Least privilege is not just about who connects — it is about what they can do once connected. Wardengate evaluates commands and connection patterns at the gateway before they reach production.
Shell history on a target can be altered. Database audit plugins miss ad-hoc clients. Gateway-side filtering sees every command and query in the brokered stream — tied to identity and policy version — before execution completes on the target.
Define allow and deny lists per role, target class, or session type. Block destructive patterns — rm -rf, DROP DATABASE, kubectl delete — or require approval for matches. Regex and literal rules combine; deny wins. Operators see a clear rejection with policy reference, not a silent failure.
Restrict which source networks, client tools, or time-of-day windows may initiate sessions. Pair with JIT grants so standing connection rights never accumulate. Vendor identities get tighter connection ACLs by default — shorter sessions, fewer protocols, mandatory recording.
High-risk commands can pause the session and route an approval ticket to ServiceNow or your ITSM. The approver sees session context — who, what target, which command — before release. Approved actions are recorded with approver identity for audit export.
Related guides
Layered control plane: gateway connectors, policy engine, recording pipeline, and audit store.
Standalone, active/standby, horizontal scale, and multi-region gateway — when each fits.
Fifteen-minute path from install to a brokered, recorded, identity-bound session.
How users, targets, accounts, protocols, and time windows combine into enforceable grants.
Ready to evaluate?
Walk through gateway brokering, recording, and audit exports in a working session — or start with the interactive demo.
