dzdo

Showing results for 
Search instead for 
Do you mean 
Reply
Participant I
Posts: 1
Registered: 2 weeks ago
#1 of 2 96

dzdo

Hi All,

 

We need to provide root access to technical users to perform application setup.

we would like to check any feasibility to to provide previlege access to user with DZDO and this access should be revoked after certain time.

 

Suppose if we provide root access to a technical user through DZDO, the previlege access should be expired after  7 days or 10 days.

 

Regards,

NK

Highlighted
Centrify Guru I
Posts: 2,386
Registered: ‎07-26-2012
#2 of 2 79

Re: dzdo

[ Edited ]

@NK746072,

 

 

Welcome to Centrify.

Absolutely doable.  dzdo is an enhanced version sudo to leverage Centrify DirectAuthorize data in the zone in AD.

It was designed to support temporary access controls.  The concepts to understand are these:

 

In UNIX-like systems, Roles consist  of PAM acesss rights (how the user accesses the system) and commands (executed by using dzdo).  Roles can be time-bound (e.g. rights effective at a certain day/time).  Role assignments (the association of a role to a user or group principal) can be time-scoped.  See screenshots below:

 

Access Manager - time bound combos.png

 

Role assignments can happen manually, programmatically or based on AD group membership.

 

For more information:  https://community.centrify.com/t5/Centrify-Infrastructure-Services/FAQ-What-is-DirectAuthorize-dzdo-...

 

R.P

Want to learn more about practical Centrify examples? Check out my blog at http://centrifying.blogspot.com
Follow Centrify: