10 SPARC Enterprise Mx000 Servers Administration Guide • November 2007
The system provides the predefined privileges shown in TABLE 2-1. These are the
only privileges allowed in the server. You cannot define additional privileges.
TABLE 2-1 User Privileges
Privilege Capabilities
none None. When the local privilege for a user is set to none, that user has no privileges,
even if privileges for that user are defined in LDAP. Setting a user’s local privilege to
none prevents the user’s privileges from being looked up in LDAP.
useradm Can create, delete, disable, and enable user accounts.
Can change a user’s password and password properties.
Can change a user’s privileges.
Can view all platform states.
platadm Can perform all Service Processor configuration other than the useradm and auditadm
Can assign and unassign hardware to or from domains.
Can perform domain and Service Processor power operations.
Can perform Service Processor failover operations on systems with more than one
Service Processor.
Can perform all operations on domain hardware.
Can view all platform states.
platop Can view all platform states.
domainadm Can perform all operations on hardware assigned to the domain(s) on which this
privilege is held.
Can perform all operations on the domain(s) on which this privilege is held.
Can view all states of the hardware assigned to the domain(s) on which this privilege is
Can view all states of the domain(s) on which this privilege is held.
domainmgr Can perform domain power operations.
Can view all states of the hardware assigned to the domain(s) on which this privilege is
Can view all states of the domain(s) on which this privilege is held.
domainop Can view all states of the hardware assigned to the domain(s) on which this privilege is
Can view all states of the domain(s) on which this privilege is held.
auditadm Can configure auditing.
Can delete audit trail.
auditop Can view all audit states and the audit trail.
fieldeng Can perform all operations reserved for field engineers.