Adding, Deleting and Configuring Access Policies in TPAM 2.4
In v2.4 we have added Access Policies which allow permissions to be assigned at the System and Account level. Access policies allow permissions to be broken down and assigned at a more granular level. For example you could create one Access Policy that would allow someone to review password releases, request password releases and request a session which would limit them to two commands. In the past you could only have 1 PPM permission and 1 PSM permission but now with Access Policies this has changed. There are default Access Policies that are created in the v2.4 patch that mimic the old TPAM roles of "EGP Requestor", "PAR ISA" etc, so that existing permission assignments are migrated to the new Access Policy model and so that the default Global Groups can be supported.
A full explanation of the following topics can be found in Section 10 of the TPAM Administrator Manual starting on page 15.
10.1 Adding an Access Policy
10.2 Making an Access Policy Inactive
10.3 Reactivating an Access Policy
10.4 Deleting an Access Policy
10.5 Duplicating an Access Policy