Built-in policies
Push/Local service mode built-in policies
The following managed system policies are available when Bravura Privilege is installed. The Bravura Privilege Pattern does not utilize these manage system policies by default.
PULL_ADM_GRP secures access to administrative accounts on local service mode Windows systems.
This policy has a complex default password policy.
PULL_SVC_GRP secures access to service accounts on local service mode Windows systems.
This policy has a complex default password policy.
PUSH_ADM_GRP secures access to administrative accounts on push mode Windows systems.
This policy has a complex default password policy.
PUSH_SVC_GRP secures access to service accounts on push mode Windows systems
This policy has a semi-complex default password policy.
VAULT_ADM_GRP secures access to administrative accounts on push mode systems and provides the IT_SEC_USERS user group pre-approved privileges to check out accounts.
This policy has a semi-complex default password policy.
You must enable default policies by binding them to a Privileged Access Manager Service. Choose a Service ID from the Managed by drop-down menu on the page, then click Update. Passwords must be randomized before users can check out account access. See Enabling managed system policies for more information.
VAULT_ADM_GRP
The VAULT_ADM_GRP managed system policy is preconfigured for managing administrative credentials on push mode target systems. This policy provides the IT_SEC_USERS user group pre-approved privileges to check out accounts from this policy.
By default, IT security users are not able to override or randomize the passwords for the managed accounts in this policy. You must configure the permissions for IT security users to allow this. The Bravura Privilege Pattern does not utilize this managed system policy by default.
Historical data policy
The HISTORICAL_DATA_GRP managed system policy is available by default when you install Bravura Security Fabric . This policy provides access to managed systems and accounts that no longer belong to any other policy.
Bravura Privilege moves managed systems and accounts to the historical data policy automatically when they are unbound from any other managed system policy. If a managed system or account is again bound to a managed system policy, it is automatically removed from the historical data policy. If a managed system is removed as a discovered target system, it will no longer be available in any managed system policy.
Bravura Privilege must have changed the password at least once in order for it to be moved to the historical data policy.
Passwords for the managed accounts in this policy cannot be overridden or randomized.
This policy has fewer configuration options than vault-only, local service or push mode policies.
Users can click the embedded link for the ID to find out that it has been renamed and to see what it has been renamed to.