01-28-2013 02:20 AM
I'm new to PowerBroker and haven't seen its user manuals on the internet. I have some taks, which need to be done with the help of PowerBroker. Since, I can't use "sudo" for audit reasons, I've to get familiar with PowerBroker soon.
So, I request all you guys to please share the user manuals, admin guides or any documentation you have with you regarding PowerBroker. I went to their site "BeyondTrust", but they don't have any proper documentation.
01-28-2013 07:23 AM
PowerBroker is commercial software, so I would expect that the documentation is copyrighted unless it explicitly says otherwise. Sharing such documentation without an express permission from BeyondTrust would be a copyright violation.
The documentation for open versions of their software would seem to be available here:
There are also the Administration and Installation Guides for the Enterprise versions. If this is not "proper documentation", then I don't know what you're looking for.
(The route from the www.beyondtrust.com main page to that page is just 3 clicks: Support -> Content Library -> Open Source Documentation. )
The current full name of their main product would seem to be "PowerBroker Identity Services" or PBIS for short. There is an open edition of PBIS available for free, and its full documentation is available too. I would expect that most things you can learn from the open version would be applicable to the commercial Enterprise version too.
01-29-2013 01:24 AM
I don't know if the documentation is copyrighted or just a bad practice on beyondtrust's part. Anyways, I went to the open source documentation and couldn't find any useful information. I'm trying to allow a user run a command as root. Its very easy if you use sudo, but I'm not able to do so using PowerBroker.
Any help is greatly appreciated.
01-29-2013 07:01 AM
Looking at the documentation I linked above, it appears that the current versions of PowerBroker only offer tools for AD integration and central management of the sudoers file, at best.
If user wants to become root, s/he will use sudo as usual.
The "Account Management Best Practices" document even specifically mentions sudo:
Any application that runs as a process on a host as a user ID should be run as a local service account. Users should not authenticate as these accounts, but instead should use sudo or a similar process to authenticate as themselves with the authorization to run commands on behalf of the service account.
The Group Policy Administration Guide describes how to create sudo policies. You're still using the standard sudoers file syntax, but you type it to a dialog in a PowerBroker admin GUI:
(Page 16 and onwards, "Create and Test a sudo Group Policy Object")
Then you can use the PowerBroker GUI to apply the sudo GPO to any Linux/Unix hosts you're managing with PowerBroker.
I think the idea is that you should create some groups, write your sudo policies to allow all users in particular group or groups to use commands through sudo, and then assign the appropriate users to those groups using the normal user/group management tools. This is a good way to do things even if you don't have PowerBroker: you can do the same using sudo and local user groups too.
Personally, I've never used PowerBroker but I've heard about it. After browsing through the documentation, it seems considerably less mysterious than before :-)
01-30-2013 12:30 AM
Thank for the suggestion, but I can't use sudo as the system I'm working is strictly controlled and audited externally. I'll keep looking for some easier ways.