Aprivileged application is an application that can override system controls and check for specific user IDs (UIDs), group IDs (GIDs), authorizations, or privileges. These access control elements are assigned by system administrators. For a general discussion of how administrators use these access control elements, seeAssigning Rights to Users inSecuring Users and Processes in Oracle Solaris 11.4.
The Oracle Solaris OS provides developers with two elements that enable a finer-grained delegation of privileges:
Privileges - Aprivilege is a discrete right that can be granted to an application. Witha privilege, a process can perform an operation that would otherwise be prohibitedby the Oracle Solaris OS. For example, processes cannot normally open data files without the properfile permission. Thefile_dac_read privilege provides aprocess with the ability to override the UNIX file permissions for readinga file. Privileges are enforced at the kernel level.
Authorizations - Anauthorization is a permission for performing a class of actions that are otherwiseprohibited by security policy. An authorization can be assigned to a roleor user. Authorizations are enforced at the user level.
The difference between authorizations and privileges has to do withthe level at which the policy of who can do what is enforced. Privileges areenforced at the kernel level. Without the proper privilege, a process cannotperform specific operations in a privileged application. Authorizations enforcepolicy at the user application level. An authorization might be required foraccess to a privileged application or for specific operations within a privilegedapplication.