The Security Policy administrator configures the security policies that govern the access rights to accounts and assets, including the requirements for checking out passwords, such as the maximum duration, if password reasons are required, if emergency access is allowed, and so on. This user may not know any details about the assets.
This user configures time restrictions for entitlements and who can request, approve and review access requests.
- Creates account groups, asset groups, and user groups.
- Creates entitlements.
- Configures access request policies.
- Adds users or user groups to entitlements to authorize those accounts to request passwords.
- Can assign linked accounts to users for entitlement access policy governance.
Navigation | Permissions |
---|---|
Dashboard | Access Requests |
Full control to manage access requests. |
Activity Center |
View and export security-related activity events, including access request events. Audit access request workflow. |
Reports |
View and export entitlement reports. |
Administrative Tools | Toolbox |
Access to the Account Groups, Asset Groups, Entitlements, Users, and User Groups view. Access to the Tasks pane. |
Administrative Tools | Account Groups |
Add, modify, or delete account groups. Add accounts to account groups. Assign policies to account groups. |
Administrative Tools | Asset Groups |
Add, modify, or delete asset groups. Add assets to asset groups. Assign policies to asset groups. |
Administrative Tools | Entitlements |
Add, modify, or delete entitlements. Add users or user groups to entitlements. Define and maintain access request policies. Assign policies to entitlements. |
Administrative Tools | Settings: |
|
|
Add, modify, or delete reason codes. |
|
If Safeguard for Privileged Passwords (SPP) is joined to Safeguard for Privileged Sessions (SPS), view the appliance information for the join. |
|
Add, modify, or delete application registrations. |
|
Configure Approval Anywhere service for access request approvals. |
|
If Safeguard for Privileged Passwords is joined to Starling, view the Starling join information. |
|
If Safeguard for Privileged Passwords is configured to use tickets ( |
|
Login notification: View only. Set message of the day. |
Administrative Tools | Users |
Add users to user groups. Add users to entitlements. Link directory accounts to a user. View and export the history of users. |
Administrative Tools | User Groups |
Add, modify, or delete local user groups. Add local or directory users to user groups. Assign entitlements to user groups. |