Getting started
Who can manage account sets
End users who can request check-out of managed accounts in a managed system policy can create account sets.
Creators can delete their own account sets without additional privileges.
End users who can request check-out of managed accounts in a managed system policy can use all shared account sets in this managed system policy , but cannot delete the account sets that they did not create.
Users can be assigned ”Modify all account sets in this policy” ACL in any managed system policy . This will allow them to search and delete account sets created by others as well as themselves.
Product administrators can be assigned the ”Manage account sets” privilege, and can manage account sets via the Manage the system (PSA) module.
When checking out multiple accounts in a single operation, the accounts have to have the same primary managed system policy . This is to eliminate conflicts with access controls or other settings.
Requirements
Before an account set can be created the following requirements must be met:
Configure at least one managed system policy.
See Managed System Policies for details.
Manage accounts on a managed system policy .
See Managed Accounts .
If users are to be able to run commands on one or more accounts in the account set, configure the Run command control (
pswcmdrun
) on the managed system policy .See Defining access disclosure plugins for more information.
Navigation steps
Product administrators can manage account set access from the Manage the system (PSA) module by clicking Manage the system > Privileged access > Account sets.
From the
menu you can:Alternatively, end users can manually select and request access to multiple accounts via the Privileged access app. The request is automatically saved as an account set.