Applies to: Centrify DirectControl 5.1.0 and higher.
There are users that are still local to the UNIX environment and does not have an account in Active Directory.
How can these local UNIX users be allowed to have access and/or privileges to run specific root like commands via dzdo?
In CentrifySuite 2013 (5.1.0), roles can be assigned to both Active Directory users and local UNIX and Windows users if the role is configured to allow assignments to local users.
Note: This configuration is not available in previous versions of Centrify DirectControl.
In the Centrify DirectManage Access Manager (Centrify DirectControl console in earlier versions):
1) When creating a role, configure it to allow local user account by checking the box: "Allow adding local accounts to this role"
Note: PAM Access and SSH Rights are not applicable to local accounts. A role accept local accounts will not contain any of these rights.
2) To this role, assign the rights (command) to allow for the local UNIX users via dzdo.
3) In the Role assignment, add the local UNIX users account to the role.
For more information on creating Role for local UNIX user account, please refer the documentation :
Administrator’s Guide for UNIX: Chapter 10 - Authorizing users (page 175-178)