I'm sponsoring this case for Jan Friedel. I believe it qualifies for self review and am marking it "closed approved automatic." I'm happy to turn it into a fast track and set the timer if anyone believes I've misjudged.
A copy of the audit(1m) man page form PSARC/2009/642 is in the case directory. Gary.. Details: ======= As part of the implementation of PSARC/2009/642 "audit_control(4) EOL and removal" the existing Audit Control Rights Profile needs to be updated. The Audit Control Rights Profiles doesn't seem to have been ARCed or have a explicit taxonomy. A single Audit Control Rights Profile doesn't enable Role Based Access Control (RBAC) Separation of Duty[fn *]. This case removes the ability to configure the svc:/system/auditd service from current Audit Control Rights Profile and adds a new Audit Configuration Rights Profile to configure the auditd service. Once integrated, the Audit subsystem Rights Profiles will be Audit Configuration allows an administrator to configure the Solaris Audit subsystem parameters. Audit Control allows an administrator the use of audit(1m) to start, stop, refresh the audit service. Audit Review allows an administrator to review the audit trail. The Audit Configuration Rights Profile is introduced by this case. The Audit Control Rights Profile's capabilities are unchanged from Solaris 10. However, the ability to configure parts of the Solaris audit subsytem was introduced in this Rights Profile by earlier OpenSolaris/Solaris 11 work. The Audit Review Rights Profile's capabilities are unchanged. This case requests a Minor Release Binding. ----- [*] RBAC separation of duty is the security principle that involves the use of multiple roles (or users) to perform different steps in an activity. For example, one role to do a configuration activity and another role to activate that configuration. _______________________________________________ opensolaris-arc mailing list opensolaris-arc@opensolaris.org