|
|
To enhance security, not only has the power of superuser to override system restrictions been divided into separate process privileges, but the concept of an all-purpose administrator can be replaced with the concept of administrative roles. Each role is responsible for different areas of system or security administration.
The separation of responsibilities and abilities to perform sensitive system tasks into separate roles decreases the risk that an administrator will knowingly or unknowingly perform a task that violates the security policy.
You can use the
adminuser
command to assign administrators to roles.
You may also define new roles using the
adminrole
command.