It is the responsibility of the Security Policy Administrator to define access request policies in SPP.
A policy defines:
- The scope, which may be assets, asset groups, accounts, or account groups.
- The access type, which may be a:
-
Credential access type:
- Password Release
- SSH Key
- API Key
-
Session access type:
- RDP (Remote Desktop Protocol)
- RDP Application
- SSH (Secure SHell)
- Telnet
-
- The rules for checking out passwords, such as the duration, how many approvals are required, and so on.
Considerations
- An access request policy is only assigned to one cluster.
- An access request policy is only used in the entitlement in which it is created. If you delete an entitlement, all access request policies associated with that entitlement are deleted.
To add an access request policy to an entitlement
- Navigate to Entitlements.
- In Entitlements, select to edit an entitlement from the list and open the Access Request Policies tab.
- Click
New Access Policy from the details toolbar.
- In the Create Access Request Policy dialog, provide information in each of the tabs:
Where you add general information about the access request policy as well as specify the type of access being requested.
Where you define the access settings for the selected type of request including allowing users to request passwords from their respective linked accounts.
Where you assign assets, asset groups, accounts, or account groups to an access request policy.
Where you configure the access request policy requester, approver, reviewer settings.