In One Identity Safeguard for Privileged Sessions (SPS), user rights can be assigned to usergroups. SPS has numerous usergroups defined by default, but custom user groups can be defined as well. Every group has a set of privileges: which pages of the SPS web interface it can access, and whether it can only view (read) or also modify (read & write/perform) those pages or perform certain actions.
NOTE: Every group has either read or read & write/perform privileges to a set of pages.
Figure 89: Users & Access Control > Appliance Access — Managing SPS users
The following describes how to assign privileges to a new group.
To assign privileges to a new group
-
Navigate to Users & Access Control > Appliance Access and click .
-
Find your user group. If you start typing the name of the group you are looking for, the auto-complete function will make finding your group easier for you.
-
Click Edit located next to the name of the group. The list of available privileges is displayed.
-
Select the privileges (that is, the pages of the One Identity Safeguard for Privileged Sessions (SPS) interface) to which the group will have access and click Save.
NOTE: To export the configuration of SPS, the Export configuration privilege is required.
To import a configuration to SPS, the Import configuration privilege is required.
To update the firmware and set the active firmware, the Firmware privilege is required.
-
Select the type of access (read or read & write) from the Type field.
-
Click .
The following describes how to modify the privileges of an existing group.
To modify the privileges of an existing group
-
Navigate to Users & Access Control > Appliance Access.
-
Find the group you want to modify and click Edit. The list of available privileges is displayed.
-
Select the privileges (pages of the One Identity Safeguard for Privileged Sessions (SPS) interface) to which the group will have access and click Save.
Figure 90: Users & Access Control > Appliance Access > Edit — Modifying group privileges
|
Caution:
Assigning the Search privilege to a user on the Users & Access Control page automatically enables the Search in all connections privilege, and grants the user access to every audit trail, even if the user is not a member of the groups listed in the Access Control option of the particular connection policy. |
-
Select the type of access (read or read & write) from the Type field.
-
Click .
The admin user is available by default and has all privileges. It is not possible to delete this user.
The Filter ACLs section of the Users & Access Control > Appliance Access page provides you with a simple searching and filtering interface to search the names and privileges of usergroups.
Figure 91: Users & Access Control > Appliance Access — Finding specific usergroups
-
To filter on a specific usergroup, enter the name of the group into the Group field and select Search.
-
To select usergroups who have a specific privilege, click Edit, select the privilege or privileges you are looking for, and click Search.
-
To filter for read or write access, use the Type option.