Restricted command profiles enable the TPAM administrator to restrict the commands that can be executed during a session, and/or put notifications in place when specific commands are executed.
Restricted commands are limited to Windows® and *nix platforms. The restricted command functionality also requires a DPA.
To configure restricted commands you must perform the following steps:
• Add a restricted command profile (From /tpam | Management | Profile Management | Select Restricted Command from dropdown)
• Add restricted command profile to an access policy (From /tpam | Management | Access Policies)
• Assign access policy to a user or group for a system or account.
• Enable "Capture Events" on the PSM account "General" tab
More information is available in the TPAM 2.5 Administration Guide under the "Restricted Commands" chapter.
IMPORTANT: Restricted commands cannot always detect and terminate a command when it is executed. It is possible that some commands complete execution before TPAM has time to detect them. If the feature to stop the process before it is executed is needed for Unix/Linux please review another product "Privilege Manager for Unix"