Powertech Identity & Access Manager (BoKS)

Granular Access Control

Achieve your security goals with granular access control

Granular Access

IT security teams are challenged with a double-edge sword: They have to protect sensitive data while enabling users across the organization to maintain productivity. Powertech Identity & Access Manager (BoKS) enables you to bridge this gap with granular privileged access management.

As a result, your organization can become more secure, simplify your approach to meeting compliance requirements, and increase overall operational efficiency.

Powertech Identity & Access Manager (BoKS) improves your security posture by enabling you to implement fine-grain security controls across your Linux/Unix infrastructure.

  • Define and enforce who is granted elevated privileges, when, from where, and how
  • Control which commands can be executed by privileged users, (“SUDO”) and audit privileged activity
  • Implement granular assignments for who can switch sessions ("SU”)
  • Assign groups of commands instead of giving open root access to all commands
  • Use policy to define which SUDO sessions are keystroke logged based on risk and user
  • Remove the need for distribution of sudoers files with configuration management solutions or scripts


Access Control Types


Powertech Identity & Access Manager (BoKS) provides separate access policy control choice definitions for the following access types

  • Console login
  • Secure shell (SSH)
  • Secure file transfer (SFTP)
  • Secure command execution (SSH Exec)
  • Secure remote command execution (SSH REXEC)
  • SSH proxy
  • SSH tunneling
  • SSH X11
  • Privileged switch user (SU)
  • Privileged command execution (SUEXEC)--a functional equivalent of SUDO

     The solution also features legacy support for unsecure access types, to be enabled with control mitigations

  • Serial Port login
  • Telnet
  • FTP
  • RSH
  • RCP

Access Control Constraints

All granular access control rules include the ability to put constraints in place for each rule based on how they operate

  • Which host group or host to connect to
  • From which host or network the user can attempt to connect from
  • Time of day range
  • Day of the week range
  • Which authentication method(s) should be in place to verify the user
  • The depth of keystroke logging, if applicable

Authentication Methods

authentication methods

Powertech Identity & Access Manager (BoKS) can be used with a wide variety of authentication methods. However, not all methods apply to all access rule types.

  • User password
  • Password of target account (e.g., when using SU or SUEXEC)
  • SSH user key
  • SSH host key (secure and auditable)
  • SSH X.509 user certificate authentication
  • SSH X.509 host certificate authentication
  • Kerberos session key authentication
  • X.509 certificate authentication (soft token)
  • PKI certificate-based authentication with SMART CARD or USB token
  • Biometric API authentication unlocking PKI SMARTCARD token
  • Radius user password/pin authentication

What Granular Access Controls Means to You

BoKS ServerControl - Quickly Meet Compliance

Meet Compliance Quickly

Quickly meet the access/authorization regulations required by SOX, HIPAA, GLBA, PCI DSS, FDCC, and FISMA.

BoKS ServerControl - Reduce Admin Overhead

Reduce Admin Overhead

Achieve efficiency and scalability in how your team assigns access controls.

BoKS ServerControl - Prevent Breaches

Prevent Breaches

Access Control definitions must be explicitly defined in policy, otherwise access attempts will be blanket-denied and terminated in a Powertech Identity & Access Manager (BoKS) domain.

See Powertech Identity & Access Manager (BoKS) in action

Watch how Powertech Identity & Access Manager (BoKS) enables granular access controls in our product demo.