Skip to main content

Managing discovered objects

This section shows you how to view and manually manage discovered objects.

You require the "Manage resources" administrative privilege in order to access the Discovered objects menu item.

You require the "Manage managed system policies" administrative privilege in order to attach discovered objects to managed system policies .

If either the description or the address for a discovered system cannot be resolved, then it cannot be managed by a managed system policy as a member system.

You must have membership in a user group that has the following access controls for the managed system policies to which you want to attach discovered objects:

  • View properties for this policy

  • Modify properties for this policy

Viewing discovered objects

To view the list of all discovered objects, click Manage the system > Resources > Discovered objects, then select Systems, Accounts, or Subscribers.

26576.png

Bravura Privilege also displays system and account attributes, as well as any subscribers that are using the account credentials to run; for example, services, tasks, iis, dcom objects, ODBC system DSNs. This information can be accessed by clicking on the name of the discovered system or account.

Other information is provided when the discovered object is managed. This includes which import rules were used to manage the discovered object, managed system policies the object is added to, managed account check-out/check-ins, and manual password randomization batches.

To learn how to use attributes when creating requirements for import rules, see ?? .

Manually managing discovered systems

To manually manage discovered systems:

  1. Click Manage the system > Resources > Discovered objects > Systems

  2. Enable the checkboxes for the systems that you want to manage, then click Manage...

  3. Select managed system policies to which you want to add the systems, then click Select.

  4. Set the Template target system to use to define target system information.

  5. Set the New system connection credentials for the Bravura Privilege server to use to connect to the new managed systems.

  6. Click Apply , and confirm the settings.

    Target systems are created for the new managed systems, and they are added to the selected managed system policies as member systems. For local service mode systems, the local service will need to contact the Bravura Privilege server a few times to verify the administrator credentials.

    By default, you can manually manage up to 20 systems at a time.

Manually managing discovered accounts

To manually manage discovered accounts:

  1. Click Manage the system > Resources > Discovered objects > Accounts.

  2. Enable the checkboxes for the accounts that you want to manage, then click Manage... .

  3. Select managed system policies to which you want to add the accounts, then click Select.

    Accounts are only managed if they exist on the selected managed system policy member systems.

  4. Click Apply , and confirm the setting.

    The accounts are added to the managed system policies ’ managed accounts.

Deleting discovered systems

To delete a discovered system:

  1. Click Manage the system > Resources > Discovered objects > Systems .

  2. Select the checkbox next to the system that you want to delete.

    A target system that is automatically discovered (manually or with an import rule) must be deleted first before its discovered system can be deleted.

  3. Click Delete , and confirm the setting.

    The discovered system is removed from the instance.

If you delete a push mode discovered system and the system still exists on an Active Directory domain, it will be rediscovered the next time auto discovery is run. If you delete a local service mode discovered system and the Local workstation service is still installed and running on the system, it will be rediscovered on the next poll interval.

Displaying discovered object attributes

You can display discovered object attributes as additional columns on configuration screens and managed account requests. These attributes can provide users with additional information about managed accounts or managed systems.

To specify a list of attributes to display, set the MANAGED ACCOUNT ATTR DISPLAY LIST or MANAGED SYSTEM ATTR DISPLAY LIST option at Manage the system > Modules > Privileged access f or account attributes and system attributes, respectively.

In this section: