Skip to main content

Getting started

Who can manage account sets

  • End users who can request check-out of managed accounts in a managed system policy can create account sets.

  • Creators can delete their own account sets without additional privileges.

  • End users who can request check-out of managed accounts in a managed system policy can use all shared account sets in this managed system policy , but cannot delete the account sets that they did not create.

  • Users can be assigned ”Modify all account sets in this policy” ACL in any managed system policy . This will allow them to search and delete account sets created by others as well as themselves.

  • Product administrators can be assigned the ”Manage account sets” privilege, and can manage account sets via the Manage the system (PSA) module.

  • When checking out multiple accounts in a single operation, the accounts have to have the same primary managed system policy . This is to eliminate conflicts with access controls or other settings.

Requirements

Before an account set can be created the following requirements must be met:

  • Configure at least one managed system policy.

    See Managed System Policies for details.

  • Manage accounts on a managed system policy .

    See Managed Accounts .

  • If users are to be able to run commands on one or more accounts in the account set, configure the Run command control (pswcmdrun) on the managed system policy .

    See Defining access disclosure plugins for more information.

Navigation steps

Product administrators can manage account set access from the Manage the system (PSA) module by clicking Manage the system > Privileged access > Account sets.

From the Account sets menu you can:

Alternatively, end users can manually select and request access to multiple accounts via the Privileged access app. The request is automatically saved as an account set.