Manage access control
For Linux hosts, root-level privileges are required. Data Collectors require read-only access to execute non-intrusive commands on hosts. It is strongly recommended that a separate login account used strictly for IT Analytics be established and using Active Directory for Windows systems and the sudo command for Linux systems, restrict the commands that IT Analytics can issue. To accommodate this security approach, you can optionally specify access control commands like sudo, sesudo, or pbrun.
See Host Access Privileges, Sudo Commands, Ports, and WMI Proxy Requirements.
Multiple Access Control settings can be created to manage access control commands for Linux hosts. For Linux systems, you must specify the path to an access control command such as sudo in order to execute certain OS commands with root-level privileges.
For additional prerequisite details:
See Host Inventory configuration steps.
To Manage Access Control settings, select:
In the Host Inventory toolbar at the top of the browser window, click .
Add, Edit, or Delete settings using the buttons at the bottom of the window.
Click to configure settings and then click .
Table: Access Control field descriptions.
| Field | Description | Sample Values |
|---|---|---|
|
Domain* |
Select the IT Analytics Domain from the list; for most environments, only one Domain is displayed. Multiple domains facilitate management for Managed Services Providers (MSPs). | |
|
Name* |
Assign a name to identify this Access Control setting. | |
|
Command* |
Linux hosts only: Provide the full path to the access control command, such as , or . See Host Access Privileges, Sudo Commands, Ports, and WMI Proxy Requirements. You can configure sudo to prompt for a password using a custom prompt (the default is "Password"). IT Analytics expects the prompt to be "Password." If the hosts have a custom password prompt, you'll need to specify after the path to sudo. See the example to the right. |
/usr/bin/sudo /user/local/bin/sudo -p Password: |
|
Use for all command* |
Select Yes to have the Data Collector use the access command for all commands. | |
|
Description |
Enter a note to help identify this Access Control setting | |