The section contains all issued and revoked permissions.

Permission Profile

The permission profile displays the following data:

• Description - custom text.
• Resources - resources on which RDP, SSH or web-session can be opened on behalf of the account specified in the permission.
• Account - account that is used to open RDP, SSH or web-session on the resources specified in the permission.
• User - Active Directory user for which permission is granted.
• Permission created by - Indeed PAM admin account.
• Permission created at  - date and time permission was created.
• Date restriction - dates between which the permit is active.
• Time restriction - time between which the permit is active.
• View account credentials - permission to view the password or SSH key of the access account.

Permissions search

Search is carried out in the Permissions section.

Text search

Enter in the search box in whole or in part # (Permission number), User, Account, Resource or Description.

Extended search

Click Extended search and enter one or more criteria in whole or in part # (Permission number) or Comment, select User, Account or Resource.

Select permission state:

• Valid
• Revoked

Create permission

Permissions give the right to open RDP, SSH or web-sessions. Permission can be issued both from the section Permissions, and form the User, Resource or Account profile.

1. Go to the Permissions section and click Create.

2. Select a user directory.
   To search, enter the Name, Surname, Phone number or Email in whole or in part.
   

3. Select resource.
   To search, enter the resource Name or Address (DNS address / IP address) in full or in part.

   If more than one resource is selected, then only domain accounts will be used to access them. If one resource is selected, then both local accounts and domain will be used to access it.

   

4. Select an account.
   To search, enter the Account Name in whole or in part. 

   
   If you select Continue using user account (it will become available if no account is selected), a user account will be used to connect to the resource. In the case of an ssh connection, you will need to enter user authentication data when entering the resource.

5. Configure Active time:
   • Begin - the date and time the permission started.
   • End - the date and time the permission expired.
     
     

   

   Under the calendar, a time selection tool is available. You can also manually enter dates and times.

   
   

6. Configure Access Schedule - access restriction time during the day.
   

   If the Active time does not contain the marked parameters, then the resolution will be considered unlimited.  If the Access schedule does not contain the marked parameters, then the permission will be valid around the clock. If the Access schedule is outside the scope of the Active time, then priority is given to the Active time.

   
   

7. 
   

   Configure View account credentials.
   If the user for whom permission is created must have the right to view the password or SSH key of the access account on behalf of which the session will be opened, then check the option Allow user to view account credentials.

   Viewing account credentials is performed in the Self Service.

   

8. If necessary, fill out the Description for permission.
   
   

9. Review the permission details and click Create.
   

   If you need to change the permission settings, then you can return to any step by clicking Back.

   
   

Revoke of permission

Bulk Revoke of Permissions

1. Go to the Permissions section and select one or more permissions.
2. Click Revoke, confirm your actions by clicking Revoke.

Revoke of permission from its profile

1. Go to the Permissions section and search.
2. Open the permission profile and click Revoke.
3. Confirm your actions by clicking Revoke.