Sales: +91 96000 06934
- Support
Giving someone access to a server has always meant giving them broad access to that server. A developer who needs to restart a service technically has access to do far more; view files, run scripts, modify configurations; even if that was never the intention.
Granular Access Control changes this. Administrators define a permitted command list for each user on each SSH server. If a command is not on the list, it cannot be executed; regardless of the user's system privileges.
Most privileged access decisions are binary: a user either has access to a server or they don't. This works as a starting point but fails as a control, because the moment access is granted, the scope of what a user can do is effectively unlimited by the access decision alone.
This creates a persistent gap between intended access and actual access. A contractor brought in to perform a specific task has, by virtue of their SSH credentials, access to everything on that server. A junior developer given production access for a defined purpose has no technical boundary preventing them from going beyond it.
Permitted command lists, enforced in real time.
Administrators define a permitted command list for each user on each SSH server, directly from the Akku Admin Console. The configuration is per user, per server, meaning different users on the same server can have different permitted command sets, and the same user on different servers can have different permissions.
When the user opens an SSH session through AkkuReka, the command restrictions are enforced in real time. As the user executes commands, each one is checked against their permitted list. If the command is permitted, it executes normally. If it is not on the list, it is blocked at the point of execution; the user cannot run it, regardless of their underlying system privileges on the server.
This enforcement happens at the AkkuReka session layer, no changes to the target server are required, and no agent needs to be installed on the server itself.
Granular Access Control is designed to work alongside SMART Audit Trails. Every command executed is logged with a precise timestamp, creating a complete record of what the user did.
Safe delegation to contractors and third parties
External parties can be given SSH access scoped precisely to the tasks they need to perform. They cannot exceed that scope; technically, not just by policy. The permitted command list is the boundary, and it is enforced automatically.
Least-privilege enforcement at the command level
Role-based access control determines which servers a user can access. Granular Access Control determines what they can do once inside. Together they close the gap between access and authorised use.
Reduced insider risk
Accidental misconfiguration and deliberate misuse both depend on the ability to run commands beyond a user's intended scope. When that ability is removed at the session layer, the risk is reduced materially, not just by policy.
Audit evidence of scope enforcement
Compliance frameworks that require least-privilege enforcement ask for evidence, not just policy statements. Granular Access Control, combined with SMART Audit Trails, produces a logged record of every command executed; exportable as compliance evidence.
Granular Access Control defines the boundary. SMART Audit Trails record everything that happened within it, including everything that was attempted outside it.
Together they provide two things that neither delivers alone: enforcement of the intended scope of access, and a complete, timestamped record of how that scope was respected or tested.
Akku's isolated network model directly addresses requirements across:
Akku PAM is built for IT and security teams who need clear answers about how privileged access works, what the product does, and what it means for your infrastructure and compliance posture.
If you have a question that isn't covered here, please and we will be happy to address your queries.