UPM partitions root authority safely

The ability to partition system administration actions without compromising the security of the root account is an extremely powerful one.

Privilege Manager allows you, the system administrator, to set policies to determine if and when a user request to run a privileged command is accepted or rejected.

Privilege Manager lets you specify:

• Which user(s) can perform particular task
• Which tasks can be run through the system
• When the user can do the task
• On which machine the task can be executed
• From which machine the user may initiate a request to perform the task
• Whether another user’s permission (in the form of a password) is required before the task is started
• Decisions to be made by a program that you supply, which Privilege Manager calls to determine if a request should be accepted or rejected

Many other miscellaneous properties of requests.

Through Privilege Manager Client, each user can request that specific programs can be run on some machine as root (or as another important account such as oracle or admin). Privilege Manager evaluates the request; if accepted, it runs the program, locally or on another target machine, on behalf of the user.

With Privilege Manager, Helpdesk personnel can replace passwords for users or reinstate user accounts. Project members can clear a jammed line printer queue, kill hung programs, or reboot certain machines. Administration staff can print or delete resource usage logs or start backups.

Through partitioning, Privilege Manager allows different users to perform the root actions for which they are responsible, but prevent them from performing actions for which they are not authorized.