After you've installed the Centrify Client on a system, you can use both roles and conditional access rules to control access to that system.
By default, users aren't authorized for access to a system where the client is installed. You explicitly grant the permission to log in to a system by granting the AgentAuth permission for a user or role. You can set up roles to leverage the groups that you've already defined in your directory sources. Also, you use the system's Permissions tab to create, modify, and review the permissions for a specific system. The built-in reports can show you who has access to which systems.
You can also define conditional access rules to grant access based on a variety of factors, such as day of the week, time of day, and so forth.
By using role-based access control and conditional access rules, you can set up a robust set of rules for access control.
For details about the following topics, see the links below: