One Identity Management Console for Unix 2.5.2 - Administration Guide

One Identity Privileged Access Suite for Unix Introducing One Identity Management Console for Unix Installing Management Console for Unix Preparing Unix hosts Working with host systems Managing local groups Managing local users Active Directory integration Authentication Services integration Privilege Manager integration
Getting started Configure a primary policy server Configure a secondary policy server Install PM agent or Sudo plugin on a remote host Security policy management
Opening a policy file Edit panel commands Editing PM policy files Reviewing the Access and Privileges by User report Reviewing the Access and Privileges by Host report
Event logs and keystroke logging
Reporting Setting preferences
User preferences System preferences
Security Troubleshooting tips
Auto profiling issues Active Directory Issues Auditing and compliance Cannot create a service connection point Check Authentication Services agent status commands not available CSV or PDF reports do not open Database port number is already in use Elevation is not working Hosts do not display Import file lists fakepath Information does not display in the console License information in report is not accurate Out of memory error Post install configuration fails on Unix or Mac Privilege Manager feature issues Profile task never completes questusr account was deleted Readiness check failed Recovering from a failed upgrade Reports are slow Reset the supervisor password Running on a Windows 2008 R2 domain controller Service account login fails Setting custom configuration settings Single Sign-on (SSO) issues JVM memory tuning suggestions Start/stop/restart Management Console for Unix service Toolbar buttons are not enabled UID or GID conflicts
System maintenance Command line utilities Web services Database maintenance About us

Authorize forbidden run hosts

To authorize forbidden run hosts

  1. Select the Hosts where members are forbidden to run commands option and click Edit.

    The Edit Entries dialog opens which allows you to add one or more host names separated with a comma. For example:

    buildhost, devhosts, *.one.two

    Notes:

    Users can not run commands on a host in this list.

    For more information about the Edit Entries dialog, click the help link.

  2. Click OK to save the Forbidden Run Hosts settings.

Authorize forbidden submit hosts

To authorize forbidden submit hosts

  1. Select the Hosts where members are forbidden to submit commands to run on authorized run hosts option and click Edit.

    The Edit Entries dialog opens which allows you to add one or more host names separated with a comma. For example:

    "buildhost", devhosts, "*.one.two"

    Note:

    Users can not submit commands to run from a host in this list.

    For more information about the Edit Entries dialog, click the help link.

  2. Click OK to save Forbidden Submit Hosts settings.

Authorize users

To authorize users

  1. Select the Local users and Unix-enabled AD users authorized to run commands option and click Edit.

    The Edit Entries dialog opens which allows you to add one or more user names separated with a comma. For example:

    fred, ethel, admins

    To allow any user to run commands on all hosts, enter ALL.

    Note: For more information about the Edit Entries dialog, click the help link.

  2. Select the Runas user option and enter a user name in the text box.

    You can optionally browse to select a user using the options from the drop-down menu. Choose:

    1. Select Local to select a local user to run the command as.
    2. Select AD to select a Unix-enabled Active Directory user to run the command as.
    3. user to run the command as the current user.
    4. requestuser to run the command as the requested user.
  3. Click OK to save the authorized user names.

Authorize groups

To authorize groups

  1. Select the Local groups and Unix-enabled AD groups authorized to run commands option and click Edit.

    The Edit Entries dialog opens which allows you to add one or more Unix-enabled Active Directory group names separated with a comma. For example:

    dev, support

    To allow the members of any group to run commands on all hosts, enter ALL.

    Note: For more information about the Edit Entries dialog, click the help link.

  2. Select the Runas group option and from the drop down menu, choose:
    1. Select Local to select a local group.
    2. Select AD to select a Unix-enabled Active Directory group.
  3. Select the Users must be a member of an authorized group on the primary policy server to run commands option.
  4. Click OK to save Groups settings.
Documents connexes