立即与支持人员聊天
与支持团队交流

One Identity Safeguard for Privileged Sessions 6.5.0 - Administration Guide

Preface Introduction The concepts of One Identity Safeguard for Privileged Sessions (SPS) The Welcome Wizard and the first login Basic settings
Supported web browsers and operating systems The structure of the web interface Network settings Configuring date and time System logging, SNMP and e-mail alerts Configuring system monitoring on SPS Data and configuration backups Archiving and cleanup Forwarding data to third-party systems Joining to One Identity Starling
User management and access control Managing One Identity Safeguard for Privileged Sessions (SPS)
Controlling One Identity Safeguard for Privileged Sessions (SPS): reboot, shutdown Managing Safeguard for Privileged Sessions (SPS) clusters Managing a High Availability One Identity Safeguard for Privileged Sessions (SPS) cluster Upgrading One Identity Safeguard for Privileged Sessions (SPS) Managing the One Identity Safeguard for Privileged Sessions (SPS) license Accessing the One Identity Safeguard for Privileged Sessions (SPS) console Sealed mode Out-of-band management of One Identity Safeguard for Privileged Sessions (SPS) Managing the certificates used on One Identity Safeguard for Privileged Sessions (SPS)
General connection settings HTTP-specific settings ICA-specific settings MSSQL-specific settings RDP-specific settings SSH-specific settings Telnet-specific settings VMware Horizon View connections VNC-specific settings Indexing audit trails Using the Search interface Advanced authentication and authorization techniques Reports The One Identity Safeguard for Privileged Sessions (SPS) RPC API The One Identity Safeguard for Privileged Sessions (SPS) REST API One Identity Safeguard for Privileged Sessions (SPS) scenarios Troubleshooting One Identity Safeguard for Privileged Sessions (SPS) Using SPS with SPP Configuring external devices Using SCP with agent-forwarding Security checklist for configuring One Identity Safeguard for Privileged Sessions (SPS) Jumplists for in-product help Configuring SPS to use an LDAP backend Glossary

Managing user rights and usergroups

In One Identity Safeguard for Privileged Sessions (SPS), user rights can be assigned to usergroups. SPS has numerous usergroups defined by default, but custom user groups can be defined as well. Every group has a set of privileges: which pages of the SPS web interface it can access, and whether it can only view (read) or also modify (read & write/perform) those pages or perform certain actions.

NOTE:

Every group has either read or read & write/perform privileges to a set of pages.

Figure 75: Users & Access Control > Appliance Access — Managing SPS users

Assigning privileges to user groups for the One Identity Safeguard for Privileged Sessions (SPS) web interface

The following describes how to assign privileges to a new group.

To assign privileges to a new group

  1. Navigate to Users & Access Control > Appliance Access and click .

  2. Find your user group. If you start typing the name of the group you are looking for, the auto-complete function will make finding your group easier for you.

  3. Click Edit located next to the name of the group. The list of available privileges is displayed.

  4. Select the privileges (that is, the pages of the One Identity Safeguard for Privileged Sessions (SPS) interface) to which the group will have access and click Save.

    NOTE:

    To export the configuration of SPS, the Export configuration privilege is required.

    To import a configuration to SPS, the Import configuration privilege is required.

    To update the firmware and set the active firmware, the Firmware privilege is required.

  5. Select the type of access (read or read & write) from the Type field.

  6. Click Commit.

Modifying group privileges

The following describes how to modify the privileges of an existing group.

To modify the privileges of an existing group

  1. Navigate to Users & Access Control > Appliance Access.

  2. Find the group you want to modify and click Edit. The list of available privileges is displayed.

  3. Select the privileges (pages of the One Identity Safeguard for Privileged Sessions (SPS) interface) to which the group will have access and click Save.

    Figure 76: Users & Access Control > Appliance Access > Edit — Modifying group privileges

    Caution:

    Assigning the Search privilege to a user on the Users & Access Control page automatically enables the Search in all connections privilege, and grants the user access to every audit trail, even if the user is not a member of the groups listed in the Access Control option of the particular connection policy.

  4. Select the type of access (read or read & write) from the Type field.

  5. Click Commit.

The admin user is available by default and has all privileges. It is not possible to delete this user.

Finding specific usergroups

The Filter ACLs section of the Users & Access Control > Appliance Access page provides you with a simple searching and filtering interface to search the names and privileges of usergroups.

Figure 77: Users & Access Control > Appliance Access — Finding specific usergroups

  • To filter on a specific usergroup, enter the name of the group into the Group field and select Search.

  • To select usergroups who have a specific privilege, click Edit, select the privilege or privileges you are looking for, and click Search.

  • To filter for read or write access, use the Type option.

相关文档