Access Groups

You can use access groups to provide roles with management permissions over certain hosts. This can be useful when you want to delegate management of certain hosts to separate users or roles.

The high-level steps for delegating host management involve:

  1. Create an access group.

  2. Put roles into the access group, and set management permissions.

  3. Deploy hosts into the access group.

To create an access group:

  • On the ​Administration→Access groups​ page of the PrivX GUI, click ​Add Access Group​​. Provide the required information and click ​Save​​.

To put roles into access groups, and to set management permissions within the access group:

  1. On the ​Administration→Roles​ page, ​Edit​​ a role to display its settings.

  2. Expand ​Permissions​​, then set the following:

  • Set the ​Access group​​ for this role.

  • Select permissions this role has in the access group. Note that only host-management (hosts-) and connection-management permissions (connections- ) are access-group-specific.

Deploy hosts into the access group:

  • Use a host deployment script to deploy a host to the correct access group. For more information about script-based host deployment, see Script-Based Certificate-Authentication Setup.

  • For hosts in cloud directories, set the host tag ​privx-access-group​ or ​privx-access-group-id​ before adding the directory to PrivX. For more information about host tags, see Configuring Access Using Host Tags.

📘

Note

To change the access group of an already-deployed host, run the host-deployment script with the correct access group on the host.


Did this page help you?