Skip to main content
Version: Axidian Privilege 3.4

User Groups

The section presents working with permissions of user groups.

Add Axidian user group

  1. Navigate to the User Groups section and click Add.
  2. Fill in the Name and Description fields.
  3. Click Save.

Add from catalog

  1. Navigate to the User Groups section and click Add from directory.
  2. Enter the directory name and click search-icon.svg.
  3. Select the group and click Save.

Group profile

For each user group, the following are displayed:

  • Users — a list of users who are members of the group.
  • Permissions — a list of granted permissions for the group to connect to resources.
  • Sessions — a list of active, ended, and aborted sessions.
  • Events — records of operations related to the group.

Add users to the group

info

Only for groups created via Axidian Privilege.

To add users to a group:

  1. Open the user group profile.
  2. Go to the Users tab and click Add users.
  3. Select one or multiple users and click OK.
  4. Confirm the selection and click Add.

Add permission

  1. Open the user group profile.

  2. Click Add permission.

  3. (Optional) Select an organizational unit and users or a group of users.

  4. Select the permission parameter:

    • Resources — permission is granted to one or more selected resources.

    • Resource groups — permission is granted to the selected resource group.

    • Ad hoc resources — permission is granted to any resources with the selected connection type, including resources not registered in PAM.

      caution

      A special license is required to grant permission to PostgreSQL and MSSQL resources or groups containing such resources. Before creating a permission, add an account from PostgreSQL Server to PAM. When creating a permission, specify this account.

      For Ad hoc resources, there is one account for all types of connections. Local account selection is unavailable.

  5. Select account for user connection:

    • Select account in PAM — the account under which the user opens a session on the resource.
    • Use user account — no account is specified in the permission.
      The user enters their account login and password on the resource. In RDP and SSH sessions, it is possible to log in using the current Axidian Privilege user credentials.

  6. Configure Time restrictions and click Next.

  7. Configure Permission parameters and click Next.

  8. Enter a description and click Next.

  9. Check the selected data and click Create.

Synchronize user groups with directory

info

Only for groups from directory service.

  1. Open the user group profile.
  2. Click Sync and confirm the action.

Select policy

  1. Open the user group profile.
  2. Click pencil_icon.svg next to the Policy parameter.
  3. Select a policy from the list and click Select.

Remove

  1. Open the user group profile.
  2. Click Remove.
  3. Confirm the action by clicking Remove.

To delete multiple groups, in the User Groups section, select the required groups and click Remove.