My Oracle Support Banner

How To Create Custom Roles Using RBAC (Doc ID 1010196.1)

Last updated on DECEMBER 18, 2023

Applies to:

Solaris Operating System - Version 8 and later
All Platforms


This article details how to customize RBAC.

Role Based Access Control (RBAC) allows root to delegate specific superuser privileges without sharing all root's powers.  By default, RBAC is ready-to-go in Solaris 8 (and greater) Operating System. Using it is simply a matter of creating a special user account and mapping commands (or command sets) to it. root authorizes trusted users to assume the role's identity (via /usr/bin/su) and execute any/all superuser commands mapped to it.

For instance, arbitrary role account "test" could be mapped to pre-defined profiles in /etc/security/exec_attr, such as the command /usr/sbin/ifconfig. To allow trusted non-root user <FirstName LastName>  (<username>) to run ifconfig, root would grant <username> 'su' (/usr/bin/su) rights to role "test".

Once done, user <username>  could 'su' into role "test" and execute the profile /usr/sbin/ifconfig, which is normally restricted to 'root'. Since "test" maps only to 'ifconfig', attempts execute other privileged commands, such as a /usr/sbin/shutdown, will fail.

For Solaris 11.x RBAC (Assigning Rights to Users and Roles) see


To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.