Security control (experince)

Below I will list somethings about the system security control:

1:The first is about using the specilist tool to control the system command executation:
  the software is named sudo.
  when the individual account login to the system, the have no permission to check the system with the
  previlidge id, but some command executation need the previlige right, so we can add the commands
  into the sudo configuration so that the individual id can also use the previlige id right to check the system
  this tool is to reduce the "root" id usage counts.
 
2: The second is about the previlige id withdrawing process:
  I will describe how to withdraw the previlige id or the application function id process.
  2.1:
    the application team or the support team ask the 3rd part support team, which is located in HongKng, serviced for
    customer, ask them to open a ticket, tell them this ticket is to folliw one specilist case,
    also should give them the hostname, or server ip address, requst contact number, them if the case have busienss
    or system inpact, last suggest them to assign this ticket to any support team.
  
  2.2:
    the next step is to login the third part system, which called XX system, the system is to manage the previlige id
    or function id, we will sedect which sever I want to check, first input the server ip address,
    then the XX system will show all the account, which are already managed by the tool.
    we select the id which we want to withdraw the password, enter the requsted ticket, as well as the the reason.
    finally, submmit the the request.
   
  2.3:
    the customer XX tool manged team will see your requst, them will revert your requst to the specilist system manager
    in generally speaking, the manager see the reason from the manager tool, they know the reason about the request.
    they will node their head, and approve the requst.
   
  2.4:
    after we got the approval from the system manager, we can see the related id's password, so that
    we can login into the system with some previlige id to check the system or do some action.
   
3: The third thing is also about the using the security tool to control the production server login.
    The ctrix software, which is called virtual mechine, the virtual machine ip address is added to the
    production server's allowhost, this means that only the allowed host can login into the production
    server. Enven you installed the virtual tool in your personal machine, you still can not login into
    the production server.
    With this security login control, when we do some changes or actions, we are only allowed to first
    login to the virtual machine, if we have no permission to login into the virtual machine, then, we
    can not login into next any servers.
   
4: The fourth security is about the Data central access control, the process is about below:
    4.1:
      First, raise a form requst to the datacentral and the manager, try to get the approval.
      in the requst form, the access person name and identify card number is neccessary. which will
      be checked when the indivadual come to the datacenter.
    4.2:
      Second, when the indivual come to the datacenter, show theire ID card is neccessary.