By Greg Keller Posted June 26, 2014
Many server jobs or tasks are for other parts of the organization like reports for marketing, or billing. As IT ops folks, we are constantly building scripts and jobs to execute tasks, often for others! Unfortunately, we are also tasked with running them ourselves and handing over the results to those that need them. This scenario happens all too often in IT organizations.
At JumpCloud, we’re focused on Directory-as-a-Service® – our platform to centrally manage users and execute tasks on devices. These scenarios (among many others) are a great example of how to leverage our new “roles functionality.” Here’s what you can do with it. As an ops pro, you can set up jobs or tasks within our commands tab – these tasks can be as simple or complex as you want. Then, assign them to the folks that you want to be able to “execute” them. Those folks will be able to login to JumpCloud and will see what tasks they can execute.
As “command runners,” these folks won’t have the ability to create or modify your jobs, but they will have the ability to run them and see the results. This is ideal to give other parts of the organization a mechanism to execute tasks across servers, but also gives you guardrails. Your command runners won’t make mistakes or accidentally change things. And, you won’t have to run tasks for your colleagues.
This allows you to hand off the execution of on demand tasks to the task owners, keeping a precious senior administrator or developer away from running reports or running simple repair or recovery scripts, and allows less technical users to get what they need, when they need it, rather than interrupting someone else who has better things to do. And, you get full auditing capability as well!
Let’s take a look at how to do it in JumpCloud:
- Login as a JumpCloud Administrator
- Select “Administrators…” of the upper-right “user” menu
- Click “Create Admin”, add the user’s email and set their role to “Command Runner”
4. Next, create a command, and select the new Command Runner user under the Administrators/Command Runners area:
Now, when you save this command, only Administrators, and “email@example.com” will be able to run it. And, a Command Runner won’t see any other commands, nor will she be able to change anything about the command.
This means you can create automated processes, and easily share them in a safe way, with full auditing, and no one has to touch a command line. This is a panacea for allowing your finance or marketing people to run reports or start batch jobs, or for your IT help desk to be able to apply a known and automated fix that would otherwise require a system administrator. Sound like an interesting capability? Give it a shot yourself by starting a free 30-day trial. And, check out our other Directory-as-a-Service capabilities, including hosted LDAP, WiFi authentication, central user management, True SSO, multi-factor authentication, and more.