This section is for configuring privileges for PAM administrator users in the Indeed Identity PAM Management Console.

Presetting

After the First login to the administrator console, you will need to add the current user to the Administrator role,

  1. Go to the Roles section
  2. Open the Administrator role and go to the Members subsection
  3. Click Add, select the current user and add him to the role
  4. Re-enter the management console and make sure that all other sections appear in the console

Built-in Roles

The Administrator, Operator and Supervisor roles will be available right after the installation.

Attention! After upgrading to the new version, it is necessary to check the set of claims for all roles added.

All claims are enabled for the Administrator role.

The Operator role includes claims that allow you to create or revoke permissions (for example, process access requests), as well as check privileged Accounts and the availability of target Resources.

The Supervisor role is for finding and viewing values, except for Account passwords. The claims to add and modify values ​​are disabled. The role will be useful for monitoring the work of PAM administrators.

Creating new roles

To perform operations on roles, you need the claims to manage access roles.

Follow these steps:

  1. Go to the Roles section, click the Add button and provide a name for the new role. The new role is added to the list of roles.
  2. Open the created role, go to the Claims section, select the required set of claims, save the changes.

Adding Users to a Role

Follow these steps to assign claims to the management console users:

  1. Go to the Roles section, open the required role.

  2. Go to the Members section and add the required users.

If a user is added to several roles, then he receives the sum of privileges from all his roles.

Removing Roles

Go to the Roles section, select the required roles, click Remove.


  • No labels