HPE Community
Operating System - HP-UX
1824976 Members
3857 Online
109678 Solutions
New Discussion юеВ

delegated permission software PowerBroker

 
SOLVED
Go to solution
tom quach_1
Super Advisor

тАО11-17-2006 11:09 AM

тАО11-17-2006 11:09 AM

delegated permission software PowerBroker

Hello all,

I am looking for a software that it could delegate permission to users or IT members on their daily duties.
i am checking one of the product called "PowerBroker" from Symark so far, but would like to know if there is any other choice.
if anyone has known or been using similar software. Please give me your opinion on this issue.
Regards,
Tom
0 Kudos
8 REPLIES 8
tom quach_1
Super Advisor

тАО11-17-2006 11:11 AM

тАО11-17-2006 11:11 AM

Re: delegated permission software PowerBroker

Sorry, forgot to mention my ENV
HP-UX 11.11

Regards,
Tom
0 Kudos
Bill Hassell
Honored Contributor

тАО11-17-2006 12:38 PM

тАО11-17-2006 12:38 PM

Re: delegated permission software PowerBroker

PowerBroker is a well-known product and a lot of people use it on many different platforms. The alternative is sudo which can be downloaded from HP. Configuration can be a challenge at the beginning but once setup, maintenance is easy.


Bill Hassell, sysadmin
0 Kudos
tom quach_1
Super Advisor

тАО11-19-2006 08:40 PM

тАО11-19-2006 08:40 PM

Re: delegated permission software PowerBroker

Thank you Bill,
I am using Sudo now, Would you please give me some advantaces between two products. Sudo is free and PowerBroker costs few thousands.
is it worth to use POwerBroker than Sudo?

Regards,
TOm
0 Kudos
Bill Hassell
Honored Contributor

тАО11-20-2006 12:57 AM

тАО11-20-2006 12:57 AM

Solution

Re: delegated permission software PowerBroker

I haven't used PowerBroker directly but I am going to assume it offers multiple levels of delegation and authority, definitely a simpler interface than visudo/sudoers editing, and something sudo does not offer: restricted file access based on user's need to know or change. It can integrate with LDAP and has keystroke logging to monitor selected user sessions. And logs can be viewed with web pages.

This isn't a sales pitch, just reading the Symark web pages. Like sudo, setup and configuration will take a while and usefulness depends on how much definition is put into the alllowed/restricted config lists.


Bill Hassell, sysadmin
0 Kudos
Yang Qin_1
Honored Contributor

тАО11-20-2006 01:35 AM

тАО11-20-2006 01:35 AM

Re: delegated permission software PowerBroker

Hi, Tom, we are using PowerBroker on our HPUX servers. It was installed for SOX audit.

1. If you have lots of Unix servers to be managed, it is much easier to use PowerBroker than use sudo. You just need a single configuration server to manage the access on all your Unix servers. It is, of course, a single point of failure. If your management server is not reachable, nobody can use PowerBroker on all other servers.

2. It logs everything (commands and output) per session with username as a part of the log file name. This is very helpful when people want to log ftp sessions. It will record all files to be transferred or deleted in a ftp session.

3. If it is not for the audit and you do not have a company policy saying don't use freeware. You can continue to use sudo and save some money for your company.


Yang
0 Kudos
PeterWolfe
Respected Contributor

тАО11-20-2006 03:07 AM

тАО11-20-2006 03:07 AM

Re: delegated permission software PowerBroker

See the white papers section
of the PowerBroker site:

http://www.symark.com/white_papers.htm

for a comparision of PB to sudo.
(Note: Incredibly annoying. You have
to supply personal information
to get the whitepaper). What looks like the same
white paper is freely downloadable
here:

http://www.sans.org/reading_room/analysts_program/PowerBroker_Feb06.pdf?portal=68bef423eef12d37c1b6c4b2fdceff00

Note that Symark commissioned this
paper so read it with that in mind.
0 Kudos
tom quach_1
Super Advisor

тАО11-21-2006 06:43 PM

тАО11-21-2006 06:43 PM

Re: delegated permission software PowerBroker

Thank you for all info.
Regards,
Tom
0 Kudos
tom quach_1
Super Advisor

тАО11-21-2006 06:44 PM

тАО11-21-2006 06:44 PM

Re: delegated permission software PowerBroker

Thank you
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.