With Centrify Clients for Linux, the roles that you define in Centrify PAS become visible as a secondary group in Linux systems. This allows you to control Linux or LXC entitlements by way of secondary UNIX group membership.
For example, say you have two security groups:
You can configure those security groups to be members of a role in Centrify PAS, let's call it pas-sudoers.
groupA & groupB groups = pas-sudoers role
You can then grant permissions to that pas-sudoers role so that the users and groups in that role have Linux system privileges to run su as root, similar to a "wheel" group in UNIX.
The benefits of making Linux groups visible in Centrify PAS roles are:
Centrify PAS simplifies the UNIX identity of the group. In this example, the group name is pas-sudoers and the group ID is automatically set by Centrify PAS.
Ease of integration
Use Centrify PAS as the central, corporate tool and workflow utility to manage group memberships, such as adds, moves, and other changes.
For details, see Setting group visibility for clients.