Menno Lageman wrote:
>> What is the value in having 3 different rights profiles at all ? Why
>> not just one ?
>
> This is to allow for fine grained delegation. Flow accounting and
> process/task accounting may possibly live in different administrative
> realms. Having separate rights profiles gives the ability to delegate
> management of just flow extended accounting to a user. Also, given the
> fact that enabling process extended accounting generates a huge amount
> of data, one might want to delegate management of only task extended
> accounting.
>
> Is the concern the number of new rights profiles, or the fact that to
> grant management of all extended accounting one needs to assign all
> three profiles to a user?
Neither really just trying to determine if there was even a need to be
that fine grained given this was never possible before this case. If it
is a requirement that each of these can be delegated to different users
then I'm happy that there be multiple profiles to do so.
With that in mind my suggestion is that the profiles are:
Accounting Management: This includes three (Committed) sub profiles
Accounting Flow Management
Accounting Process Management
Accounting Task Management
Each of the sub profiles includes the private "acctadm" profile too.
Notice that I dropped the "Extended" prefix. Is that really necessary ?
The admin command is acctadm(1M) not eacctadm(1M), similarly the SMF
FMRI doesn't have extended mentioned.
--
Darren J Moffat
