An asset administrator manages all partitions, assets, and accounts:
Delegates partition ownership to users.
|
NOTE: A delegated partition owner has a subset of permissions that an Asset Administrator has. That is, the delegated partition owner is authorized to manage a specific partition and the assets and accounts assigned to that partition. |
Manages account password rules.
|
NOTE: Asset Administrators can only view the user object history for their own account. |
Navigation | Permissions | ||
---|---|---|---|
Dashboard | Account Automation |
Full control for accounts related to all Safeguard for Privileged Passwords assets.
| ||
Activity Center |
View and export asset activity events. | ||
Administrative Tools | Toolbox |
Access to the Accounts, Assets, Partitions and Users view. Access to the Tasks pane. | ||
Administrative Tools | Accounts |
Add, modify, delete and import accounts. Check, change, and set account passwords. Access password archive. Enable or disable the access request services for an account. | ||
Administrative Tools | Assets |
Add, modify, delete and import assets. Configure and manage asset discovery jobs. Download SSH Key. | ||
Administrative Tools | Partitions |
Add, modify and delete partitions and partition profiles. Set partition as default. Add assets to the scope of a partition profile. | ||
Administrative Tools | Settings: |
| ||
|
Add, modify and delete account discovery settings. | ||
|
Login notification: View only. Set message of the day. | ||
|
Add, modify and delete account password complexity rules. | ||
|
Add, modify and delete change password settings. | ||
|
Add, modify and delete check password settings. | ||
|
Add, modify, and delete password sync groups. | ||
|
View only. | ||
Administrative Tools | Users |
Delegate partition ownership to users. |
The Auditor administrator has read-only access to all features, giving him the ability to review all access request activity:
Navigation | Permissions |
---|---|
Dashboard |
View only. |
Activity Center |
View and export activity events. Audit access request workflow. |
Reports |
View and export entitlement reports. |
Administrative Tools | Toolbox |
Access to all Administrative Tools views and the Tasks pane. |
Administrative Tools | Accounts |
View only. |
Administrative Tools | Account Groups |
View only. |
Administrative Tools | Assets |
View asset discovery jobs. |
Administrative Tools | Asset Groups | View only. |
Administrative Tools | Directories |
View only. |
Administrative Tools | Entitlements |
View only. |
Administrative Tools | Partitions |
View only. |
Administrative Tools | Settings: |
|
|
View only. |
|
View Appliance Information. Run diagnostics on appliance. View licensing information. View Lights Out Management (BMC) settings. View Networking settings. View Time settings. View update history. |
|
View only. |
|
View only. |
|
View only. |
|
View only. |
|
View only. |
|
Login notification: View only. Set message of the day. |
|
View only. |
|
View only. |
|
View only. |
Administrative Tools | Users |
View only. |
Administrative Tools | User Groups |
View only. |
The "permissions" administrator:
|
NOTE: Also has User Administrator and Help Desk Administrator permissions. |
|
Important: Authorizer Administrators can change the permissions for their own account which may affect their ability to grant permissions to other users. When you make changes to your own permissions, they take effect next time you log in. |
Navigation | Permissions |
---|---|
Activity Center |
View and export user activity events, including authentication events. |
Administrative Tools | Toolbox |
Access to the Users and User Groups view. Access to Tasks pane. |
Administrative Tools | Settings |
|
|
View only of directories used for identity and authentication. External Federation and Radius providers can be configured for authentication use. |
|
Login notification: View only. Set message of the day. |
|
Configure user password rules. |
Administrative Tools | Users |
Add, modify, delete, and import users. Set administrator permissions. Set passwords and unlock administrator accounts. Delete administrator users. Enable or disable administrator users. |
Administration Tools | User Groups |
Add or delete directory groups, if a directory has been added to Safeguard for Privileged Passwords. |
The Directory administrator configures and manages directory integration and synchronization including adding directory accounts to make them available for password request policies. This administrator also manages the profiles that govern the password validation and reset settings for the accounts assigned to each directory and which account password rule to use.
Navigation | Permissions | ||
---|---|---|---|
Dashboard | Account Automation |
Full control for accounts related to the directories managed by Safeguard for Privileged Passwords.
| ||
Activity Center |
View and export directory activity events. | ||
Administrative Tools | Toolbox |
Access to the Directories view. Access to the Tasks pane. | ||
Administrative Tools | Directories |
Add, modify or delete directories. Add directory accounts to directories. Enable or disable access request services for directory accounts. Set directory account passwords. Access password archive. Define and maintain directory account discovery jobs. Add and maintain directory profiles. | ||
Administrative Tools | Settings: |
| ||
|
Login notification: View only. Set message of the day. | ||
|
Add, modify or delete directory account password rules. | ||
|
| ||
|
Add, modify or delete directory check password settings. | ||
|
View only. |
© 2021 One Identity LLC. ALL RIGHTS RESERVED. Feedback Terms of Use Privacy