Documentation Index

Fetch the complete documentation index at: https://docs.senhasegura.io/llms.txt

Use this file to discover all available pages before exploring further.

About executions in EPM macOS

Prev Next

EPM macOS allows users to run applications or commands with elevated permissions (SUDO), according to access policies previously defined in the Segura® Platform. This feature provides flexibility and control, ensuring that critical activities are securely audited and authorized.

What is privilege elevation

Privilege elevation is the process that allows a user to perform specific actions within running applications or executing commands with temporary and controlled administrative permissions. In the context of EPM macOS, this elevation is managed by the agent installed on the user’s device and is subject to permissions defined by the administrator in the Segura® Platform.

Features

  • Centralized control of execution permissions.
  • Full audit of privileged actions.
  • User-friendly interface in the agent for requests and notifications.
  • Integration with approval workflows (when configured).

Applicability

Privilege elevation can be applied in various usage scenarios, such as:

  • Execution of applications that require elevated privileges for specific tasks (e.g., writing to protected directories or changing system settings).
  • Temporary system maintenance by authorized users.

Types of execution

EPM macOS offers the following types of execution:

Direct execution without approval

The user runs an application or command directly whom no need is privileged permission, with no need for justification or approval flow. This mode is suitable for low-risk activities and no need to be specified on Admin Web Interface.

Execution with mandatory justification (For graphical applications)

Before execution, the agent requires the user to provide a written justification. Once completed, the action is allowed without additional approval. This model is ideal for activities that require traceability but not formal approval.

Execution with approval flow (For graphical applications)

The user must fill out a form including a justification and a time window (start and end date/time). The request is sent to the Segura® Platform and must be approved by one or more administrators, according to the configured policy. Execution will only be allowed after approval and within the defined time window.

Info

The approval workflow is associated with an application execution and not with an authorization right that an application requires.

Basic flow

  1. The user attempts to run a controlled application.
  2. The Client checks for a corresponding access policy.
  3. Depending on the policy configuration:
    • Execution is allowed directly.
    • The agent requests a justification.
    • The agent displays a request form with a justification and execution window.
  4. If approval is required, the request is submitted to the Segura® Platform.
  5. After approval (if applicable), the execution is allowed within the defined window.
Digital sovereignty is a fundamental right for citizens, institutions, and society. That’s why we work every day.
Connect With Us
SEGURA
LEARN
EXPLORE
Copyright © Segura. All Rights Reserved