Administering Advanced Settings With the User Manager GUI

The following information is described in this section:

Administering Groups With the User Manager GUI
Administering Roles With the User Manager GUI
Administering Rights Profiles With the User Manager GUI
Administering Authorizations With the User Manager GUI

Use the Advanced Settings dialog box of the User Manager GUI to assign additional security attributes to a user, for example, rights profiles, roles, and authorizations.

For an overview of the security features that are supported in Oracle Solaris, see Part I, Security Overview, in Oracle Solaris 11.1 Administration: Security Services. For a detailed explanation of how role-based access control (RBAC) works in this release, see Part III, Roles, Rights Profiles, and Privileges, in Oracle Solaris 11.1 Administration: Security Services.

To administer advanced attributes for a user or role, select the user or role in the main User Manager panel, then click the Advanced Settings button. The Advanced Settings panel for the current user or role is displayed. The current user's name is displayed in parentheses at the top of the panel.

The following figure shows the Advanced Settings panel, with the Roles security attribute of the user john selected.

image:This figure shows the Advanced Settings dialog, from which you can administer advanced security attributes for a user.

The following security attributes can be administered in the Advanced Settings panel:

Groups
Roles
Rights Profiles
Authorizations

Administering Groups With the User Manager GUI

Groups are administered in the main User Manager dialog box of the User Manager GUI by clicking the Advanced Settings button.

How to Administer Groups

Start the User Manager GUI.
See How to Start the User Manager GUI.
Select a user in the main User Manager panel, then click the Advanced Settings button.
The Advanced Settings panel is displayed.
Click the Groups attribute on the left side of the panel.
A list of the available groups and a list of the groups that the current user belongs to are displayed.
- To assign a group (or multiple groups) to a user, select the group (or groups) from the Available Groups list, then click Add.
  The added group is displayed in the Assigned Groups list.
- To remove a group from the Assigned Groups list, select the group (or groups) from the list, then click Remove.
- To add or remove all of the groups for the current user, click the Add All or Remove All button.
Click OK to save the settings.
The changes are not applied until you click Apply or OK in the main User Manager panel.

Administering Roles With the User Manager GUI

Roles are administered in the main User Manager dialog box of the User Manager GUI by clicking the Advanced Settings button.

Note - The Roles attribute is available only for a user, not for a role, because roles can only be assigned to users.

The following figure shows the Advanced Settings panel, with the Roles security attribute of the user john selected.

image:This figure shows available and assigned roles for a user. Click Roles on the left hand side of the Advanced Settings dialog to access.

How to Administer Roles With the User Manager GUI

Start the User Manager GUI.
See How to Start the User Manager GUI.
Select a user in the main User Manager panel, then click the Advanced Settings button.
The Advanced Settings panel is displayed.
Click the Roles attribute on the left side of the panel.
A list of the available roles and a list of the roles that are assigned to the current user are displayed.
- To assign a role (or multiple roles) to a user, select the role (or roles) from the Available Roles list, then click Add.
  The added role is displayed in the Assigned Roles list.
- To remove a role from the Assigned Roles list, select the role (or roles) from the list, then click Remove.
- To add or remove all of the roles for the current user, click the Add All or Remove All button.
Click OK to save the settings.
The changes are not applied until you click Apply or OK in the main User Manager panel.

Administering Rights Profiles With the User Manager GUI

Rights profiles are administered in the main User Manager dialog box of the User Manager GUI by clicking the Advanced Settings button.

The following figure shows the Advanced Settings panel, with the Rights Profile security attribute of the user john selected.

image:This figure shows available and granted rights for a user. Click Rights Profiles on the left hand side of the Advanced Settings dialog to access.

Note - The assignment of rights profiles has an order precedence. Use the Move Up and Move Down buttons to change the order of the rights profiles that are granted to the current user, as desired.

How to Administer Rights Profiles With the User Manager GUI

Start the User Manager GUI.
See How to Start the User Manager GUI.
Select a user in the main User Manager panel, then click the Advanced Settings button.
The Advanced Settings panel is displayed.
Click the Rights Profile attribute on the left side of the panel.
A list of the available rights profiles and a list of the rights profiles that are granted to the current user are displayed.
- To assign a rights profile (or multiple rights profiles) to a user, select the rights profile (or rights profiles) from the Available Rights Profiles list, then click Add.
  The added rights profile is displayed in the Granted Rights Profiles list.
- To remove a rights profile from the Granted Rights Profiles list, select the rights profile (or rights profiles) from the list, then click Remove.
- To add or remove all rights profiles for the current user, click the Add All or Remove All button.
Click OK to save the settings.
The changes are not applied until you click Apply or OK in the main User Manager panel.

Administering Authorizations With the User Manager GUI

A user generally is granted authorizations indirectly through a rights profile. Authorization settings can be used to grant a specific authorization to a user or role. Some authorizations might have additional attributes, such as an object name. For example, when an administrator creates the group games, the administrator is granted an implicit authorization: solaris.group.manage/games. The object names are then displayed in the Granted Authorizations list.

How to Administer Authorizations With the User Manager GUI

Start the User Manager GUI.
See How to Start the User Manager GUI.
Select a user in the main User Manager panel, then click the Advanced Settings button.
The Advanced Settings panel is displayed.
Click the Authorization attribute on the left side of the panel.
A list of the available authorizations and a list of the authorizations that are granted to the current user are displayed.
- To assign an authorization (or multiple authorizations) to a user, select the authorization (or authorizations) from the Available Authorizations list, then click Add.
  The added authorization is displayed in the Granted Authorizations list.
- To remove an authorization from the Granted Authorizations list, select the authorization (or authorizations) from the list, then click Remove.
- To add or remove all authorizations for the current user, click the Add All or Remove All button.
Click OK to save the settings.
The changes are not applied until you click Apply or OK in the main User Manager panel.

Skip Navigation Links
Exit Print View
	Managing User Accounts and User Environments in Oracle Solaris 11.1 Oracle Solaris 11.1 Information Library