Anonymous_User Absent Member.
Absent Member.
445 views

How to configure X users with access to Y hosts?


Hello.

I'm back again with another question.
I have a number of users with access to a number of hosts. For
simplicity, let's assume:
- Users User01 through User05 have access to Hosts Host01 through
Host05
- Users User06 through User10 have access to Hosts Host01 through
Host10

Now I created a User Group "User Group 01" with User01 through User05 in
it, a Group "User Group 02" with User06 through User10 in it.
I have also created a Host Group "Host Group 01" with Host01 through
Host05 in it and a group "Host Group 02" with Host01 through Host10 in
it.

I have also created the following rule:

IF ((command IN SSH Session))
Authorize: yes
Run Hosts = Host Group 01
Run Users = User Group 01
Stop if authorized

I also set Credentail to Run User@Run Host.

Now I have a few issues with any combination I could come up with:
With the above configuration, if I log in as User01, I also get menu
entries for User02 through User05, which is not desirable.

If I set Run User to Submit User, I get strange "-@HostXX" entries and
"Permission denied" when I select one.

Also, it seem I need to add Credentials for all 10 Hosts for all 10
Users, which turns out to 100 credentials of which 10 are always
identical due to authentication against a central database. But entering
"Run User@vault" where vault is one Privileged Credential Vault with
User01 through User10 in it doesn't seem to work either.

Am I misunderstanding the configuration?


--
blindcoder
------------------------------------------------------------------------
blindcoder's Profile: https://forums.netiq.com/member.php?userid=5313
View this thread: https://forums.netiq.com/showthread.php?t=49623

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.