Granular Access Control

Achieve your security goals with granular access control


IT security teams are challenged with a double-edge sword: They have to protect sensitive data while enabling users across the organization to maintain productivity. Core Privileged Access Manager (BoKS) enables you to bridge this gap with granular privileged access management.

As a result, your organization can become more secure, simplify your approach to meeting compliance requirements, and increase overall operational efficiency.

Core Privileged Access Manager (BoKS) improves your security posture by enabling you to implement fine-grain security controls across your Linux/Unix infrastructure.

  • Define and enforce who is granted elevated privileges, when, from where, and how
  • Control which commands can be executed by privileged users, (“SUDO”) and audit privileged activity
  • Implement granular assignments for who can switch sessions ("SU”)
  • Assign groups of commands instead of giving open root access to all commands
  • Use policy to define which SUDO sessions are keystroke logged based on risk and user
  • Remove the need for distribution of sudoers files with configuration management solutions or scripts


Access Control Types


Core Privileged Access Manager (BoKS) provides separate access policy control choice definitions for the following access types

  • Console login
  • Secure shell (SSH)
  • Secure file transfer (SFTP)
  • Secure command execution (SSH Exec)
  • Secure remote command execution (SSH REXEC)
  • SSH proxy
  • SSH tunneling
  • SSH X11
  • Privileged switch user (SU)
  • Privileged command execution (SUEXEC)--a functional equivalent of SUDO

     The solution also features legacy support for unsecure access types, to be enabled with control mitigations

  • Serial Port login
  • Telnet
  • FTP
  • RSH
  • RCP

How We Help You Gain Control

Leverage an Easy-Access Web Portal

Implement TLS Encryption

Utilize Web-Based Task Management

Perform user and host admin tasks in the web-based user interface

Benefit from Sub-Administration Controls

Access Control Constraints


All granular access control rules include the ability to put constraints in place for each rule based on how they operate

  • Which host group or host to connect to
  • From which host or network the user can attempt to connect from
  • Time of day range
  • Day of the week range
  • Which authentication method(s) should be in place to verify the user
  • The depth of keystroke logging, if applicable

Authentication Methods

authentication methods

Core Privileged Access Manager (BoKS) can be used with a wide variety of authentication methods. However, not all methods apply to all access rule types.

  • User password
  • Password of target account (e.g., when using SU or SUEXEC)
  • SSH user key
  • SSH host key (secure and auditable)
  • SSH X.509 user certificate authentication
  • SSH X.509 host certificate authentication
  • Kerberos session key authentication
  • X.509 certificate authentication (soft token)
  • PKI certificate-based authentication with SMART CARD or USB token
  • Biometric API authentication unlocking PKI SMARTCARD token
  • Radius user password/pin authentication

What Granular Access Controls Means to You

BoKS ServerControl - Quickly Meet Compliance

Meet Compliance Quickly

Quickly meet the access/authorization regulations required by SOX, HIPAA, GLBA, PCI DSS, FDCC, and FISMA.

BoKS ServerControl - Reduce Admin Overhead

Reduce Admin Overhead

Achieve efficiency and scalability in how your team assigns access controls.

BoKS ServerControl - Prevent Breaches

Prevent Breaches

Access Control definitions must be explicitly defined in policy, otherwise access attempts will be blanket-denied and terminated in a Core Privileged Access Manager (BoKS) domain.

See Core Privileged Access Manager (BoKS) in action

Watch how Core Privileged Access Manager (BoKS) enables granular access controls in our product demo.