Create a Server Access Policy for Unix
Certain commands in Unix are extremely powerful in terms of their magnitude of effect. Misuse of such commands may hamper development, maintenance, production or else create a security threat for confidential information. Sectona PAM provides a solution with its Server Access Policy wherein you can restrict or allow the usage of certain commands for specific User Groups. You can choose these commands from the existing library or add to the Command Repository.
Procedure:
- Login to the system and select PAM from the product navigator.
- Navigate to Policies on the top navigation bar.
- Select Server Access Policy from the sidebar under General.
- Click on the Unix section.
- Click on +Add Server Access Policy. Fill in the essentials (Policy details, User Groups and Parameters) in the form that appears.
- Under Policy Type: (a) choose Allow if you want to allow the user group access only for particular commands.
(b) choose Deny if you want the user group to abstain from accessing certain commands. - Click on Next.
- Select the User Group(s) to whom the policy should apply. If you want to except some users belonging to the selected groups, you can mention them in the Exception User(s) field.
- Click on Next.
- Under Parameters, choose the commands you want to allow/deny access to.
- Click on Next. Verify the policy details and click on Finish.
Refer here if you want to set an expiry date for a Server Access Policy.