Solaris ships with several X configuration utilities which require additional privileges to run. To allow selected users to run these without having to have the root password, an RBAC (Role Based Access Control) rights profile has been created with the name "Desktop Configuration".
Users with the rights granted by this profile can do these things normally requiring root privileges, starting in Solaris 10 (build s10_73 and later):
Additional configuration tools will likely be added to this profile in the future, including possibly those for CDE & JDS desktops like dtlogin & gdm configuration.
For example, if I wanted to allow the user alanc to change the X server configuration without having to have the root password, I would just add this line to /etc/user_attr:
I can then login as alanc and run svccfg to change the X server options or run pfexec /usr/X11/bin/scanpci to see the list of PCI devices in the system. If correctly configured, when the user runs the auths command, they should see the solaris.smf.manage.x11 and solaris.smf.manage.font authorizations listed.
For more information on using RBAC and rights profiles, see the manual Solaris 10 System Administrator Collection > System Administration Guide: Security Services.