System administrators who manage user accounts should note that the following security features that have changed in this release:
Specific extended privileges can be applied to file objects, port numbers, and user IDs. These extended privileges replace the set of privileges that are otherwise available, except for the basic set.
For a discussion about expanding a user's privileges, see Expanding a User or Role’s Privileges in Securing Users and Processes in Oracle Solaris 11.2 .
For instructions, see Chapter 4, Assigning Rights to Applications, Scripts, and Resources, in Securing Users and Processes in Oracle Solaris 11.2 . See, also, the ppriv (1) or privileges (5) man pages.
You can set the auth_profiles right so that users must provide a password before executing a command that is assigned through a rights profile. The password is effective for a configurable period of time.
The AUTH_PROFS_GRANTED keyword in the policy.conf file sets the password requirement for running a privileged command for all users of a system.
For further information, see Expanding Users’ Rights in Securing Users and Processes in Oracle Solaris 11.2 . See, also, the useradd (1M) and usermod (1M) man pages.