Enterprise Administration Guide › Administering CA ControlMinder Enterprise Management › Administrative Scoping › Privileged Access Roles
Privileged Access Roles
CA ControlMinder Enterprise Management privileged access roles provide a basic set of roles that you can assign to administrators and users in your enterprise according to your requirements. Out-of-the-box, CA ControlMinder Enterprise Management comes with the following privileged access roles:
- Break Glass—A user with this role can initiate a Break Glass privileged account password checkout. A Break Glass checkout lets a user gain immediate access to an endpoint to which they do not have privileged access. This role is assigned by default to all the users in CA ControlMinder Enterprise Management.
- Endpoint Privileged Access Role—A user with this role can perform privileged account tasks on the specified endpoint type. The first time that you define a new type of endpoint, CA ControlMinder creates a corresponding endpoint privileged access role. For example, the first time you create a Windows endpoint in CA ControlMinder Enterprise Management, CA ControlMinder creates the Windows Agentless Connection endpoint privileged access role.
- Privileged Account Request—A user with this role can submit or delete requests for privileged account passwords. This role is assigned by default to all the users in CA ControlMinder Enterprise Management.
- SAM Approver—A user with this role can respond to privileged access requests that CA ControlMinder Enterprise Management users have submitted. This role is assigned by default to all the users in CA ControlMinder Enterprise Management.
- SAM Audit Manager—A user with this role can audit privileged account activity and can manage the CA User Activity Reporting audit collection parameters.
- SAM Policy Manager—A user with this role can manage role members and member polices, assign role owners, and create and delete roles.
- SAM Target System Manager—A user with this role can administer password policies and privileged accounts. Users with this role can also execute the privileged accounts discovery wizard to discover privileged accounts on endpoints.
- SAM User—A user with this role can check in and can check out privileged account passwords that they are permitted to use. This role is assigned by default to all the users in CA ControlMinder Enterprise Management.
- SAM User Manager—A user with this role can administer CA ControlMinder Enterprise Management users, groups, and password policies, and can manage the work items of users.
- SAM Account Owner—A user with this role can administer the privileged accounts for which the user is the owner.
Note: When you assign privileged access roles to users:
- Only the user manager with the SAM Approver role can respond to a privileged account request.
- Users with the Break Glass Privileged Account Request or SAM User role also need an endpoint privileged access role to access endpoints or perform tasks.
- A user with an endpoint privileged access role but with no other role cannot perform any tasks.
Copyright © 2013 CA Technologies.
All rights reserved.
|
|