Enforce least privilege policies on Unix/Linux super-user accounts

The biggest challenge organizations face today with regards to their super-user and administrator accounts is understanding who is accessing business-critical systems and information, and when they are accessing them. Compliance regulations require control over privileged accounts to prevent exposure of sensitive information to unauthorized users. CyberArk On-Demand Privileges Manager, part of the CyberArk Privileged Account Security Solution, enables organizations to enforce least privilege policies in order to balance security and compliance requirements with operational and end-user needs. The product is built on the CyberArk Shared Technology Platform, delivering scalability, high availability and centralized management and reporting.

CyberArk On-Demand Privileges Manager is a unified access control product, allowing organizations to control and monitor the commands super-users can run based on their role and task at hand. The solution reduces the usage of privileged rights within an enterprise and enforces least privilege policies for superuser rights. CyberArk On-Demand Privileges Manager replaces siloed Unix sudo command with an enterprise-ready, scalable product with unparalleled security as well as enhanced audit capabilities.



  • Granular access control allows users to run privileged commands based on a defined policy or limits super-user permissions, reducing risk of exposure to abuse or error.
  • Flexible policy configuration enables administrators to easily define granular controls for each user by identifying permissible applications, commands, and tasks to be run with elevated rights and defining authentication options for specific users.
  • Active Directory (AD) Bridge capabilities connects Unix accounts to AD through the CyberArk Solution for integrated authentication and provisioning.
  • Seamless integration with SIEM products allows the enrichment of system-wide audit and event management with insight into privileged account activity.
  • Integration with the CyberArk Shared Technology Platform delivers scalability, high availability, centralized management and audit reporting.
  • Out-of-the-box integration with Privileged Account Security products provides complete management, monitoring, recording and secure single-sign-on for privileged accounts.



  • Minimize data breaches and outages associated with uncontrolled access to Unix super-user accounts.
  • Comply with regulations by proving to auditors that super-user privileges are managed, controlled, and secure.
  • Enforce least privilege policies by enabling Unix super-user escalation to enable end-user productivity while ensuring systems are secure.Reduce operating costs and improve productivity of security auditors with centralized audit logs for all privileged account activities.
  • Enable Unix administrators to centrally manage and provision Unix accounts that are linked to AD through the CyberArk platform
  • Significantly reduce help desk calls and Unix management costs
  • Reduce costs with a single solution for least privileges for Unix, Linux and Windows environments.