To work with permissions, you should have the PERMISSIONS MANAGEMENTprivileges (Permission.Create, Permission.Read, Permission.Revoke, Permission.Suspend).
Click Create in the Permissions section
User
Any AD user that is a member of the User Directory can be used for creating a permission.
EnterName,Surname,Phone numberorEmailin whole or in part
Select one or more users
Resource
Any resource added to Indeed PAM can be used for permission.
Enter theResource nameorAddress(DNS address / IP address)in whole or in part
Select one or more resources
If more than one resource is selected, domain accounts or a personal user account will be used to access them.
Account
To access the resource, a local, domain or personal user account can be used.
Choosing a domain or local account
EnterAccount namein whole or in part
Select an account.
Choosing a personal user account
ClickContinue using user accounton theSelect accountpage
Time restrictions
For permission, you can set the validity period - start date and time, end date and time.
SelectBeginandEndoptions
Choose a date and time
If the Begin and End options are not selected, then the permission will be considered permanent.
You can also set Access schedule. It is not possible to use the permission outside the schedule.
Check Allow access only option
Set From and To time
If options From and To are not selected, then the permission will be valid around the clock.
When the permission expires or when the time set in the access schedule expires, the session will be terminated.
Additional Permission options
Indeed PAM allows the user to view the password of privileged accounts that are used in his permissions.
Check theAllow user to view account credentialsoption (can be disabled in the mc, uc and core settings with the allowRevealCredentials option)
