Skip to main content
Version: Axidian Privilege 2.10

Creating a Permission

Permissions allow AD users to open sessions.

To create a permission:

  1. Go to Permissions section.
  2. Click Create.
  3. In the opened wizard select Organizational Unit, Users, Resources, Account, Time Restrictions and Additional Permission Options.
caution

To be able to manage permissions you need the PERMISSIONS MANAGEMENT privileges (Permission.Create, Permission.Read, Permission.Revoke, Permission.Suspend).

Organizational Unit

Select organizational unit the resource is located in.

note

This wizard section will not be displayed when a permission is created by the local administrator of this organizational unit.

User

Select a user or user group.

To select a user:

  1. On the User tab, in the search bar enter NameSurnamePhone number or Email (whole words or partially). Press ENTER or .
  2. Select one or more users.

To select a user group:

  1. On the User Groups tab, in the search bar enter Name or Description (whole words or partially). Press ENTER or .
  2. Select a user group.

Resource

Permissions can be issued for:

To select a resource:

  1. On the Resources tab, in the search bar enter Resource name, DNS or IP (whole words or partially). Press ENTER or .
  2. Select one or more resources.

To select a resource group:

  1. On the Resources groups tab, in the search bar enter Resource group name (whole words or partially). Press ENTER or .
  2. Select a resource group.

To select an ad hoc resource, on the Ad hoc resources tab select connection types that will be available to users to connect to ad hoc resources. Available connection types: RDP, SSH, Telnet.

Account

To access the resource, you can use a local, domain or personal user account.

info

If you have selected more than one resource, then for each of them you need to sequentially select an access account.

To select a local or domain account:

  1. In the search bar enter Account name (whole words or partially). Press ENTER or .
  2. Select account.

To select a personal user account click Continue using user account.

caution

Selecting a local account is not available for ad hoc resources.

You can select only one account for all connection types for ad hoc resources.

Time Restrictions

The settings in this section are optional.

You can set the validity period for the permission — start date and time, end date and time. To do so:

  1. Check Begin and End options.
  2. Select date and time.
info

If the Begin and End options are not set, then the permission will be considered infinite.

caution

Once the permission period expires, the session will be terminated.

You can also set access schedule for the permission. Connection will be available only during the specified hours. It is not possible to use the permission outside the schedule.

  1. Check the Allow access only option.
  2. Set From and To time.
info

If options From and To are not set, then the permission will be valid 24 hours a day.

caution

When the time set in the access schedule expires, the session will be terminated.

Additional Permission Options

The settings in this section are optional.

Credentials

Axidian Privilege allows the administrator to set whether the user is allowed to view the password of privileged accounts that are used in their permissions. To allow, check the Allow user to view account credentials option.

Axidian Privilege allows the administrator to set whether the user is allowed to change the passwords of privileged accounts that are used in their permissions. To allow, check the Allow change account credentials option.

Connection Source

Axidian Privilege allows the administrator to set a specific network from which the user can connect to the resource. To do so, select the network in the Network location sources for incoming connections drop-down menu.

info

If no Network Locations have been added, the only option in the drop-down menu will be No Restrictions.

This means that this permission can be used from any device on the network.

Raising Privileges in SSH Sessions

Axidian Privilege allows the administrator to specify for each permission whether that permission will have access to pamsu or not.

Possible options:

  • Managed by policies — access to pamsu will be provided in accordance with the policy selected for the resource for which permission is created.
  • Allowed — regardless of the policy settings, this permission will provide the access to pamsu.
  • Denied — regardless of the policy settings, in this permission, access to pamsu will be disabled.