Versions Compared
Key
- This line was added.
- This line was removed.
- Formatting was changed.
Permissions allow AD users to open sessions.
| Warning | ||
|---|---|---|
| ||
| To work with permissions, you should have the PERMISSIONS MANAGEMENT privileges (Permission.Create, Permission.Read, Permission.Revoke, Permission.Suspend). |
- Click Create in the Permissions section
| Note | ||
|---|---|---|
| ||
If you need to grant permission to a User group, then go to the User Groups section, select the group and click Add permission |
Organizational unit
Select OU the resource is located in. This item will not be displayed when a permission is created by the Local administrator of a particular OU.
User
Any AD user that is a member of the User Directory can be used for creating a permission.
- Enter Name, Surname, Phone number or Email in whole or in part
- Select one or more users
Resource
Any resource added to Indeed PAM can be used for permission.
- Enter the Resource name or Address (DNS address / IP address) in whole or in part
Select one or more resources
| Note | ||
|---|---|---|
| ||
If more than one resource is selected, domain accounts or a personal user account will be used to access them. |
Account
To access the resource, a local, domain or personal user account can be used.
Choosing a domain or local account
- Enter Account name in whole or in part
- Select an account.
Choosing a personal user account
- Click Continue using user account on the Select account page
Time restrictions
For permission, you can set the validity period - start date and time, end date and time.
- Select Begin and End options
Choose a date and time
| Tip | ||
|---|---|---|
| ||
If the Begin and End options are not selected, then the permission will be considered permanent. |
You can also set Access schedule. It is not possible to use the permission outside the schedule.
- Check Allow access only option
- Set From and To time
| Tip | ||
|---|---|---|
| ||
If options From and To are not selected, then the permission will be valid around the clock. |
| Warning | ||
|---|---|---|
| ||
When the permission expires or when the time set in the access schedule expires, the session will be terminated. |
Additional Permission options
Indeed Identity PAM allows the user to view the password of privileged accounts that are used in his permissions.
- Check the Allow user to view account credentials option (can be disabled in the mc, uc and core settings with the allowRevealCredentials option)
- Finish creating the permission
Indeed Identity PAM allows the user to change the passwords of privileged accounts that are used in his permissions.
- Check the Allow change account credentials option
- Finish creating the permission
- Finish creating the permission.
| Divbox | ||||
|---|---|---|---|---|
| ||||
|