Create account inclusion rules for an account set
You can define an account set using expressions known as inclusion rules. You can include accounts solely using this method, or in conjunction with explicitly attached accounts. The accounts are determined at request time, and are based on the accounts that are currently managed.
To add a new account inclusion rule:
Navigate to the Account sets page.
Click Access management.
Select the account set to configure.
Click the Account inclusion rule tab.
Specify a unique ID and enter a description.
Enable Include all accounts if you want to be able to request access to all accounts managed by the managed system policy .
Select the Combining conditions option to match all or any condition.
Click Add.
To define the conditions for the rule:
On the Account inclusion rule tab, click the Conditions sub tab.
Click Add new…
Enter an ID and optionally a Description.
Select Enable to include the conditions in this rule.
Select the computer or account Attribute that the conditions will evaluate.
The attributes must be listed from the managed system before they can be used in an evaluation.
Choose an Attribute type :
Computer: the attribute comes from discovered systems.
Account: the attribute comes from discovered accounts.
Choose a Comparison method that will be used to compare the value with the system attributes.
Select the Value type.
Optional: Determine whether to Perform the comparison case-sensitively .
Specify the Value used to compare with the system attributes.
Click Add.
Repeat this process until you have defined all conditions.
To use the account set see the Requesting / Checking Out Privileged Access in the User guide.