Chat now with support
Chat with Support

InTrust 11.3.1 - Deployment Guide

InTrust Deployment Options Performing Extended Deployment of InTrust Extending a Default InTrust Deployment Mapping out Your Environment for InTrust Role-Based Administration of InTrust InTrust Configuration Licensing Sample Deployment and Configuration Scenario

Case Study: Managing Access to Reporting Configuration

Suppose an InTrust administrator creates a task that generates reports on superuser access to Linux hosts. Only users from the Linux01 group can view and modify this reporting task. When a user from the Linux01 group opens InTrust Manager, only the Tasks node and the prepared task with the reporting job are available.

To implement this scenario, be sure to do all of the following:

  • Deny access to all second-level nodes in the InTrust Manager treeview, except the Tasks node.
  • Give the Linux01 group the Read permission on the Tasks node and the task folder that contains the necessary task.
  • Give the Linux01 group the Modify permissions on the task itself.
  • Make sure that account under which the reporting job runs has the Read permission on the nodes of the InTrust server and data stores used by the reporting job.

InTrust Configuration

Configuring Access Rights

During InTrust installation, the following groups are created on the InTrust server:

In addition, access to InTrust configuration is controlled by the following:

These settings are closely related to the role-based administration capabilities of InTrust, that is, help to control who has access to which InTrust objects. Role-based administration feature is disabled by default after the installation. For more information about enabling and using this feature, see the Role-Based Administration of InTrust topic.

InTrust Organization Administrators

InTrust organization administrators are members of a special list maintained in the InTrust configuration database. Accounts included in this list can do the following:

  • Install InTrust servers
  • Override permissions on objects in InTrust Manager (if role-based administration is used in your InTrust organization)

When you install the first InTrust server in the organization, the following accounts automatically become members of this list:

  • The account you are using to run the setup
  • The account of the InTrust Server service (supplied during the setup)

Before you install subsequent servers, you should add all the accounts you are going to use for setup to this list. For that, in InTrust Manager, open the properties of the root node and use the Add and Remove buttons to edit the list.

Caution: If you configured non-dbo accounts to access InTrust databases (as described in the Providing Database Access topic), make sure that the corresponding group is included in the list of InTrust organization administrators.

Related Documents