Security
Roles Tab
The following Verify Privilege Managerroles are available by default and it is possible to add to or remove members from these roles. Verify Privilege Manager also allows the creation of new roles, if a customer environment requires more role support.
Verify Privilege Manager manages the roles of users accessing the console, unless Verify Privilege Manager is connected to Verify Privilege Vault. When connected to Verify Privilege Vault, role membership is controlled by Verify Privilege Vault.
Also refer to the following topic: User Credentials and Roles.
All these roles are considered application role permissions.
Verify Privilege Manager Administrators
This role allows the Verify Privilege Manager Administrator to have full administrative access to the Verify Privilege Manager Server Console.
Verify Privilege Manager Field Engineering
This role is reserved for future use.
Verify Privilege Manager Helpdesk Users
This role allows the user to have approve or deny escalation requests access. The helpdesk role can also disclose passwords.
Verify Privilege Manager macOS Administrators
This role allows the Verify Privilege Manager macOS Administrator to have full administrative access to the Verify Privilege Manager Server Console to administer local security and application control items pertaining to macOS systems. This role can view but not edit Unix/Linux and Windows policies.
Verify Privilege Manager Unix/Linux Administrators
This role allows the Verify Privilege Manager Unix/Linux Administrator to have full administrative access to the Verify Privilege Manager Server Console to administer local security and application control items pertaining to Unix/Linux-based endpoints. This role can view but not edit macOS and Windows policies.
Verify Privilege Manager Users
This role allows the user to have read permissions to most items, but no rights to modify security permissions. This role can disclose passwords.
Verify Privilege Manager View Password Role
This role allows the user to have view access to passwords for managed users in Verify Privilege Manager. They can view the current passwords and password change history.
Verify Privilege Manager Windows Administrators
This role allows the Verify Privilege Manager Administrator to have full administrative access to the Verify Privilege Manager Server Console to administer local security and application control items pertaining to Windows systems. This role can view but not edit macOS and Unix/Linux policies.
Creating a Role
-
On the top of the Roles page, click Create.
-
Enter a Role account name and click Create.
Although spaces are not allowed in the role account name, spaces and special characters can be used in the display name after the role is created.
-
The new Role page opens, where you can add or edit the Display Name, Description, or Account Name.
Only the display name and description can be changed when the role is created. Account Name is read-only.
-
Add Users, or any resource, to the role. Click Add.
- At the Select Resources dialog, identify users and groups that will be added to the role. You can enter a name, partial name, or leave it empty to find all. Click Search and then select the users and groups to be added to the role.
-
Available users/groups are displayed. Enable the check boxes for resources to add and click Select. Confirm your selections and click Save Changes when prompted.
The selected resources appear in the Membership portion of the page.
- At the Select Resources dialog, identify users and groups that will be added to the role. You can enter a name, partial name, or leave it empty to find all. Click Search and then select the users and groups to be added to the role.
Editing, Deleting, and Exporting a Role
Select an existing role on the Roles page. The Role details page displays, where you can:
-
Edit Basic Details.
-
Click x to remove a user/resource or click Add to reselect resources.
-
Select Delete at the More pull-down to delete the role.
-
Select Export at the More pull-down to download a ZIP file of the role and children.
Security Configuration Tab
On the Configuration tab, Verify Privilege ManagerAdmins specify the Resource Security. The Resource Security selection controls who can view data associated with specific computers.
- The Default option allows all Administrators, Users, and Helpdesk Users of Verify Privilege Managerto have access.
- The Secured Computer Groups option allows for easier customization of which Roles have access to specific computers.
- The Active Directory Domains option allows customization of which Roles have access to associated AD Domain resources.