A help desk administrator:
Unlocks accounts for all user accounts.
|
NOTE: Help Desk Administrators can only view the user object history for their own account. |
Navigation | Permissions |
---|---|
Activity Center | View and export user activity events. |
Administrative Tools | Toolbox |
Access to the Users view and the Tasks pane. |
Administrative Tools | Settings: | |
|
Login notification: View only. Set message of the day. |
Administrative Tools | Users |
Set passwords and unlock accounts for non-administrator users. |
The Operations administrator monitors the status of the appliance and can reboot the appliance.
|
NOTE: This user can be a non-interactive user; that is, an automated script or external monitoring system. |
Navigation | Permissions |
---|---|
Activity Center |
View and export appliance activity events. |
Administrative Tools | Toolbox | Access to the Tasks pane. |
Administrative Tools | Settings: |
|
|
View only. |
|
Shutdown or restart the appliance. Run diagnostics on the appliance. Generate a support bundle to assist technical support. View licensing information. View Networking settings. View Time settings. View update history. |
|
Configure backup and retention settings, define archive servers, and manage backups. |
|
View only. |
|
View only - monitor the status of the clustered environment. |
|
View only. |
|
Login notification: View only. Set message of the day. |
|
View only. |
|
View only. |
The Security Policy administrator configures the security policies that govern the access rights to accounts and assets, including the requirements for checking out passwords, such as the maximum duration, if password reasons are required, if emergency access is allowed, and so forth.
This user configures time restrictions for entitlements and who can request, approve and review access requests.
|
NOTE: This user may not know any details about the assets. |
|
NOTE: Security Policy Administrators can only view the user object history for their own account. |
Navigation | Permissions |
---|---|
Dashboard | Access Requests |
Full control to manage access requests. |
Activity Center |
View and export security-related activity events, including access request events. Audit access request workflow. |
Reports |
View and export entitlement reports. |
Administrative Tools | Toolbox |
Access to the Accounts Groups, Asset Groups, Entitlements, Users and User Groups view. Access to the Tasks pane. |
Administrative Tools | Account Groups |
Add, modify or delete account groups. Add accounts to account groups. Assign policies to account groups. |
Administrative Tools | Asset Groups |
Add, modify or delete asset groups. Add assets to asset groups. Assign policies to asset groups. |
Administrative Tools | Entitlements |
Add, modify or delete entitlements. Add users or user groups to entitlements. Define and maintain access request policies. Assign policies to entitlements. |
Administrative Tools | Settings: |
|
|
Add, modify, or delete reason codes. |
|
Add, modify, or delete application registrations. |
|
Configure Approval Anywhere service for access request approvals. |
|
Login notification: View only. Set message of the day. |
Administrative Tools | Users |
Add users to user groups. Add users to entitlements. Link directory accounts to a user. |
Administrative Tools | User Groups |
Add, modify or delete local user groups. Add local or directory users to user groups. Assign entitlements to user groups. |
The user administrator:
|
NOTE: Also has Help Desk Administrator permissions. |
|
NOTE: User Administrators cannot modify administrator passwords, including their own. |
|
Important: User Administrators can change the permissions for their own account which may affect their ability to grant Help Desk Administrator permissions to other users. When you make changes to your own permissions, they take effect next time you log in. |
Navigation | Permissions |
---|---|
Activity Center |
View and export user activity events. |
Administrative Tools | Toolbox |
Access to the Users and User Groups view. Access to Tasks pane. |
Administrative Tools | Settings: | |
|
View only. |
|
Login notification: View only. Set message of the day. |
Administrative Tools | Users |
Add, modify, delete or import local and directory users. Set passwords and unlock accounts for non-administrator users. Enable or disable non-administrative users. Set Help Desk Administrator permissions. |
Administrative Tools | User Groups |
Add or delete directory groups, if a directory has been added to Safeguard for Privileged Passwords. |
© 2021 One Identity LLC. ALL RIGHTS RESERVED. Feedback Terms of Use Privacy