I haven't read every message in this thread, but I have scanned most of
them, so sorry if someone else already made this point.
The distinction between "enable" and "start" is already very strong in
SMF so strong in fact that there are separate authorisations hierarchies
(solaris.smf.modify vs solaris.smf.manage) and by default two separate
RBAC profiles ("Service Management" vs "Service Operator").
A user given the "Service Operator" profile is NOT allowed to change the
persistent status only the temporary status. This means that users
with "Service Operator" who want to stop/start a service are always
using "svcadm disable -t" when when what they are really only allowed to
do is stop the service.
It is this distinction that caused me to log 6182530 in the first place
and is basically the argument I used in the CR.
--
Darren J Moffat
