Host-Specific Management Permissions
You can use access groups to provide roles with management permissions over certain hosts. This can be useful when you want to delegate management of certain hosts to specific roles.
The high-level steps for delegating host management involve:
-
Create an access group.
-
Put roles into the access group, and set management permissions.
-
Deploy hosts into the access group.
To create an access group:
- On the Administration→Access groups page of the PrivX GUI, click Add Access Group. Provide the required information and click Save.
To put roles into access groups, and to set management permissions within the access group:
-
On the Administration→Roles page, Edit a role to display its settings.
-
Expand Permissions, then set the following:
-
Set the Access group for this role.
-
Select permissions this role has in the access group. Note that only host-management (hosts-) and connection-management permissions (connections- ) are access-group-specific.
Deploy hosts into the access group:
-
Use a host deployment script to deploy a host to the correct access group. For more information about script-based host deployment, see Script-Based Certificate-Authentication Setup.
-
For hosts in cloud directories, set the host tag privx-access-group or privx-access-group-id before adding the directory to PrivX. For more information about host tags, see Configuring Access Using Host Tags.
Note
To change the access group of an already-deployed host, run the host-deployment script with the correct access group on the host.
Updated about 3 years ago