The Directory Administrator cannot delete a directory that has active access requests. However, it is the responsibility of the Security Policy Administrator to manage access requests.
A Safeguard for Privileged Passwords entitlement is a set of access request policies that restrict system access to authorized users. Typically you create entitlements for various job functions; that is, you assign permissions to perform certain operations to specific roles such as Help desk, Unix administrator, or Oracle administrator, and so forth. Password release entitlements consist of users, user groups, and access request policies. Session request entitlements consist of users, user groups, assets, asset groups, and access request policies.
The Auditor and the Security Policy Administrator have permission to access Entitlements.
Go to Administrative Tools and click Entitlements.
Safeguard for Privileged Passwords displays a next to an entitlement name when it expires or when the entitlement contains at least one expired policy. You can configure Safeguard for Privileged Passwords to notify you of an impending entitlement or policy expiration by sending an event notification to a syslog server, in an email message, or a SNMP trap. For more information, see External Integration settings.
To search for a particular entitlement, see Search box.
The Entitlements view displays the following information about the selected entitlement:
Tab | Description |
---|---|
General tab | Displays the general and time restriction settings information for the selected entitlement. |
Users tab | Displays the user groups or users who are authorized to request access to the accounts or assets in the scope of the selected entitlement's policies. Certificate users are included in the display if the user was created during a Safeguard for Privileged Sessions join and was assigned and used by a Sessions Appliance. The certificate users created during the join can be added to the Users tab but are not there by default. |
Access Request Policies tab | Displays the access request policies that govern the accounts or assets in the selected entitlement. |
History tab | Displays the details of each operation that has affected the selected entitlement. |
Use these toolbar buttons to manage entitlements.
Option | Description |
---|---|
Add entitlements to Safeguard for Privileged Passwords. For more information, see Adding an entitlement. | |
Remove the selected entitlement. For more information, see Deleting an entitlement. | |
Update the list of entitlements. |
The Administrative Tools | Entitlements | General tab lists information about the selected entitlement.
Large tiles at the top of the tab display the number of Users, Accounts and Assets associated with the selected entitlement. Clicking a tile heading opens the corresponding tab.
Property | Description |
---|---|
Name |
The entitlement name. |
Priority |
A unique number that determines the processing order of the entitlement in relation to other entitlements. For more information, see About priority precedence. |
Property | Description |
---|---|
Time Restrictions |
The days and times this entitlement is in effect. For more information, see About time restrictions. |
Expires |
The day and time this entitlement expires. |
Description: Information about the selected entitlement.
The Administrative Tools | Entitlements | Users tab displays the users and user groups who are authorized to request access for the accounts and assets in the scope of the selected entitlement's policies. Certificate users are included in the display if the user was created during a Safeguard for Privileged Sessions join and was assigned and used by a Sessions Appliance. The certificate users created during the join can be added to the Users tab but are not there by default.
Click Add User or User Group from the details toolbar to add one or more "requester" users or user groups to the selected entitlement.
Property | Description |
---|---|
Type |
Type of member:
|
Name | Name of the user or user group included in the selected entitlement. |
Provider |
The name of the authentication provider:
|
Domain Name |
The name of the domain of the user group or user. |
Use these buttons on the details toolbar to manage the "requester" users associated with the selected entitlement.
Option | Description |
---|---|
|
Add a "requester" user group or user to the entitlement. For more information, see Adding users or user groups to an entitlement. |
|
Remove the selected user or user group from the entitlement. |
|
Update the list of "requester" users or user groups. |
|
View additional details about the selected user or user group. |
|
To locate a specific user (or user group) or set of users (or user groups) in this list, enter the character string to be used to search for a match. For more information, see Search box. |
© 2019 One Identity LLC. ALL RIGHTS RESERVED. Feedback Terms of Use Privacy