The Command Control feature provides UNIX and Linux users with controlled access to privileged commands in a secure manner across the enterprise. Command Control enables the complete lockdown of user privilege by providing rules to determine the commands that are authorized to be run, and a powerful account delegation feature that removes the need for common access to the root account.
Command Control provides centralized logging of activity across all platforms, and enables the selective capture of session activity for any user, to the keystroke level, which can be viewed through the Compliance Auditor and reporting features.
Additional features include external scripting that provides the ability to authenticate via third-party security databases or applications, and comprehensive test suite tools that allow the administrator to model and test new rule combinations before committing them to production use.
Section 5.2, Integrating Command Control into User Environments