Chat now with support
Tchattez avec un ingénieur du support

One Identity Management Console for Unix 2.5.2 - Administration Guide

One Identity Privileged Access Suite for Unix Introducing One Identity Management Console for Unix Installing Management Console for Unix Preparing Unix hosts Working with host systems Managing local groups Managing local users Active Directory integration Authentication Services integration Privilege Manager integration
Getting started Configure a primary policy server Configure a secondary policy server Install PM agent or Sudo plugin on a remote host Security policy management
Opening a policy file Edit panel commands Editing PM policy files Reviewing the Access and Privileges by User report Reviewing the Access and Privileges by Host report
Event logs and keystroke logging
Reporting Setting preferences
User preferences System preferences
Security Troubleshooting tips
Auto profiling issues Active Directory Issues Auditing and compliance Cannot create a service connection point Check Authentication Services agent status commands not available CSV or PDF reports do not open Database port number is already in use Elevation is not working Hosts do not display Import file lists fakepath Information does not display in the console License information in report is not accurate Out of memory error Post install configuration fails on Unix or Mac Privilege Manager feature issues Profile task never completes questusr account was deleted Readiness check failed Recovering from a failed upgrade Reports are slow Reset the supervisor password Running on a Windows 2008 R2 domain controller Service account login fails Setting custom configuration settings Single Sign-on (SSO) issues JVM memory tuning suggestions Start/stop/restart Management Console for Unix service Toolbar buttons are not enabled UID or GID conflicts
System maintenance Command line utilities Web services Database maintenance About us

Access & Privileges reports

Note: The Access & Privileges reports do not report on users and groups from a NIS domain.

Table 69: Access & Privileges reports
Report Description
Access & Privileges by Host

Identifies all users with log-on access to hosts and the commands the users can run on the hosts. This report includes the following information:

  • Total number of users that can log on to the host
  • The users that can log on to the host
  • The commands users can run on the host
  • The runas aliases for which the user can run commands on the host
  • The commands the runas alias can run on the host

Browse to select a host.

Optionally, select the Show detailed report option.

NOTE: This report is available when you are logged on as the supervisor or as an Active Directory account in the Manage Sudo Policy, Manage PM Policy, Audit Sudo Policy, or Audit PM Policy roles. You must have an active policy group for Privilege Manager to run this report; you can only include hosts that are joined to a policy group.

Access & Privileges by User

Identifies the users with log on access to hosts, the commands that user can run on each host, and the "runas aliases" information for that user. This report includes the following information:

  • Total number of hosts where the user can logon
  • The hosts where the user can logon
  • The commands the user can run on each host
  • The runas aliases for which the user can run commands on each host
  • The commands the runas alias can run on each host

Use the following report parameters to specify the user to include in the report:

  • A local user (default)
  • An AD user

Browse to select a user.

Optionally select the Show detailed report option.

NOTE: This report is available when you are logged on as the supervisor or as an Active Directory account in the Manage Sudo Policy, Manage PM Policy, Audit Sudo Policy, or Audit PM Policy roles. You must have an active policy group for Privilege Manager to run this report; you can only include hosts that are joined to a policy group.
Commands Executed

Provides details about the commands executed by users on hosts joined to a policy group, based on their privileges and recorded as events or captured in keystroke logs by Privilege Manager. This report allows you to search for commands that have been recorded as part of events or keystroke logs for a policy group and includes the following information:

  • Command name
  • User who executed the command
  • Date and time the command was executed
  • Host where the command was executed

Use the following report parameters to define details in the report:

  • Policy Group
  • Command
  • Host
  • Log status
  • Date

NOTE: You can use wildcards in the text string you enter in the Command box, such as * and ?.

NOTE: This report is available when you are logged on as the supervisor or as an Active Directory account in the Manage Sudo Policy, Manage PM Policy, Audit Sudo Policy, or Audit PM Policy roles. You must have an active policy group for Privilege Manager to run this report; you can only include hosts that are joined to a policy group.
Console Access and Permissions

Lists users who have access to the mangement console based on membership in a console role and the permissions assigned to that role. This report includes the following information:

  • List of roles
  • List of permissions assigned to each role
  • List and number of members assigned to each role

NOTE: This report is available when you are logged on as the supervisor or an Active Directory account in the Manage Console Access role. However, when you access this report as supervisor, the mangement console requires that you authenticate to Active Directory.
Logon Policy for AD User

Identifies the hosts where Active Directory users have been granted log on permission. This report includes the following information for hosts joined to an Active Directory domain:

  • Total number of hosts where the AD user has access
  • List of hosts where the AD user has access

Specify the Active Directory users to include in the report:

  • All AD users (default)
  • Select AD user

Browse to search Active Directory to locate and select an Active Directory user.

NOTE: The report might show both the Active Directory login name and local user names in the Login Name column for a selected AD user account because an Active Directory user account can have one or more local user accounts mapped to it.

NOTE: Only hosts joined to an Active Directory domain with a Authentication Services 4.x agent are included in this report.

NOTE: This report is available when you are logged on as an Active Directory account in the Manage Hosts role.
Logon Policy for Unix Host

Identifies the Active Directory users that have been explicitly granted log on permissions for one or more Unix computers. This report includes the following information for hosts joined to an Active Directory domain:

  • Host Name, DNS Name or IP Address of the host selected for the report
  • Users that have been granted permission to log on

Specify the managed hosts to include in the report:

  • All profiled hosts (default)
  • Select host

Browse to locate and select a managed host that is joined to Active Directory.

NOTE: This report only includes hosts joined to an Active Directory domain with a Authentication Services 4.x agent.

NOTE: This report is available when you are logged on as an Active Directory account in the Manage Hosts role.
Policy Changes

Provides details of changes made to a policy for a Privilege Manager policy group. This report includes the following information:

  • Name of the user that made changes to the policy
  • Version number for the changes
  • Time and date the changes were saved and actively used to enforce policy
  • Changes made to the policy based on version

Select a policy group.

Select either to:

  • Show all changes to the policy
  • Show only changes for a specific pmpolicy file (not available for sudo-based policy)
  • Show changes to the policy for changes for one or more revisions

NOTE: This report is available when you are logged on as the supervisor or as an Active Directory account in the Manage Sudo Policy, Manage PM Policy, Audit Sudo Policy, or Audit PM Policy roles. You must have an active policy group for Privilege Manager to run this report; you can only include hosts that are joined to a policy group.

Product Licenses Usage reports

Table 70: Product Licenses Usage reports
Report Description
Product License Usage

Provides a summary of all licensing information. This report includes the following information for hosts managed by the console:

  • Product
  • Purchased licenses
  • Used licenses

Reporting tab

Use the Reporting tab to view and export reports that capture key Unix identity data about the hosts you manage from the mangement console.

The Reporting tab has following view:

  • Reports provides a list of the reports available to you in Management Console for Unix.

    Note: Report availability depends on several factors:

    • User Log-on Credentials: While some reports are available when you are logged in as supervisor, there are some reports that are only available when you are logged on as an Active Directory user. (See Active Directory configuration for details.)
    • Roles and Permissions: Reports are hidden if they are not applicable to the user's console role. (See Console Roles and Permissions system settings for details.) For example, you must have an activated policy server to activate the sudo-related reports.
    • Active Directory Configuration: Some reports are not available if the management console is not configured for Active Directory. (See Active Directory configuration for details.)

  • When you select a report (such as the Unix Host Profiles Report), the mangement console adds a new report tab to the Reporting tab that displays the report parameters which you can use when you create this report.

When you create a report, it launches a new browser or application page to display the selected report in the specified format.

Setting preferences

You can set both User and console System preferences. User preferences are settings that only apply to the user that is currently logged on to the mangement console. Whereas, System preferences are global settings that apply to all users using the mangement console.

You access User preferences from the top-level User menu represented by the authenticated user's login name. Its menu also has options for sign in/sign out. You access System settings from the top-level Settings menu represented by the gear icon, . Its menu also has a link to the Software updates dialog where you can check for client software updates.

While you can change User Preferences using any log on account; to change console System Settings you must log onto the mangement console using the supervisor account or an Active Directory account with rights to change System Settings; that is, an account in the Console Administration role.

Documents connexes