Assigning a user to partitions
It is the responsibility of the Asset Administrator to select one or more users to manage the assets and accounts in a partition. Assigning a user to a partition makes that user the delegated owner of that partition, giving that person authorization to manage the assets and accounts in that partition. A delegated partition owner has a subset of the permissions that an Asset Administrator has. For more information, see Administrator permissions.
To assign a user to partitions
- Navigate to Administrative Tools | Users.
- In Users, select a user from the object list and open the Partitions tab.
- Click Assign Partition(s) from the details toolbar.
- Select one or more partitions from the list in the Partitions selection dialog and click OK.
If you do not see the partition you are looking for and are an Asset Administrator, you can click Create New in the Partitions dialog. For more information about creating partitions, see Adding a partition.
Adding a user to entitlements
It is the responsibility of the Security Policy Administrator to add users to entitlements. When you add users to an entitlement, you are specifying which people can request access governed by the entitlement's policies.
To add a user to entitlements
- Navigate to Administrative Tools | Users.
- In Users, select a user from the object list and open the Entitlements tab.
- Click Add Entitlement from the details toolbar.
- Select one or more entitlements from the list in the Entitlements selection dialog and click OK.
If you do not see the entitlement you are looking for and are a Security Policy Administrator, you can click Create New in the Entitlements dialog. For more information about creating entitlements, see Adding an entitlement.
Linking a directory account to a user
It is the responsibility of the Security Policy Administrator to link directory accounts to a user. Once linked, these linked accounts can be used to access assets and accounts within the scope of an access request policy.
To link a directory account to a user
- Navigate to Administrative Tools | Users.
- In Users, select a user from the object list and open the Linked Accounts tab.
-
Click Add Linked Account from the details toolbar.
The Directory Account dialog displays, listing the directory accounts available in Safeguard for Privileged Passwords. This dialog includes the following details about each directory account listed:
- Name: Displays the name of the directory account.
- Domain Name: Displays the name of the domain where this account resides.
- Service Account: A check mark indicates the account is a service account.
- Password Request: A check mark indicates password release requests are allowed.
- Session Request: A check mark indicates the account is enabled for session requests.
- Needs a Password: Indicates whether the account needs a password.
- Description: Displays descriptive text about the directory account.
-
Select one or more accounts from the list in the Directory Account selection dialog and click OK.
Related Topic
Adding an account
Modifying a user
The Authorizer Administrator can modify the General information for a user. The User Administrator can modify the General information for a Help Desk User. Other administrators can view information for users.
You cannot modify a directory user's contact information that is managed in the directory, such as Active Directory. If you need to add a valid mobile phone number, use the alternate mobile phone number option on the Authentication tab instead.
NOTE: As a best practice, if you change a user's administrative permissions, ensure the user closes all connections to the appliance (or reboot the appliance) to prevent users from gaining access to information.
To modify a user
- Navigate to Administrative Tools | Users.
- In Users, select a user. Perform the following, as needed.
-
On the General tab, click the Edit icon next to Identity, Authentication, Location, and Permissions or double-click the user's name to open the User dialog and update the information on the tabs.
-
On the User Group tab, the Security Policy Administrator can modify a user's group membership. You can multi-select user groups to add or remove more than one user on a user's group membership.
- On the Partitions tab, the Asset Administrator can delegate partition ownership to a user.
- On the Entitlements tab, the Security Policy Administrator can add the selected user to an entitlement.
- On the Linked Accounts tab, the Security Policy Administrator can add (or remove) linked accounts associated with the user to link the user to an entitlement.
- Right-click the user and select Permissions to change permissions.
-
The Authorizer Administrator and the User Administrator can view or Export the details of each operation that has affected the selected use on the History tab. For more information, see History (user).