Help Desk administrator permissions
A help desk administrator:
- Sets passwords for non-administrative user accounts.
-
Unlocks accounts for all user accounts.
|
|
NOTE: Help Desk Administrators can only view the user object history for their own account. |
| Navigation | Permissions |
|---|---|
| Activity Center | View and export user activity events. |
|
Administrative Tools | Toolbox |
Access to the Users view and the Tasks pane. |
| Administrative Tools | Settings: | |
|
Login notification: View only. Set message of the day. |
|
Administrative Tools | Users |
Set passwords and unlock accounts for non-administrator users. |
Operations administrator permissions
The Operations administrator monitors the status of the appliance and can reboot the appliance.
|
|
NOTE: This user can be a non-interactive user; that is, an automated script or external monitoring system. |
| Navigation | Permissions |
|---|---|
|
Activity Center |
View and export appliance activity events. |
| Administrative Tools | Toolbox | Access to the Tasks pane. |
| Administrative Tools | Settings: |
|
|
View only. |
|
Shutdown or restart the appliance. Run diagnostics on the appliance. Generate a support bundle to assist technical support. View licensing information. View Networking settings. View Time settings. View update history. |
|
Configure backup and retention settings, define archive servers, and manage backups. |
|
View only. |
|
View only - monitor the status of the clustered environment. |
|
View only. |
|
Login notification: View only. Set message of the day. |
|
View only. |
|
View only. |
Security Policy administrator permissions
The Security Policy administrator configures the security policies that govern the access rights to accounts and assets, including the requirements for checking out passwords, such as the maximum duration, if password reasons are required, if emergency access is allowed, and so forth.
This user configures time restrictions for entitlements and who can request, approve and review access requests.
- Creates account groups, asset groups and user groups.
- Creates entitlements.
- Configures access request policies.
- Adds users or user groups to entitlements to authorize those accounts to request passwords.
|
|
NOTE: This user may not know any details about the assets. |
|
|
NOTE: Security Policy Administrators can only view the user object history for their own account. |
| Navigation | Permissions |
|---|---|
|
Dashboard | Access Requests |
Full control to manage access requests. |
|
Activity Center |
View and export security-related activity events, including access request events. Audit access request workflow. |
|
Reports |
View and export entitlement reports. |
|
Administrative Tools | Toolbox |
Access to the Accounts Groups, Asset Groups, Entitlements, Users and User Groups view. Access to the Tasks pane. |
|
Administrative Tools | Account Groups |
Add, modify or delete account groups. Add accounts to account groups. Assign policies to account groups. |
| Administrative Tools | Asset Groups |
Add, modify or delete asset groups. Add assets to asset groups. Assign policies to asset groups. |
|
Administrative Tools | Entitlements |
Add, modify or delete entitlements. Add users or user groups to entitlements. Define and maintain access request policies. Assign policies to entitlements. |
|
Administrative Tools | Settings: |
|
|
Add, modify, or delete reason codes. |
|
Add, modify, or delete application registrations. |
|
Configure Approval Anywhere service for access request approvals. |
|
Login notification: View only. Set message of the day. |
| Administrative Tools | Users |
Add users to user groups. Add users to entitlements. Link directory accounts to a user. |
|
Administrative Tools | User Groups |
Add, modify or delete local user groups. Add local or directory users to user groups. Assign entitlements to user groups. |
User administrator permissions
The user administrator:
- Creates (or imports) Safeguard for Privileged Passwords users.
- Grants Help Desk Administrator permissions to users.
- Sets passwords, unlocks, and enables or disables non-administrator user accounts.
- Adds directory groups, including the associated directory users, if a directory has been added to Safeguard for Privileged Passwords.
|
|
NOTE: Also has Help Desk Administrator permissions. |
|
|
NOTE: User Administrators cannot modify administrator passwords, including their own. |
|
|
Important: User Administrators can change the permissions for their own account which may affect their ability to grant Help Desk Administrator permissions to other users. When you make changes to your own permissions, they take effect next time you log in. |
| Navigation | Permissions |
|---|---|
|
Activity Center |
View and export user activity events. |
| Administrative Tools | Toolbox |
Access to the Users and User Groups view. Access to Tasks pane. |
| Administrative Tools | Settings: | |
|
View only. |
|
Login notification: View only. Set message of the day. |
|
Administrative Tools | Users |
Add, modify, delete or import local and directory users. Set passwords and unlock accounts for non-administrator users. Enable or disable non-administrative users. Set Help Desk Administrator permissions. |
|
Administrative Tools | User Groups |
Add or delete directory groups, if a directory has been added to Safeguard for Privileged Passwords. |