I'll ask the project team to revise the proposal this way. Does everyone agree this is the right approach?
-- mark Darren J Moffat wrote: > xiao li - Sun Microsystems - Beijing China wrote: > >> The "System Administrator" is not a user, it's one of the existing >> rights profiles, we could grant it to any user or role as we want. >> These commands are by design for system administration, I think we >> should put them under the rights profile "File System Management" >> which is a supplementary rights profile of "System Administrator". >> So it will depend on the customers which user/role would run these >> commands, not restricted to superuser(root). >> > > Since this has NOTHING to do with "File Systems" I don't think that is > an appropriate existing RBAC profile. > > I would like to see one or maybe two new profiles: > > "SCSI Device Info" Contains the non empty set of commands from this > case that require privilege but are non destructive in all their modes > of operation - ie they are "status/info" commands only. > > "SCSI Device Management" Contains all of "SCSI Device Info" (as an > included profile if possible) plus any commands from this case that have > a destructive or change capability. > > > -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://mail.opensolaris.org/pipermail/opensolaris-arc/attachments/20081113/df9eb639/attachment.html>
