 Hi, and welcome back to another video in our tutorials around how to secure servers without requiring keys. In this tutorial, now we will manage advanced privileges. Today, when I access my server, I have access to everything. I can list files, I can delete things, I can get through confidential information, and I can do at any time. That's not great. Sometimes you want to have a tighter control around that, and you can do those things using pseudo grants or pseudo entitlements, and also pre-authorizations. I'm going to walk through these configuration and show you how it feels like when you do that. Remember when I was accessing, logging into my servers, I could do everything I wanted. I want to change this, and I can do that going at here my project level. When I go to my project, you're going to see that I have settings in advanced server access, and I can say, for example, that everybody needs pre-authorization. What pre-authorization does, it allows access to users only when they are in a certain window in which you provided that access. I enable that. The other thing I'm going to do just to make sure is, I'm going to edit my group every one and people will no longer be super admins here. I can also do this change. I have a tighter control over what people can do. The other thing I can do is I can create pseudo entitlements stage with no argument. You can add as many comments as you want here. What will happen is that users associated with this command, they can just do certain things you limited here. You can actually associate this when they do the pseudo and they run those comments as hoods. You can really limit what a user can do based on these. Once they're done with that, you can associate with your project. First thing I want to show you is how this project and the time-based access control, pre-authorization is actually limiting what I can do in the server. If I go and log out here and I try to cessation to my server, then I get the MFA, which I'm required to do. But after that, you can see that I cannot access the server because I don't have a pre-authorization. The pre-authorization will be done only if I enter the project and I actually create that manually. What if I get that done automatically again, using integrations with PagerDuty to the tools of your choice? I'm going to allow my access until tomorrow, so I'm going to get a 24-hour window here to work on this server. If I try again to access, you'll see that I'm in. As you can see, pre-authorizations allow me to control tightly what a user can do. It is one of the tools you have in addition to things like the pseudo grants and also super admins. When those are available, you can tightly scope what a user can do in real time, and avoid any kind of access, even if the user is entitled to that specific resource.