Ann Sunhachawee wrote: > Thanks for the feedback! Heads up to NWAM docs and NWAM eng... i'd > appreciate some of your input on this too. > > Glenn Faden wrote: >> I like the User Privilege Hint, but I'm not sure about the "Sign in as >> a different user" part. I think this should be "Assume a role". From >> a security standpoint a user should not be able to sign in with >> multiple identities. > Good point. I'd like to check in with our docs folks and poke around to > see how users understand these different terms and what is natural for > them. >>
Ask a user instead! I'd much prefer to see the tool assume a role to perform the required task and nothing more. Much safer and probably easier to implement. >> I'm also curious how this tool can change its indentity anyway. Does >> it restart itself? > I've seen this type of capability on MacOS, but will have to wait for > the NWAM engineers to comment on the feasibility and side effects of > such a feature on Solaris. > The capability in MacOS X is really performed by "sudo" fronted by a fancy GUI. http://www.sudo.ws/ John
