Command groups

What are command groups?

Command groups are logical groupings of commands permitted to run on endpoints.

How are command groups useful to my organization?

Command groups enhance control over privileged access by allowing you to define and manage a defined set of commands your users can execute on endpoints.

Create a new command group

1. Click > Endpoint Privilege Management for Linux > Policy.
   The Role Based Policy page displays.
2. Click the What tile.
   The Command Groups page displays.
3. Click Add Command Group.
   The Command Group panel displays.
4. Optionally, select Enable Command Group to enable the group upon saving.
5. Enter a Command Group Name.
6. Enter a Command Group Description.
7. Enter commands for the group:
   • You must enter a Command, which is the command your user enters when using EPM Cloud for Linux.
   • Optionally, you can enter an associated command in the Executed field, which will execute when your user enters the value in the associated Command field.

     📘

     Example

     You want the /bin/bash command to execute whenever the user types bash.
     Command: bash Executed: /bin/bash

8. Click Save.
   The command group saves and displays in the list.

View a command group's details

1. Click > Endpoint Privilege Management for Linux > Policy.
   The Role Based Policy page displays.
2. Click the What tile.
   The Command Groups page displays.
3. Locate the command group you want to view.
4. Click the name.
   The Command Groups panel displays with the command group details.

Enable or disable a command group

1. Click > Endpoint Privilege Management for Linux > Policy.
   The Role Based Policy page displays.
2. Click the What tile.
   The Command Groups page displays.
3. Locate the command group you want to enable or disable.
4. Click the name.
   The Command Groups panel displays.
5. Toggle the Enable Command Group on to enable the group, or off to disable it.

Add a command to a command group

1. Click > Endpoint Privilege Management for Linux > Policy.
   The Role Based Policy page displays.
2. Click the What tile.
   The Command Groups page displays.
3. Locate the command group you want to edit.
4. Click the name.
   The Command Groups panel displays.
5. Enter commands for the group:
   • You must enter a Command, which is the command your user enters when using EPM-L.
   • Optionally, you can enter an associated command in the Executed field, which will execute when your user enters the value in the associated Command field.

     📘

     Example

     You want the /bin/bash command to execute whenever the user types bash.
     Command: bash Executed: /bin/bash

6. Click Save.
   The edits save.

Remove a command from a command group

1. Click > Endpoint Privilege Management for Linux > Policy.
   The Role Based Policy page displays.
2. Click the What tile.
   The Command Groups page displays.
3. Locate the command group you want to edit.
4. Click the name.
   The Command Groups panel displays.
5. Locate the command you want to remove.
6. Click the Delete icon.
7. Click Save.
   The edits save.

Delete a command group

❗️

WARNING

Deleting a command group is an unrecoverable operation.

1. Click > Endpoint Privilege Management for Linux > Policy.
   The Role Based Policy page displays.
2. Click the What tile.
   The Command Groups page displays.
3. Locate the command group you want to delete.
4. Click the name.
   The Command Groups panel displays.
5. Click Delete.
   A confirmation message displays.
6. Click OK.
   The command group is deleted.