A Safeguard for Privileged Passwords entitlement is a set of access request policies that restrict system access to authorized users. Typically, you create entitlements for various job functions; that is, you assign permissions to perform certain operations to specific roles such as Help Desk Administrator, Unix Administrator, or Oracle Administrator. Password and SSH key release entitlements consist of users, user groups, and access request policies. Session access request entitlements consist of users, user groups, assets, asset groups, and access request policies. API Key release entitlements consist of accounts and account groups.
The Auditor and the Security Policy Administrator have permission to access Entitlements. An administrator creates an entitlement, then creates one or more access request policies associated with the entitlement, and finally adds users or user groups.
Go to Entitlements:
- web client: Navigate to Security Policy Management > Entitlements
If there are one or more invalid or expired policies, a Warning and message (for example, Entitlement contains at least one invalid policy) displays. Go to the Access Request Policy tab to identify the invalid policy. For more information, see Access Request Policies tab (entitlements).
The Entitlements view displays the following information:
- General tab (entitlements): Displays the general and time restriction settings information for the selected entitlement.
- Users tab (entitlements): Displays the user groups or users who are authorized to request access to the accounts or assets in the scope of the selected entitlement's policies. Certificate users are included in the display if the user was created during a Safeguard for Privileged Sessions link and was assigned and used by a Sessions Appliance. The certificate users created during the link can be added to the Users tab but are not there by default.
- Access Request Policies tab (entitlements): Displays the access request policies that govern the accounts or assets in the selected entitlement, including session access policies.
- History tab (entitlements): Displays the details of each operation that has affected the selected entitlement.
Use these toolbar buttons to manage entitlements.
- New Entitlement: add entitlements to Safeguard for Privileged Passwords. For more information, see Adding an entitlement.
- Delete: Remove the selected entitlement. For more information, see Deleting an entitlement.
Edit: Select an entitlement then click this button to open additional information and options for the asset.
Create a New Entitlement from the Selected Row: Select an entitlement then click this button to duplicate the entitlement.
Export: Use this button to export the listed data as either a JSON or CSV file. For more information, see Exporting data.
- Refresh: Update the list of entitlements.
- Search: You can search by a character string or by a selected attribute with conditions you enter. To search by a selected attribute click Search and select an attribute to search. For more information, see Search box.