The following reports provide local and Active Directory user information.
Report | Description |
---|---|
AD User Conflicts |
Returns all users with Unix User ID numbers (UID numbers) assigned to other Unix-enabled user accounts. By default, it creates this report using the default domain as the base container. Browse to search Active Directory to locate and select a different base container to begin the search. NOTE: This report is available when you are logged on as an Active Directory account in the Manage Hosts role. |
Local Unix User Conflicts |
Identifies local user accounts that would conflict with a specified user name and UID on other hosts. You can use this report for planning user consolidation across your hosts. This report includes the following information:
Use the following report parameters to define the user name and UID number that would cause a conflict with existing local user accounts:
NOTE: This report is available when you are logged on as the supervisor or an Active Directory account in the Manage Hosts role. |
Local Unix Users |
Lists all users on all hosts or lists the hosts where a specific user account exists in /etc/passwd. This report includes the following information:
If you do not define a specific user, it includes all local users on each profiled host in the report. To locate a specific user, use the following report parameters:
NOTE: When you specify multiple report parameters, it uses the AND expression; therefore, ALL of the selected parameters must be met in order to locate the user account. NOTE: This report is available when you are logged on as the supervisor or an Active Directory account in the Manage Hosts role. |
Local Unix Users with AD Logon |
Identifies the local user accounts that are required to use Active Directory credentials to log onto the Unix hosts. This report includes the following information for hosts that are joined to an Active Directory domain:
NOTE: This report only includes hosts joined to an Active Directory domain with a Safeguard Authentication Services 4.x agent. NOTE: This report is only available when the host has Safeguard Authentication Services 4.x or later installed and is joined to Active Directory. You must be logged in with an Active Directory account in the Manage Hosts role. |
Master /etc/passwd List |
Provides a consolidated list of all user accounts from all hosts, excluding any local users marked as system users. This report includes the following information:
You can consolidate the list of user accounts by matching values for accounts across multiple hosts. Accounts found with matching values are listed as a single local account. This list is best used for migrating local users to Active Directory. Indicate how you want to match user accounts by selecting the value parameters that you want to match:
Optionally, you can include the host name for the accounts, as well:
This report is available when you are logged on as the supervisor or an Active Directory account in the Manage Hosts role. NOTE: If you select the Include the host name for accounts option, the management console adds a column to the Master_etc_passwdList .csv file to identify the host for each user account. One Identity provides the Host column information to help you resolve the entries in the file. However, before you import the .cvs file into the Unix Account Import Wizard, you must remove the Host column. You can easily migrate local users to Active Directory by exporting the Master /etc/passwd List report, then importing it into the Unix Account Import Wizard, accessible from the Safeguard Authentication Services Control Center's Tools link. The Unix Account Import wizard is a versatile tool that helps migrate Unix account information to Active Directory. It is especially well-suited to small, one-shot import tasks such as importing all the local user accounts from a specific Unix host. The Unix Account Import Wizard can import Unix data as new user and group objects or use the data to Unix-enable existing users and groups. |
Unix-Enabled AD Users |
Lists all Active Directory users that have Unix user attributes. NOTE:
By default, it creates this report using the default domain as the base container. Browse to search Active Directory to locate and select a different base container to begin the search. NOTE: This report is only available if you have configured the management console to recognize Active Directory objects (see Configuring the Console to Recognize Unix Attributes in AD in the online help), and you are logged on as an Active Directory account in the Manage Hosts role. |
The following reports provide local and Active Directory group information.
Report | Description |
---|---|
AD Group Conflicts |
Lists all Active Directory groups with Unix Group ID (GID) numbers assigned to other Unix-enabled groups. By default, it creates this report using the default domain as the base container. Browse to search Active Directory to locate and select the base container to begin the search. NOTE: This report is available when you are logged on as an Active Directory account in the Manage Hosts role. |
Local Unix Groups |
Identifies the hosts where a specific group exists in /etc/group. This report includes the following information:
If you do not specify a group, it includes all local groups on each profiled host in the report. To locate a specific group, use the following report parameters:
NOTE: The Member contains field accepts multiple entries separated by a comma. Spaces are taken literally in the search. For example, entering:
NOTE: When you specify multiple report parameters (for example, Group Name contains, GID Number is, and Member contains), it uses the AND expression; therefore, ALL of the selected parameters must be met in order to locate a group. In addition, it includes all of the group members in the report by default, but you can clear the Include all group members in report option. NOTE: This report is available when you are logged on as the supervisor or an Active Directory account in the Manage Hosts role. |
Unix-Enabled AD Groups |
Lists all Active Directory groups that have Unix group attributes. NOTE: A Group object is considered 'Unix-enabled' if it has a value for the GID Number. By default, it creates this report using the default domain as the base container. Browse to search Active Directory to locate and select a different base container to begin the search. NOTE: This report is only available if you have configured the management console to recognize Active Directory objects (see Configuring the Console to Recognize Unix Attributes in AD in the online help), and you are logged on as an Active Directory account in the Manage Hosts role. |
The following reports provide user access information.
NOTE: The Access & Privileges reports do not report on users and groups from a NIS domain.
Report | Description |
---|---|
Access & Privileges by Host |
Identifies all users with log-on access to hosts and the commands the users can run on the hosts. This report includes the following information:
Browse to select a host. Optionally, select the Show detailed report option. NOTE: This report is available when you are logged on as the supervisor or as an Active Directory account in the Manage Sudo Policy, Manage PM Policy, Audit Sudo Policy, or Audit PM Policy roles. You must have an active policy group for Privilege Manager to run this report; you can only include hosts that are joined to a policy group. |
Access & Privileges by User |
Identifies the users with logon access to hosts, the commands that user can run on each host, and the "runas aliases" information for that user. This report includes the following information:
Use the following report parameters to specify the user to include in the report:
Browse to select a user. Optionally select the Show detailed report option. NOTE: This report is available when you are logged on as the supervisor or as an Active Directory account in the Manage Sudo Policy, Manage PM Policy, Audit Sudo Policy, or Audit PM Policy roles. You must have an active policy group for Privilege Manager to run this report; you can only include hosts that are joined to a policy group. |
Commands Executed |
Provides details about the commands executed by users on hosts joined to a policy group, based on their privileges and recorded as events or captured in keystroke logs by Privilege Manager. This report allows you to search for commands that have been recorded as part of events or keystroke logs for a policy group and includes the following information:
Use the following report parameters to define details in the report:
NOTE: You can use wildcards in the text string you enter in the Command box, such as * and ?. NOTE: This report is available when you are logged on as the supervisor or as an Active Directory account in the Manage Sudo Policy, Manage PM Policy, Audit Sudo Policy, or Audit PM Policy roles. You must have an active policy group for Privilege Manager to run this report; you can only include hosts that are joined to a policy group. |
Console Access and Permissions |
Lists users who have access to the management console based on membership in a console role and the permissions assigned to that role. This report includes the following information:
NOTE: This report is available when you are logged on as the supervisor or an Active Directory account in the Manage Console Access role. However, when you access this report as supervisor, the management consolerequires that you authenticate to Active Directory. |
Logon Policy for AD User |
Identifies the hosts where Active Directory users have been granted logon permission. This report includes the following information for hosts joined to an Active Directory domain:
Specify the Active Directory users to include in the report:
Browse to search Active Directory to locate and select an Active Directory user. NOTE: The report may show both the Active Directory login name and local user names in the Login Name column for a selected AD user account because an Active Directory user account can have one or more local user accounts mapped to it. NOTE: Only hosts joined to an Active Directory domain with a Safeguard Authentication Services 4.x agent are included in this report. NOTE: This report is available when you are logged on as an Active Directory account in the Manage Hosts role. |
Logon Policy for Unix Host |
Identifies the Active Directory users that have been explicitly granted log-on permissions for one or more Unix computers. This report includes the following information for hosts joined to an Active Directory domain:
Specify the managed hosts to include in the report:
Browse to locate and select a managed host that is joined to Active Directory. NOTE: This report only includes hosts joined to an Active Directory domain with a Safeguard Authentication Services 4.x agent. NOTE: This report is available when you are logged on as an Active Directory account in the Manage Hosts role. |
Policy Changes |
Provides details of changes made to a policy for a Privilege Manager policy group. This report includes the following information:
Select a policy group. Select to:
NOTE: This report is available when you are logged on as the supervisor or as an Active Directory account in the Manage Sudo Policy, Manage PM Policy, Audit Sudo Policy, or Audit PM Policy roles. You must have an active policy group for Privilege Manager to run this report; you can only include hosts that are joined to a policy group. |
The following report provides product licensing information.
Report | Description |
---|---|
Product License Usage |
Provides a summary of all licensing information. This report includes the following information for hosts managed by the console:
|
© 2024 One Identity LLC. ALL RIGHTS RESERVED. 使用条款 隐私 Cookie Preference Center