xiao li - Sun Microsystems - Beijing China wrote: > The "System Administrator" is not a user, it's one of the existing > rights profiles, we could grant it to any user or role as we want. > These commands are by design for system administration, I think we > should put them under the rights profile "File System Management" > which is a supplementary rights profile of "System Administrator". > So it will depend on the customers which user/role would run these > commands, not restricted to superuser(root).
Since this has NOTHING to do with "File Systems" I don't think that is an appropriate existing RBAC profile. I would like to see one or maybe two new profiles: "SCSI Device Info" Contains the non empty set of commands from this case that require privilege but are non destructive in all their modes of operation - ie they are "status/info" commands only. "SCSI Device Management" Contains all of "SCSI Device Info" (as an included profile if possible) plus any commands from this case that have a destructive or change capability. -- Darren J Moffat
