In context of the whole "privacy" thing, here's something that may be 
worth looking at, for inspiration:

 	solaris10% auths  | tr , '\012' | sort
 	solaris.admin.dcmgr.read
 	solaris.admin.diskmgr.read
 	solaris.admin.fsmgr.read
 	solaris.admin.logsvc.read
 	solaris.admin.patchmgr.read
 	solaris.admin.printer.read
 	solaris.admin.procmgr.user
 	solaris.admin.prodreg.read
 	solaris.admin.serialmgr.read
 	solaris.admin.usermgr.read
 	solaris.admin.volmgr.read
 	solaris.compsys.read
 	solaris.device.cdrw
 	solaris.jobs.users
 	solaris.mail.mailq
 	solaris.network.hosts.read
 	solaris.profmgr.read
 	solaris.project.read
 	solaris.snmp.read

DESCRIPTION
      The auths command prints on standard output  the  authoriza-
      tions that you or the optionally-specified user or role have
      been granted. Authorizations are rights that are checked  by
      certain  privileged programs to determine whether a user may
      execute restricted functionality.
...

SEE ALSO
      profiles(1),  roles(1),  getauthattr(3SECDB),  auth_attr(4),
      policy.conf(4), prof_attr(4), user_attr(4), attributes(5)

I think it would be nice if we could avoid inventing the wheel (or its 
user/system interface). That assumes the Solaris model DTRT for us, which 
I'm not implying (I have no idea of all this, only finding my way through 
Solaris 10...)


  - Hubert