Admin Access Job
Overview
The Admin Access job enables administrators to manage and control elevated permissions on managed Linux devices, ensuring organizations maintain security and compliance while providing efficient access to critical administrative tasks. Its objective is to provide a secure mechanism for granting and revoking admin(sudo) access to applications or commands on Linux devices enrolled in the system.
To grant admin access to Application or Commands, follow these steps:
- Navigate to SureMDM Console.
- Navigate to Jobs > New Job > Linux > Admin Access.
- Configure the following settings.
Settings Description
| Setting | Description |
|---|---|
| Job Name | Enter the required job name. |
| Select Access | Select access type to grant admin (sudo) permission. i. Admin access by Applications ii. Admin access by Commands |
| Username(s) | Enter username(s) separated by commas to grant admin access for selected applications or commands only to specific users. Leave this field blank for admin rights to apply to all users on the target device. |
Following are the available Access Type options:
i. Admin access by Applications:
Use this option to grant admin(sudo) permission based on Applications.
- Select the Application Name(s) from the list.
- Click Add to move Application Names to the right-side box.
- Select the Password Required option from the right-side box. This will require the user to enter their device login password before they can access the application for which admin privileges are being granted.
- Click Remove to remove the Application Names from the right-side box.
- Admin(sudo) permission to application(s) will not work unless the targeted app(s) are installed.
- Admin(sudo) permission to applications can be granted via Static and Dynamic jobs. SureMDM Agent will compare the changes received from the server and will always apply the most recent one.
- Ensure that the correct username is entered, as admin rights will not be applied if the user does not exist.
ii. Admin access by Commands:
Use this option to grant admin(sudo) permission based on Commands.
The following options are available in the Admin Access by Commands:
- Add - This option allows you to add commands that require admin permissions to be granted.
- Edit - This option allows you to modify the existing commands in the table.
- Delete - This option allows you to delete the existing commands from the table.
- Search - This option allows you to search based on the matching keyword.
Saving and Applying the Job
- Once done, click Save to save the changes. The newly created job will be listed in the Jobs List section.
- Go back to the Home tab and select the Linux device(s) or group(s).
- Click Apply to launch the Apply Job/Profile To Device prompt.
- In the Apply Job/Profile To Device prompt, select the job and click Apply.
Disabling or Revoking Admin Access for Applications or Commands
To disable or revoke admin access for applications or commands, follow these steps:
For Applications:
- Edit an existing job where the admin access for the application has been granted.
- In the right-side table, select the application(s) for which admin access needs to be revoked, and remove them from the list.
- After removing the application(s), save the job.
- Deploy the updated job to the desired target device or group of devices to revoke admin access for the application(s).
For Commands:
- Edit an existing job where admin access for the command has been granted.
- In the table, select the existing command(s) for which admin access needs to be revoked and delete them from the table.
- Save the job after deleting the command(s).
- Deploy the updated job to the desired target device or group of devices to revoke admin access for the command(s).
- This feature is supported on Linux devices with SureMDM Agent version >= 7.4.1.