Skip to main content
Command reference

security jit-privilege user create

Suggest changes
PDFs

Create a JIT privilege of user

Availability: This command is available to cluster and Vserver administrators at the admin privilege level.

Description

The security jit-privilege user create command creates a just-in-time (JIT) privilege elevation entry for the user which has already been configured.

Parameters

-vserver <vserver name> - Vserver

This is the Vserver of the user for whom you are adding JIT entry. When not set, the default value of Administrative Vserver is used.

-username <text> - Username

This is the username for whom you are adding the JIT entry.

-application <text> - Application

This specifies the application of the JIT entry. When not set, the default value of ssh is used.

[-role <text>] - Role Name

This specifies an access-control role name for the JIT entry. When not set, the default value of admin is used in case of Administrative Vserver and vsadmin is used in case of data Vserver

[-session-validity-period <time_interval>] - Session Validity Period

This specifies the validity period for which the just-in-time (JIT) privilege level will remain elevated. When not set, the value specified in the global JIT settings is used.

[-jit-validity-period <time_interval>] - JIT Validity Period

This specifies validity period within which the user's JIT privilege level can be elevated and/or reset any number of times. The value of this parameter must always be greater than or equal to the value specified for session-validity-period parameter. When not set, the default value is taken from session-validity-period of the global JIT settings.

[-start-time <MM/DD/YYYY HH:MM:SS>] - Start Time

This specific starting date/time in UTC format from which privilege can be elevated. When not set, the default value is the current date and time in UTC format.

[-comment <text>] - Comment

This optionally specifies comment text for the JIT entry.

Examples

The following command creates a JIT entry for user named "jdoe" for Vserver vs1.

cluster1::> security jit-privilege user create -username jdoe -application ssh -role admin -session-validity-period 1h -jit-validity-period 5h -start-time "4/17/2023 14:37:58" -vserver vs1 -comment "This is a JIT entry for jdoe"