Section 4.11 Security Impact The interaction between "Primary Administrator" and "Console User" RBAC profiles is unfortunate. This basically says to me that this doesn't actually work in a useful way given how OpenSolaris system initial user having having "Primary Administrator". In my opinion that is a bad config but it wasn't one the ARC was asked to review nor it it for this case to fix (I believe the issue is being discussed elsewhere though). IIRC it was done before "Console User" existed.
However the particular problem it causes 6749728 seems to be in scope for this case to resolve though and I think to approve this architecture it needs to be solved, or this case needs to be dependent on a case (or some other commitment) that we stop assigning "Primary Administrator" to the default user account. The workaround of modifying the "Primary Administrator" profile isn't acceptable and will actually cause different problems. Please do not document the advice that the "Desktop CD User" be modified by an end system admin. Instead document that they should create their own profile and assign that to users instead. The reasons for this is that we do not have a good upgrade story for what happens when the system admin modifies profiles we deliver - it is made worse by the current lack of any upgrade of these in OpenSolaris IPS based systems - and is further complicated by the fact that the entries could be in a remote nameservice. On the naming the "Desktop CD User" profile name should probably be CD/DVD/BlueRay which makes me thing it really should be "Desktop Removable Media User" -- Darren J Moffat
