Granular Access Control

Achieve your security goals with granular access control from Core Privileged Access Manager (BoKS)



Bridge the Gap with Granular Privileged Access Management

IT security teams are challenged to protect sensitive data, while also enabling users across the organization to maintain productivity. Core Privileged Access Manager (BoKS) empowers you to bridge this gap with granular privileged access management. As a result, your organization can become more secure, simplify its approach to meeting compliance requirements, and increase overall operational efficiency.

Implement Fine-Grain Security Controls 


Core Privileged Access Manager (BoKS) improves your security posture by enabling you to implement fine-grain security controls across your Linux/Unix infrastructure.

  • Define and enforce who is granted elevated privileges, when, from where, and how
  • Control which commands can be executed by privileged users, (“SUDO”) and audit privileged activity
  • Implement granular assignments for who can switch sessions ("SU”)
  • Assign groups of commands instead of giving open root access to all commands
  • Use policy to define which SUDO sessions are keystroke logged based on risk and user
  • Remove the need for distribution of sudoers files with configuration management solutions or scripts

Types of Access Control


Core Privileged Access Manager (BoKS) provides separate access policy control choice definitions for the following access types:

  • Console login
  • Secure shell (SSH)
  • Secure file transfer (SFTP)
  • Secure command execution (SSH Exec)
  • Secure remote command execution (SSH REXEC)
  • SSH proxy
  • SSH tunneling
  • SSH X11
  • Privileged switch user (SU)
  • Privileged command execution (SUEXEC): a functional equivalent of SUDO

The solution also features legacy support for unsecure access types, to be enabled with control mitigations:

  • Serial Port login
  • Telnet
  • FTP
  • RSH
  • RCP

How You Can Gain Control 

Leverage an Easy-Access Web Portal

Implement TLS Encryption

Utilize Web-Based Task Management

Benefit from Sub-Administration Controls

Access Control Constraints


All granular access control rules include the ability to put constraints in place for each rule based on how they operate:

  • Which host group or host to connect to
  • From which host or network the user can attempt to connect from
  • Time of day range
  • Day of the week range
  • Which authentication method(s) should be in place to verify the user
  • The depth of keystroke logging, if applicable

Authentication Methods 



Core Privileged Access Manager (BoKS) can be used with a wide variety of authentication methods. However, not all methods apply to all access rule types.

  • User password
  • Password of target account (e.g., when using SU or SUEXEC)
  • SSH user key
  • SSH host key (secure and auditable)
  • SSH X.509 user certificate authentication
  • SSH X.509 host certificate authentication
  • Kerberos session key authentication
  • X.509 certificate authentication (soft token)
  • PKI certificate-based authentication with SMART CARD or USB token
  • Biometric API authentication unlocking PKI SMARTCARD token
  • Radius user password/pin authentication

What Granular Access Controls Means to You


Meet Compliance Quickly
Reduce Administrative Overhead
Prevent Breaches

Ready to Start Protecting Your Privileged Accounts?

CTA Text

View our on-demand demo of Core Privileged Access Manager (BoKS) to learn how you can increase security for the privileged accounts in your organization.

Watch On-Demand Demo