How access to computers might change

To manage access to UNIX and Linux servers and workstations, an administrator installs the Centrify agent on each computer and identifies the zone the computer should use. If an administrator has installed the agent on your computer and added your computer to a zone, your computer is a Centrify-managed computer. When you log in to your Centrify-managed computer, the agent checks whether you have been assigned a role for logging in which allows you to log in locally with a password, log in remotely without a password using single sign-on, and run commands in a standard shell or a restricted shell. As long as you have a role assignment that allows you one of those basic login rights, logging in proceeds normally. If you have not been assigned a role that allows you to log in, you will be denied access to the computer.

In most cases, an Active Directory administrator or another delegated administrator will also define rights and roles that enable you to use an account other than your own that has elevated privileges. For example, the administrator might create a role that allows you to manage an Oracle service account using administrative privileges and another role that enables you to use the file transfer protocol (ftp) to connect to another machine.

The administrator is responsible for defining the specific rights that are available in different roles and for assigning those roles to the appropriate Active Directory users and groups. The administrator can also assign selected roles to local UNIX and Linux users and groups.