Found 5 topics related to this tag
Manage sudo rules for privilege escalation control. Sudo rules define which users can execute which commands as other users on specified hosts. Features include RunAs user and group specifications, command and command group targeting, host and host group filtering, sudo options (NOPASSWD, etc.), order-based priority, and integration with SSSD for centralized sudo policy enforcement.
Manage host-based access control rules to restrict which users can access specific hosts and services. HBAC rules enforce fine-grained access policies based on user groups, host groups, and service groups. Features include rule categories (all users/hosts or specific groups), source hosts, service targeting, external host support, and testing capabilities to verify access decisions before deployment.
Manage certificate authority access control lists to restrict which certificate profiles can be used by which users, hosts, or services. CA ACLs enforce policy by controlling profile usage, target principals, and issuing CAs. Features include rule-based access control, profile and CA filtering, user and host category support, and enable/disable capabilities for flexible certificate issuance governance.
Manage HBAC service definitions for use in host-based access control rules. Services represent specific system services (SSH, su, sudo, etc.) that can be controlled via HBAC policies. Features include service creation with descriptions, service grouping for policy management, and integration with HBAC rules for granular service-level access control.
Manage individual permissions in the role-based access control system. Permissions define atomic operations on LDAP objects and attributes. Features include bind type control (permission or all), target filters, attribute restrictions, permission granting and revocation, and integration with privileges for building flexible, least-privilege access control policies.