Data model¶
Fudo PAM defines five base object types: user, , , and .
User defines a subject entitled to connect to servers within monitored IT infrastructure. Detailed object definition (i.e. unique login and domain combination, full name, email address etc.) enables precise accountability of user actions when login and password are substituted with a shared account login credentials.
is a definition of the IT infrastructure resource, which can be accessed over one of the specified protocols.
defines the privileged account existing on the monitored server. It specifies the actual login credentials, user authentication mode: anonymous (without user authentication), regular (with login credentials substitution) or forward (with login and password forwarding); password changing policy as well as the password changer itself.
directly regulates user access to monitored servers. It specifies available protocols’ features, policies and other details concerning users and servers relations.
determines server connection mode (proxy, gateway, transparent, bastion) as well as its specifics.
Proper system operation requires configuration of servers, users, listeners, accounts and safes.
Warning
Data model objects: safes, users, servers, accounts and listeners are replicated within the cluster and object instances must not be added on each node. In case the replication mechanism fails to copy objects to other nodes, contact technical support department.
Objects relations chart
Safe is the central data model object. It regulates access to monitores servers by specifying privileged accounts on monitored servers along with the listeners which determine the actual connection parameters (e.g. IP address, port number) depending on the given protocol. This kind of data model allows for optimal objects’ management. A given server can be accessed differently as defined by the listener. A safe groups accounts enabling convenient control over access to monitored resources.
Related topics: