Access Control is the latest policy engine introduced in Privileged Account Manager, which enables administrators to configure privileged access permissions in a simpler, easier and meaningful manner. It also provides quick insights into Privilege Governance (Who has what access) details.
Access Control engine emphasizes on grouping the Resources based on similar access requirements of an organization and then granting the access to users by defining the criteria such as allowed time of access, privilege level, monitoring needs etc.
In an organization, consider there are several Resources such as Windows Servers, UNIX Servers, and Network devices, and various Users with different access levels, require access on these servers.
The first step of designing access permissions is to group all the Resources based on similar access requirements or attributes such as:
Operating system
Specific software installed in those Resources
Location of the Resources
Department to which these Resources belong
Users who need the access on those Resources, etc
The second step is to group the users based on their access requirements on the Resources or attributes such as:
Tasks assigned to users on the Resources
Privilege level allowed on the Resources
Location of the Users
Department of the users
The third step is to configure permissions to grant access on these Resource Groups to one or more User Groups, by defining the criteria such as:
Allowed time of access
Privilege level required on the Resources
Access restrictions on file system or executables
Activity monitoring
Remediation in case of risks found in users’ activities, etc