Defining rights and roles using Access Manager

When you install authentication, privilege elevation, and audit and monitoring services, you choose the components you want to enable. For identity and privilege management, the key component for administration is the Access Manager console. Although there are other ways to define and manage access rights, roles, and role assignments, Access Manager is the primary tool for managing all of the Centrify information stored in Active Directory. With Access Manager, you can:

  • Create and manage zones to control access to all of the computers you support, including Windows, UNIX, Linux, and Mac OS X computers.
  • Set and modify specific types of access right for users and groups.
  • Add and customize the role definitions available in different zones, including any time restrictions on when roles are available or cannot be used.
  • Assign and manage roles for individual Active Directory user or Active Directory groups.
  • Associate groups of computers that share a common function or attribute with users who have a specific role assignment.
  • Generate and view reports describing the users, groups, computers, and applications you are managing and which users and groups have access to which computers.
  • View and manage licenses for servers and workstations.