Mac OS X 10.9 Mavericks
Up to and including OS X v10.8 Mountain Lion, to make changes to the authorization rules of the OS it was necessary to edit the text file /etc/authorization. Starting with OS X v10.9 Mavericks, Apple switched to a SQLite database located in /var/db/auth.db. To make changes there, the security command line tool needs to be used. (This also worked before, however editing a text file usually is easier.) For example: To allow users to make changes to the Network control panel in System Preferences, run the following commands as root:
security authorizationdb write system.preferences.network allow
security authorizationdb write system.services.systemconfiguration.network allow
That’s the officially supported way. To see the contents of /var/db/auth.db, run the command
sqlite3 /var/db/auth.db .dump > /tmp/auth.txt
and open /tmp/auth.txt with your favorite text editor. For more details, the tutorial by Der Flounder might appear useful. A table of the default rights can be found at Dragon Systems Software Limited.
Unsupported alternative: Edit /System/Library/Security/authorization.plist, then rename or delete /var/db/auth.db and reboot.
Another unsupported alternate: Use SQLite commands to directly edit /var/db/auth.db.