Assigning access controls for a managed system policy
Each managed system policy has group access controls available on a per-group basis. These access controls define the privileges that attribute and user group members have for that policy. Some access controls are only available if it applies to the authentication type defined for the policy.
When a managed system policy is created, Bravura Privilege assigns default access controls for the ALLRECIPIENTS, ALLREQUESTERS, and MSP_REPORT_USERS user groups.
Regular users, via the built-in ALLREQUESTERS user group, by default have permission to:
Request check-out of managed accounts (if the policy has the password or SSH key authentication type)
View information: Managed systems/Managed accounts/Group sets/Account sets
Request check-out of group sets (if the policy has the group set authentication type)
The permissions granted by a user group work in conjunction with administrative privileges. product administrators with the "Manage managed system policies" administrative privilege have the right to manage managed system policies .
To modify managed system policy access controls:
Navigate to the Managed system policy information page .
Select the Access control tab.
Enable permissions for user groups as required.
Click Update.