Data model

Fudo PAM defines five base object types: user, server, account, safe and listener.


User defines a subject entitled to connect to servers within monitored IT infrastructure. Detailed object definition (i.e. unique login and domain combination, full name, email address etc.) enables precise accountability of user actions when login and password are substituted with a shared account login credentials.


Server is a definition of the IT infrastructure resource, which can be accessed over one of the specified protocols.


Account defines the privileged account existing on the monitored server. It specifies the actual login credentials, user authentication mode: anonymous (without user authentication), regular (with login credentials substitution) or forward (with login and password forwarding); password changing policy as well as the password changer itself.


Safe directly regulates user access to monitored servers. It specifies available protocols’ features, policies and other details concerning users and servers relations.


Listener determines server connection mode (proxy, gateway, transparent, bastion) as well as its specifics.

Proper system operation requires configuration of servers, users, listeners, accounts and safes.

../../_images/data_modeling.png

Warning

Data model objects: safes, users, servers, accounts and listeners are replicated within the cluster and object instances must not be added on each node. In case the replication mechanism fails to copy objects to other nodes, contact technical support department.

Objects relations chart

../../_images/data_model.png

Safe is the central data model object. It regulates access to monitores servers by specifying privileged accounts on monitored servers along with the listeners which determine the actual connection parameters (e.g. IP address, port number) depending on the given protocol. This kind of data model allows for optimal objects’ management. A given server can be accessed differently as defined by the listener. A safe groups accounts enabling convenient control over access to monitored resources.


Related topics: