I'm back again with another question. I have a number of users with access to a number of hosts. For simplicity, let's assume: - Users User01 through User05 have access to Hosts Host01 through Host05 - Users User06 through User10 have access to Hosts Host01 through Host10
Now I created a User Group "User Group 01" with User01 through User05 in it, a Group "User Group 02" with User06 through User10 in it. I have also created a Host Group "Host Group 01" with Host01 through Host05 in it and a group "Host Group 02" with Host01 through Host10 in it.
I have also created the following rule:
IF ((command IN SSH Session)) Authorize: yes Run Hosts = Host Group 01 Run Users = User Group 01 Stop if authorized
I also set Credentail to Run User@Run Host.
Now I have a few issues with any combination I could come up with: With the above configuration, if I log in as User01, I also get menu entries for User02 through User05, which is not desirable.
If I set Run User to Submit User, I get strange "-@HostXX" entries and "Permission denied" when I select one.
Also, it seem I need to add Credentials for all 10 Hosts for all 10 Users, which turns out to 100 credentials of which 10 are always identical due to authentication against a central database. But entering "Run User@vault" where vault is one Privileged Credential Vault with User01 through User10 in it doesn't seem to work either.