As I know , in windows system , there are some privilege group which pre-assigned the specific privilege eg . power user , domain user etc, however , in unix / linux , it seems only have root and general user , if we have webadmin , DBA , system administrator , they should have different privilege to do their work , but now we can not grant a specific privilege to each of them , so it is not easy to trace the log when they have error .

I know some vendor have such solution eg. Beyondtrust PowerBroker , but it seems expensive .

Can advise is there any free or less expensive solution to help it ?

eg. We use RHEL server .

Thx

Hello,

Have a look at sudo, it's free and exactly what you're looking for in my opinion. If you set it up with groups as you require it should fit your needs. Good starting point is the man page:
Kind regards,

Eric

add your own groups and add users too them
then set the SELinux context for them

Kind of depends on how much your data is worth. I can't fault commercial companies when they come up with solutions. I'd like to know more about how they do this and make the claims. It might be that you can replicate it.

Use groups to limit users to certain areas or limit there right on the system , that's what it's there for .. No one except the administrators should have root privileges unless you don't care about security and want to constantly fight hackers and break-ins .