지금 지원 담당자와 채팅
지원 담당자와 채팅

One Identity Safeguard for Privileged Passwords 7.0 LTS - Administration Guide

Introduction System requirements and versions Using API and PowerShell tools Using the virtual appliance and web management console Cloud deployment considerations Setting up Safeguard for Privileged Passwords for the first time Using the web client Home Privileged access requests Appliance Management
Appliance Backup and Retention Certificates Cluster Enable or Disable Services External Integration Real-Time Reports Safeguard Access
Asset Management
Account Automation Accounts Assets Partitions Discovery Profiles Tags Registered Connectors Custom platforms
Security Policy Management
Access Request Activity Account Groups Application to Application Cloud Assistant Asset Groups Entitlements Linked Accounts User Groups Security Policy Settings Reasons
User Management Reports Disaster recovery and clusters Administrator permissions Preparing systems for management Troubleshooting Frequently asked questions Appendix A: Safeguard ports Appendix B: SPP and SPS join guidance Appendix C: Regular Expressions About us

Asset Rules tab (add dynamic asset group)

Use the rule editor controls on the Asset Rules tab of the New Asset Group dialog to define what assets are to be included in the dynamic asset group.

Table 187: Dynamic Asset Group: Asset Rules tab
Property Description

AND | OR

Click AND to group multiple search criteria together; where all criteria must be met in order to be included.

Click OR to group multiple search criteria together; where at least one of the criteria must be met in order to be included.

Attribute

In the first query clause box, select the attribute to be searched. Valid attributes include:

  • Name (default)
  • Description
  • Platform
  • Disabled
  • Tag
  • Discovery Job Name
  • Partition Name
  • Profile
  • Network Address
  • Discovered Group Name (Use this selection to not specify the domain in the search. To specify the domain, select Discovered Group Distinguished Name.)
  • Discovered Group Distinguished Name (Use this selection to specify the search is for the domain to which the group belongs.)
  • Directory Container (If you use the operator Equal, one level is found.)

Operator

In the middle clause query box, select the operator to be used in the search. The operators available depend on the data type of the attribute selected.

For string attributes, the operators may include:

  • Contains (Default)
  • Does not contain
  • Starts with
  • Ends with
  • Equals
  • Not equal

For boolean attributes, the operators may include:

  • Is True
  • Is False

Search string

In the last clause query box, enter the search string or value to be used to find a match.

|

Click to the left of a search clause to add an additional clause to the search criteria.

Click to remove the search clause from the search criteria.

Add Grouping

| Remove

Click the Add Grouping button to add an additional set of conditions to be met.

A new grouping is added under the last query clause in a group and appears in a bordered pane, showing that it is subordinate to the higher level query conditions.

Click the Remove button to remove a grouping from the search criteria.

Preview

Click Preview to run the query in order to review the results of the query before adding the dynamic group.

Adding assets to an asset group

From the Assets tab on the Asset Groups view, you can add one or more assets to an asset group.

To add assets to an asset group

  1. Navigate to Security Policy Management | Asset Groups.

  2. Select an asset group and click View Details.

  3. Open the Assets tab.
  4. Click  Add Asset.

  5. Select one or more assets from the list in the Select assets to add to groups dialog.

    NOTE: Only assets whose platform supports sessions management will be available.

    NOTE: If you do not see the asset you are looking for, depending on your Administrator permissions, you can create it in the New Asset dialog (accessed via the  New Asset button). (You must have Asset Administrator permissions to create assets.)

  6. Click Select Assets to save your selections.

Deleting an asset group

You can delete an asset group. When you delete an asset group, Safeguard for Privileged Passwords does not delete the associated assets.

To delete an asset group

  1. Navigate to Security Policy Management | Asset Groups.
  2. In Asset Groups, select an asset group from the object list.
  3. Click Delete.
  4. Confirm your request.

Entitlements

A Safeguard for Privileged Passwords entitlement is a set of access request policies that restrict system access to authorized users. Typically, you create entitlements for various job functions; that is, you assign permissions to perform certain operations to specific roles such as Help Desk Administrator, Unix Administrator, or Oracle Administrator. Password and SSH key release entitlements consist of users, user groups, and access request policies. Session access request entitlements consist of users, user groups, assets, asset groups, and access request policies.

The Auditor and the Security Policy Administrator have permission to access Entitlements. An administrator creates an entitlement, then creates one or more access request policies associated with the entitlement, and finally adds users or user groups.

Go to Entitlements:

  • web client: Navigate to Security Policy Management | Entitlements

If there are one or more invalid or expired policies, a Warning and message (for example, Entitlement contains at least one invalid policy) displays. Go to the Access Request Policy tab to identify the invalid policy. For more information, see Access Request Policies tab (entitlements).

The Entitlements view displays the following information:

  • General tab (entitlements): Displays the general and time restriction settings information for the selected entitlement.
  • Users tab (entitlements): Displays the user groups or users who are authorized to request access to the accounts or assets in the scope of the selected entitlement's policies. Certificate users are included in the display if the user was created during a Safeguard for Privileged Sessions link and was assigned and used by a Sessions Appliance. The certificate users created during the link can be added to the Users tab but are not there by default.
  • Access Request Policies tab (entitlements): Displays the access request policies that govern the accounts or assets in the selected entitlement, including session access policies.
  • History tab (entitlements): Displays the details of each operation that has affected the selected entitlement.

Use these toolbar buttons to manage entitlements.

  • New Entitlement: add entitlements to Safeguard for Privileged Passwords. For more information, see Adding an entitlement.
  • Delete: Remove the selected entitlement. For more information, see Deleting an entitlement.
  • Edit: Select an entitlement then click this button to open additional information and options for the asset.

  • Create a New Entitlement from the Selected Row: Select an entitlement then click this button to duplicate the entitlement.

  • Export: Use this button to export the listed data as either a JSON or CSV file. For more information, see Exporting data.

  • Refresh: Update the list of entitlements.
  • Search: You can search by a character string or by a selected attribute with conditions you enter. To search by a selected attribute click Search and select an attribute to search. For more information, see Search box.
관련 문서

The document was helpful.

평가 결과 선택

I easily found the information I needed.

평가 결과 선택