Enable and Configure Role Based Policy

Before continuing the deployment, you must first configure policy.

This can be done after deployment is complete, but with it in place, this policy will be immediately synced when the secondary is in place, rather than re-synched later.

First, navigate to the Policy landing page. Select the policy primary from the Policy Management grid.

In the Registry Name Service (RNS) deployments, you only write changes to primaries. If you had chosen a secondary, the policy would not be available for editing.

When you left-click on a policy, you are redirected to the Server Details interface, which will allow you to enable and configure Role Based Policy (RBP).

Enable RBP

To Enable RBP, Quick Actions > Configure PMUL Settings.

Click the Quick Actions dropdown and select Configure Privilege Management for Unix & Linux Settings.

The Policy Mode can be switched by clicking the blue Enable Role Based Policy button.

Next, click Enable Role Based Policy.

 

Configure RBP

The Role Based Policy tile allows you to manage PMUL Role Based Policies.

After you swap modes, select Server Details at the top of the page to configure a policy. Click the Role Based Policy tile to access more options.

 

Add Command Group

Click the What tile to add and edit command groups.

Command groups are added when the user wishes to designate a list of commands that are allowed or rejected for a specific set of users.

To add a command group:

  • From the available tiles, click the What tile to move to the Command Groups page.
  • In the Command Groups grid, click Add Command Group to reveal the Command Groups card.

 

Type the Command Group Name in the field under Command Groups.

With the Command Groups card revealed, type the desired command group name into the Command Group Name field, as well as any command group description you may want to add into the Command Group Description. Click Save to confirm your changes.

Commands are added to a Command Group by entering each item under the Commands section.

  • To delete an individual command, click the Delete icon beside the command.
  • Otherwise, to delete an entire command group, click the Delete button that appears after a command group has been created.

 

For example, a user may wish to add a list of basic commands consisting of ls, date, whoami, and id. Create a command group called Basic Commands, and add each of the previous commands to the command group.

Create New Users

Users and User Groups determine who the role will be applied to.

Next, you'll need to choose users and add a new secure user.

To create a new user:

  • Navigate back to the RBP grid and select the Who tile.
  • In the Users grid, click Add User / Group to reveal the dropdown menu.
  • There are multiple types of user-creation options available to choose from, but for this guide select the Secure User option.

 

Select the Users and Groups option to freely enter a username in the Username field.

With the Users and Groups card revealed, type the desired username into the field, as well as any description you may want to add into the Description field, and click Save Changes.

  • Names entered into the Username field are entered freely.
  • The username should now be visible in the Users grid.

A username can be edited or deleted at any time by left-clicking the username in the Users grid.

 

Create New Roles

Select the Roles tile to apply and modify roles that define core policy behavior.

Finally, create a new Role. Make sure to use root as the run user and the command group for your commands.

To create a new role:

  • Navigate back to the Role Based Policy tile. Go to the Policy landing page, left-click the policy, and then select the Role Based Policy tile again.
  • From there, select the Roles tile.
  • From the Roles grid, click Add Role to reveal the expanded Roles card.
  • Create a new Role Based Policy role, and click Create to finalize your changes.