read,sys_devices, proc_lock_memory,proc_priocntl,net_privaddr, /usr/bin/readcd.bin:privs=file_dac_read,sys_devices,net_privaddr, /usr/lib/ospm/lp-queue-helper:euid=lp;gid=lp, Supplementary rights profiles: AllHelp File: RtDefault.html Console User (RBAC)rights profileThe Console User rights profile is intended for the console user, that is, the person who is seated in front of the system. This profile is delivered with a convenient set of authorizations for the console user. You can customize the Console User rights profile to satisfy your site security requirements. For an example, see Example 9–20. All (RBAC)rights profile The All rights profile uses the wildcard to include all commands. This profile provides a role with access to all commands that are not explicitly assigned in other rights profiles. Without the All rights profile or other rights profiles that use wildcards, a role has access to explicitly assigned commands only. Such a limited a set of commands is not very practical.The All rights profile, if used, should be the final rights profile that is assigned. This last position ensures that explicit security attribute assignments in other rights profiles are not inadvertently overridden.Purpose Contents To execute any command as the user or role Commands: *Help File: RtAll.html rights profilesordering The commands in rights profiles are interpreted in order. The first occurrence of a command is the only version of the command that is used for that role or user. Different rights profiles can include the same command. Therefore, the order of rights profiles in a list of profiles is important. The rights profile with the most capabilities should be listed first.Rights profiles are listed in the Solaris Management Console GUI and in the prof_attr file. In the Solaris Management Console GUI, the rights profile with the most capabilities should be the top profile in a list of assigned rights profiles. In the prof_attr file, the rights profile with the most capabilities should be the first in a list of supplementary profiles. This placement ensures that a command with security attributes is listed before that same command without security attributes. rights profilesviewing contents viewingcontents of rights profiles The Solaris Management Console Rights tool provides one way of inspecting the contents of the rights profiles.The prof_attr and exec_attr files offer a more fragmented view. The prof_attr file contains the name of every rights profile that is defined on the system. The file also includes the authorizations and the supplementary rights profiles for each profile. The exec_attr file contains the names of rights profiles and their commands with security attributes. authorizations (RBAC)description An RBAC authorization is a discrete right that can be granted to a role or a user. Authorizations are checked by RBAC-compliant applications before a user gets access to the application or specific operations within the application. This check replaces the tests in conventional UNIX applications for UID=0.An authorization has a name that is used internally and in files. For example, solaris.admin.usermgr.pswd is the name of an authorization. An authorization has a short description, which appears in the graphical user interfaces (GUIs). For example, Change Passwords is the description of the solaris.admin.usermgr.pswd authorization.. (dot)authorization name separatordot (.)authorization name separatorauthorizations (RBAC)naming conventionnaming conventionsRBAC authorizations* (asterisk)wildcard characterin RBAC authorizationsasterisk (*)wildcard characterin RBAC authorizationswildcard charactersin RBAC authorizationsBy convention, authorization names consist of the reverse order of the Internet name of the supplier, the subject area, any subareas, and the function. The parts of the authorization name are separated by dots. An example would be com.xyzcorp.device.access. Exceptions to this convention are the authorizations from Sun Microsystems, Inc., which use the prefix solaris instead of an Internet name. The naming convention enables administrators to apply authorizations in a hierarchical fashion. A wildcard (*) can represent any strings to the right of a dot. authorizations (RBAC)granularity As an example of how authorizations are used, consider the following: A user in the Operator role might be limited to the solaris.admin.usermgr.read authorization, which provides read but not write access to user configuration files. The System Administrator role naturally has the solaris.admin.usermgr.read and the solaris.admin.usermgr.write authorizations for making changes to user files. However, without the solaris.admin.usermgr.pswd authorization, the System Administrator cannot change passwords. The Primary Administrator has all three of these authorizations.The solaris.admin.usermgr.pswd authorization is required to make password changes in the Solaris Management Console User tool. This authorization is also required for using the password modification options in the smuser, smmultiuser, and smrole commands. authorizations (RBAC)delegating delegatingRBAC authorizations An authorization that ends with the suffix grant enables a user or a role to delegate to other users any assigned authorizations that begin with the same prefix.For example, a role with the authorizations solaris.admin.usermgr.grant and solaris.admin.usermgr.read can delegate the solaris.admin.usermgr.read authorization to another user. A role with the solaris.admin.usermgr.grant and solaris.admin.usermgr.* authorizations can delegate any of the authorizations with the solaris.admin.usermgr prefix to other users. rights profilesdatabasesprof_attr database and exec_attr database user database (RBAC)user_attr database authorizations (RBAC)database RBACdatabases databasesRBAC The following four databases store the data for the RBAC elements:user_attr databasedescriptionExtended user attributes database (user_attr) – Associates users and roles with authorizations and rights prof_attr databasesummaryRights profile attributes database (prof_attr) – Defines rights profiles, lists the profiles' assigned authorizations, and identifies the associated help file auth_attr databasesummaryAuthorization attributes database (auth_attr) – Defines authorizations and their attributes, and identifies the associated help file exec_attr databasesummaryExecution attributes database (exec_attr) – Identifies the commands with security attributes that are assigned to specific rights profiles security policydefault (RBAC)The policy.conf database contains authorizations,privileges, and rights profiles that are applied to all users. For more information, see policy.conf File. RBACdatabase relationships user_attr databaseRBAC relationships Each RBAC database uses a key=value syntax for storing attributes. This method accommodates future expansion of the databases. The method also enables a system to continue to operate if the system encounters a keyword that is unknown to its policy. The key=value contents link the files. The following linked entries from the four databases illustrate how the RBAC databases work together.In the following example, the user jdoe gets the capabilities of the File System Management profile through being assigned the role filemgr.The user jdoe is assigned the role filemgr in the jdoe user entry in the user_attr database.# user_attr - user definition jdoe::::type=normal;roles=filemgr The role filemgr is assigned the rights profile File System Management in the role's entry in the user_attr database.# user_attr - role definition filemgr::::profiles=File System Management;type=roleThe user and the role are uniquely defined in the passwd and shadow files on the local system, or in equivalent databases in a distributed name service. The File System Management rights profile is defined in the prof_attr database. This database also assigns three sets of authorizations to the File System Management entry.# prof_attr - rights profile definitions and assigned authorizations File System Management:::Manage, mount, share file systems: help=RtFileSysMngmnt.html; auths=solaris.admin.fsmgr.*,solaris.admin.diskmgr.*,solaris.admin.volmgr.* The authorizations are defined in the auth_attr database.# auth_attr - authorization definitions solaris.admin.fsmgr.:::Mounts and Shares::help=AuthFsmgrHeader.html solaris.admin.fsmgr.read:::View Mounts and Shares::help=AuthFsmgrRead.html solaris.admin.fsmgr.write:::Mount and Share Files::help=AuthFsmgrWrite.html The File System Management rights profile is assigned commands with security attributes in the exec_attr database.# exec_attr - rights profile names with secured commands File System Management:suser:cmd:::/usr/sbin/mount:uid=0 File System Management:suser:cmd:::/usr/sbin/dfshares:euid=0 … File System Management:solaris:cmd:::/usr/sbin/mount:privs=sys_mount … RBACname services andThe name service scope of the RBAC databases can apply to the local host only. The scope can also include all hosts that are served by a name service such as NIS, NIS+, or LDAP. Which name service has precedence is set for each of the databases in the /etc/nsswitch.conf file.auth_attr entry – Sets the name service precedence for the auth_attr database. passwd entry – Sets the name service precedence for the user_attr database. prof_attr entry – Sets the name service precedence for the prof_attr database. Also sets the name service precedence for the exec_attr database.For example, if a command with security attributes is assigned to a rights profile that exists in two name service scopes, only the entry in the first name service scope is used. user_attr databasedescription databasesuser_attr The user_attr database contains user and role information that supplements the passwd and shadow databases. The user_attr database contains extended user attributes such as authorizations, rights profiles, and assigned roles. The fields in the user_attr database are separated by colons, as follows:user:qualifier:res1:res2:attrThe fields have the following meanings:userThe name of the user or role as specified in the passwd database. qualifier:res1:res2These fields are reserved for future use. attrAn optional list of semicolon-separated (;) key-value pairs that describes the security attributes to be applied when the user runs commands. The four valid keys are type, auths, profiles, and roles.The type keyword can be set to normal, if this account is for a normal user. The type is role if this account is for a role. * (asterisk)wildcard characterin RBAC authorizationsasterisk (*)wildcard characterin RBAC authorizationsThe auths keyword specifies a comma-separated list of authorization names that are chosen from names that are defined in the auth_attr database. Authorization names can include the asterisk (*) character as a wildcard. For example, solaris.device.* means all of the Solaris device authorizations. The profiles keyword specifies an ordered, comma-separated list of rights profile names from the prof_attr database. The order of rights profiles works similarly to UNIX search paths. The first profile in the list that contains the command to be executed defines which (if any) security attributes are to be applied to the command. The roles keyword can be assigned to the user through a comma-separated list of role names. Note that roles are defined in the same user_attr database. Roles are indicated by setting the type value to role. Roles cannot be assigned to other roles. The following example demonstrates how the Operator role is defined in a typical user_attr database. The example shows how the role is assigned to user jdoe. Roles and users are differentiated by the type keyword.% grep operator /etc/user_attr jdoe::::type=normal;roles=operator operator::::profiles=Operator;type=role RBACauthorization database authorizations (RBAC)database auth_attr databasedescription databasesauth_attr All authorizations are stored in the auth_attr database. Authorizations can be assigned to users, to roles, or to rights profiles. The preferred method is to place authorizations in a rights profile, to include the profile in a role's list of profiles, and then to assign the role to a user.The fields in the auth_attr database are separated by colons, as follows:authname:res1:res2:short_desc:long_desc:attrThe fields have the following meanings:authnameA unique character string that is used to identify the authorization in the format prefix.[suffix]. Authorizations for the Solaris OS use solaris as a prefix. All other authorizations should use a prefix that begins with the reverse-order Internet domain name of the organization that creates the authorization (for example, com.xyzcompany). The suffix indicates what is being authorized, which is typically the functional area and operation.When the authname consists of a prefix and functional area and ends with a period, the authname serves as a heading to be used by applications in their GUIs. A two-part authname is not an actual authorization. The authname of solaris.printmgr. is an example of a heading.When authname ends with the word “grant,” the authname serves as a grant authorization. A grant authorization enables the user to delegate to other users authorizations with the same prefix and functional area. The authname of solaris.printmgr.grant is an example of a grant authorization. solaris.printmgr.grant gives the user the right to delegate to other users such authorizations as solaris.printmgr.admin and solaris.printmgr.nobanner. res1:res2Reserved for future use. short_descA short name for the authorization. This short name is suitable for display in user interfaces, such as in a scrolling list in a GUI. long_descA long description. This field identifies the purpose of the authorization, the applications in which the authorization is used, and the type of user who might use the authorization. The long description can be displayed in the help text of an application. attrAn optional list of semicolon-separated (;) key-value pairs that describe the attributes of an authorization. Zero or more keys can be specified.The keyword help identifies a help file in HTML. Help files can be accessed from the index.html file in the /usr/lib/help/auths/locale/C directory. The following example shows an auth_attr database with some typical values:% grep printer /etc/security/auth_attr solaris.admin.printer.:::Printer Information::help=AuthPrinterHeader.html solaris.admin.printer.delete:::Delete Printer Information::help=AuthPrinterDelete.html solaris.admin.printer.modify:::Update Printer Information::help=AuthPrinterModify.html solaris.admin.printer.read:::View Printer Information::help=AuthPrinterRead.htmlNote that solaris.admin.printer. is defined as a heading, because the authorization name ends in a dot (.). Headings are used by the GUIs to organize families of authorizations. RBACrights profile database prof_attr databasedescription databasesprof_attr The prof_attr database stores the name, description, help file location, and authorizations that are assigned to rights profiles. The commands and security attributes that are assigned to rights profiles are stored in the exec_attr database. For more information, see exec_attr Database. The fields in the prof_attr database are separated by colons, as follows:profname:res1:res2:desc:attrThe fields have the following meanings:profnameThe name of the rights profile. Rights profile names are case-sensitive. This name is also used by the user_attr database to indicate the profiles that are assigned to roles and users. res1:res2Reserved for future use. descA long description. This field should explain the purpose of the rights profile, including what type of user would be interested in using the profile. The long description should be suitable for display in the help text of an application. attrAn optional list of key-value pairs that are separated by semicolons (;) that describes the security attributes to apply to the object on execution. Zero or more keys can be specified. The two valid keys are help and auths.The keyword help identifies a help file in HTML. Help files can be accessed from the index.html file in the /usr/lib/help/profiles/locale/C directory.The keyword auths specifies a comma-separated list of authorization names that are chosen from those names that are defined in the auth_attr database. Authorization names can be specified with the asterisk (*) character as a wildcard. The following example shows two typical prof_attr database entries. Note that the Printer Management rights profile is a supplementary rights profile of the Operator rights profile. The example is wrapped for display purposes.% grep 'Printer Management' /etc/security/prof_attr Printer Management::: Name of rights profile Manage printers, daemons, spooling: Description help=RtPrntAdmin.html; Help file auths=solaris.admin.printer.read, Authorizations solaris.admin.printer.modify,solaris.admin.printer.delete ... Operator::: Name of rights profile Can perform simple administrative tasks: Description profiles=Printer Management, Supplementary rights profiles Media Backup,All; help=RtOperator.html Help file exec_attr databasedescription databasesexec_attr The exec_attr database defines commands that require security attributes to succeed. The commands are part of a rights profile. A command with its security attributes can be run by roles to whom the profile is assigned.The fields in the exec_attr database are separated by colons, as follows:name:policy:type:res1:res2:id:attrThe fields have the following meanings.profnameThe name of the rights profile. Rights profile names are case-sensitive. The name refers to a profile in the prof_attr database. suser security policy solaris security policy policyThe security policy that is associated with this entry. Currently, suser and solaris are the valid entries. The solaris policy recognizes privileges. The suser policy does not. typeThe type of entity that is specified. Currently, the only valid entity type is cmd (command). res1:res2Reserved for future use. idA string that identifies the entity. Commands should have the full path or a path with a wildcard (*). To specify arguments, write a script with the arguments and point the id to the script. attrsemicolon (;)separator of security attributes; (semicolon)separator of security attributesAn optional list of semicolon (;) separated key-value pairs that describes the security attributes to apply to the entity on execution. Zero or more keys can be specified. The list of valid keywords depends on the policy that is enforced.For the suser policy, the four valid keys are euid, uid, egid, and gid.The euid and uid keywords contain a single user name or a numeric user ID (UID). Commands that are designated with euid run with the supplied UID, which is similar to setting the setuid bit on an executable file. Commands that are designated with uid run with both the real UID and the effective UID. The egid and gid keywords contain a single group name or numeric group ID (GID). Commands that are designated with egid run with the supplied GID, which is similar to setting the setgid bit on an executable file. Commands that are designated with gid run with both the real GID and the effective GID. For the solaris policy, the valid keyword is privs. The value consists of a list of privileges that are separated by commas. The following example shows some typical values from an exec_attr database:% grep 'File System Management' /etc/security/exec_attr File System Management:suser:cmd:::/usr/sbin/ff:euid=0 File System Management:solaris:cmd:::/usr/sbin/mount:privs=sys_mount … policy.conf filedescription usersassigning RBAC defaults policy.conf filekeywordsfor RBAC authorizationsThe policy.conf file provides a way of granting specific rights profiles, specific authorizations, and specific privileges to all users. The relevant entries in the file consist of key=value pairs:AUTHS_GRANTED keywordpolicy.conf fileAUTHS_GRANTED=authorizations – Refers to one or more authorizations. policy.conf filekeywordsfor rights profilesPROFS_GRANTED keywordpolicy.conf filePROFS_GRANTED=rights profiles – Refers to one or more rights profiles. policy.conf filekeywordsfor workstation ownerCONSOLE_USER keywordpolicy.conf fileCONSOLE_USER=Console User– Refers to the Console User rights profile. This profile is delivered with a convenient set of authorizations for the console user. You can customize this profile. policy.conf filekeywordsfor privilegesPRIV_DEFAULT keywordpolicy.conf filePRIV_DEFAULT=privileges – Refers to one or more privileges. PRIV_LIMIT keywordpolicy.conf filePRIV_LIMIT=privileges – Refers to all privileges. The following example shows some typical values from a policy.conf database:# grep AUTHS /etc/security/policy AUTHS_GRANTED=solaris.device.cdrw # grep PROFS /etc/security/policy PROFS_GRANTED=Basic Solaris User # grep PRIV /etc/security/policy #PRIV_DEFAULT=basic #PRIV_LIMIT=allFor more information about privileges, see Privileges (Overview). This section lists commands that are used to administer RBAC. Also provided is a table of commands whose access can be controlled by authorizations.RBACadministration commands commandsRBAC administration commands RBACcommands for managing While you can edit the local RBAC databases manually, such editing is strongly discouraged. The following commands are available for managing access to tasks with RBAC.Man Page for Command Description auths1 auths commanddescriptionDisplays authorizations for a user. makedbm1M makedbm commanddescriptionMakes a dbm file. nscd1M nscd (name service cache daemon)usedaemonsnscd (name service cache daemon)Name service cache daemon, useful for caching the user_attr, prof_attr, and exec_attr databases. Use the svcadm command to restart the daemon. pam_roles5 pam_roles commanddescriptionRole account management module for PAM. Checks for the authorization to assume role. pfexec1 pfexec commanddescriptionUsed by profile shells to execute commands with security attributes that are specified in the exec_attr database. policy.conf4 policy.conf filedescriptionconfiguration filespolicy.conf fileConfiguration file for system security policy. Lists granted authorizations, granted privileges, and other security information. profiles1 profiles commanddescriptionDisplays rights profiles for a specified user. roles1 roles commanddescriptiondisplayingroles you can assumelistingroles you can assumeroleslisting local rolesDisplays roles that a specified user can assume. roleadd1M roleadd commanddescriptionAdds a role to a local system. roledel1M roledel commanddescriptionDeletes a role from a local system. rolemod1M rolemod commanddescriptionModifies a role's properties on a local system. smattrpop1M smattrpop commanddescriptionMerges the source security attribute database into the target database. For use in situations where local databases need to be merged into a name service. Also for use in upgrades where conversion scripts are not supplied. smexec1M smexec commanddescriptionManages entries in the exec_attr database. Requires authentication. smmultiuser1M smmultiuser commanddescriptionManages bulk operations on user accounts. Requires authentication. smprofile1M smprofile commanddescriptionManages rights profiles in the prof_attr and exec_attr databases. Requires authentication. smrole1M smrole commanddescriptionManages roles and users in role accounts. Requires authentication. smuser1M smuser commanddescriptionManages user entries. Requires authentication. useradd1M useradd commanddescriptionAdds a user account to the system. The P option assigns a role to a user's account. userdel1M userdel commanddescriptionDeletes a user's login from the system. usermod1M usermod commanddescriptionModifies a user's account properties on the system. authorizations (RBAC)commands that require authorizations The following table provides examples of how authorizations are used to limit command options on a Solaris system. For more discussion of authorizations, see Authorization Naming and Delegation.Man Page for Command Authorization Requirements at1 at commandauthorizations requiredsolaris.jobs.user required for all options (when neither at.allow nor at.deny files exist) atq1 atq commandauthorizations requiredsolaris.jobs.admin required for all options cdrw1 cdrw commandauthorizations requiredsolaris.device.cdrw required for all options, and is granted by default in the policy.conf file crontab1 crontab filesauthorizations requiredsolaris.jobs.user required for the option to submit a job (when neither crontab.allow nor crontab.deny files exist)solaris.jobs.admin required for the options to list or modify other users' crontab files allocate1 solaris.device.allocate (or other authorization as specified in device_allocate file) required to allocate a deviceallocate commandauthorizations requiredsolaris.device.revoke (or other authorization as specified in device_allocate file) required to allocate a device to another user (F option) deallocate1 deallocate commandauthorizations requiredsolaris.device.allocate (or other authorization as specified in device_allocate file) required to deallocate another user's devicesolaris.device.revoke (or other authorization as specified in device_allocate) required to force deallocation of the specified device (F option) or all devices (I option) list_devices1 list_devices commandauthorizations requiredsolaris.device.revoke required to list another user's devices (U option) sendmail1M sendmail commandauthorizations requiredsolaris.mail required to access mail subsystem functions; solaris.mail.mailq required to view mail queue