How to configure X users with access to Y hosts?


I'm back again with another question.
I have a number of users with access to a number of hosts. For
simplicity, let's assume:
- Users User01 through User05 have access to Hosts Host01 through
- Users User06 through User10 have access to Hosts Host01 through

Now I created a User Group "User Group 01" with User01 through User05 in
it, a Group "User Group 02" with User06 through User10 in it.
I have also created a Host Group "Host Group 01" with Host01 through
Host05 in it and a group "Host Group 02" with Host01 through Host10 in

I have also created the following rule:

IF ((command IN SSH Session))
Authorize: yes
Run Hosts = Host Group 01
Run Users = User Group 01
Stop if authorized

I also set Credentail to Run User@Run Host.

Now I have a few issues with any combination I could come up with:
With the above configuration, if I log in as User01, I also get menu
entries for User02 through User05, which is not desirable.

If I set Run User to Submit User, I get strange "-@HostXX" entries and
"Permission denied" when I select one.

Also, it seem I need to add Credentials for all 10 Hosts for all 10
Users, which turns out to 100 credentials of which 10 are always
identical due to authentication against a central database. But entering
"Run User@vault" where vault is one Privileged Credential Vault with
User01 through User10 in it doesn't seem to work either.

Am I misunderstanding the configuration?

blindcoder's Profile:
View this thread: