PowerBroker Identity Services version 8.5.5 – new Host Access Control GroupsWith the introduction of PowerBroker Identity Services version 8.5.5, a new feature called Host Access Control Groups has been added which allows access control to be defined by simply adding users and/or groups of users, along with computer accounts and/or groups of computer accounts to an appropriately named native Active Directory Group. The Access Control group in Active Directory is matched using the Access Control Template system, which in turn automatically applies those access control rights to all the server in a given PowerBroker Identity Services Cell (essentially an OU containing one or more *nix servers). This allows the Active Directory administrator that creates and manages users and groups to also control what systems those users can logon to. Example scenario In a database environment, access control is required on a set of hosts running database applications that include the following:
- Group of database server hosts DatabaseServers: dbsrv1, dbsrv2, dbsrv3
- Group of database client hosts DatabaseClients: dbcli1, dbcli2, dbcli3
- Group of database administrator accounts: DatabaseAdmins: dbadm1, dbadm2, dbadm3
- Group of database application user accounts: DatabaseUsers: dbusr1, dbusr2, dbusr
Paul Harper, Product Manager, BeyondTrust
Paul Harper is product manager for Unix and Linux solutions at BeyondTrust, guiding the product strategy, go-to-market and development for PowerBroker for Unix & Linux, PowerBroker for Sudo and PowerBroker Identity Services. Prior to joining BeyondTrust, Paul was a senior architect at Quest Software/Dell. Paul has more than 20 years of experience in Unix/Linux operations and deployments.