> Another option is to create a new role, say "wusb". Users who assumed
> the wusb role are allowed to execute the WUSB admin tool and manage the
> wusb service. However, it is not necessary to create a new role if there
> is an existing role which is for general system admin (such as device
> config, service management, etc.)
>
> Any comments are welcomed, thanks.
In general no projects create roles. Projects create Rights Profiles.
Local sites assign those Rights Profiles to the users and roles
of their choosing. You might find, the slightly outdated, but
still relevant information in the following useful for your
understanding.
http://developers.sun.com/solaris/articles/ais.html
Roles are special user accounts and take up the username and
userid space. These are generally controlled at the local site.
Gary..
