Authorizing access for the service user

A service user is a user account associated with a Centrify Client on a managed Linux computer. The credentials associated with this account are used to authenticate the service when it attempts to perform an operation on a server. Therefore registering a computer and authorizing a service user to access registered computers are key to enabling service-to-service password management.

You should note that a connector is not required to register a computer as an account in the Privileged Access Service. However, you must have a connector installed to support:

  • Remote access to computers using secure shell sessions or remote desktop connections.
  • The ability to change local account passwords for service-to-service password management (AAPM).

Therefore, if you want to support remote access or enable service-to-service password management, you must have at least one connector installed.

By default, the service user is assigned the Grant, Edit, and Delete permissions on its registered computer and can be used to set passwords for accounts on that computer. For the service user to get passwords for local accounts or for accounts on another computer, however, you must grant the service user Checkout permission. This additional step is required to support service-to-service password management. For more information about setting and retrieving passwords for service-to-service password management, see Managing passwords for services.