On Tue, Mar 31, 2009 at 1:11 PM, Glenn Faden <Glenn.Faden at sun.com> wrote: > Casper.Dik at Sun.COM wrote: >> ? ? ? ?- it's too easy to add a profile to an ordinary account. >> ? ? ? ? ?Fine for "Console User/Basic Solaris User" types of profiles; >> ? ? ? ? ?but not for others. >> > > We could add a type=role key/value to specific prof_attr entries specifying > that they can only be assigned to user_attr (or prof_attr) entries > containing type=role.
This sounds like a really good idea that would be fairly straight forward to implement. There are two reserved fields in prof_attr right now, a semi-colon separated list of users/roles that the profile can be assigned to could be easily put in one of those. fpsm
