Privilaged Accounts and the MPS Delegation Model
While this may not be seen directly as a security concern, it is important to discuss potential issues raised by MPS use of Privileged or Overly Permissive accounts. Many common provisioning actions that MPS will perform on behalf of an end user require some level of elevation of privileges. There are a number of reasons for this including some APIs lack proper support for impersonation, restrictions in place for multi-tenancy would prevent such actions, or the action may simply be reserved for administrators. This elevation of privileges is generally performed at a very low level and is limited to only private procedures which cannot be called directly by end users. It is a best practice in HMC to ensure that any procedure that elevates privileges is protected by a calling procedure that checks for appropriate permissions first.
For more information, see: