Privilaged Accounts and the MPS Delegation Model

While this may not be seen directly as a security concern, it is important to discuss potential issues raised by MPS use of Privilaged or Overly Permissive accounts. Many common provisioning actions that MPS Will perform on behalf of an end user require some level of elevation of privilages. There are a number of reasons for this including some APIs lack proper support for impersonation, restrictions inplace for multi-tenancy would prevent such actions, or the action may simply be reserved for administrators. This elevation of privilages is generally performed at a very low level and is limited to only private procedures which can not be called directly by end users. It is a best practice in HMC to ensure that any procedure that elevates privilages is protected by a calling procedure that checks for appropriate permissions first.

For more information, see: