Personal privileged access
The following sections show you how to configure and use the personal privileged access feature.
Terminology
The following terms are used in this chapter:
Personal administrative account | An account with elevated privileges that is owned by a single user. |
Account trustee | A user who can onboard, offboard, and update privileged accounts. |
Help desk trustee | Any user that is a member of the help desk trustee user class, and so can submit a request to assign an owner at account onboard or update. |
Objective
Technical staff in many companies have both a normal employee account and an administrator account that contains elevated privileges. These accounts are checked out at the start of almost everyday in order to connect to various systems to complete their tasks. It is tedious to request, check out, and disclose information repeatedly for something so critical to their day-to-day duties.
Organizations require administrators to streamline their workflow by automatically checking out personal administrator accounts that they own at login when launching the privileged access app.
Solution
The personal privileged access feature automates the request process, allowing specific account access to be assigned to a single owner. The act of signing into Bravura Privilege triggers an automatic check-out of all the owner’s personal privileged access accounts.
Initial considerations
Determine which accounts should be personal administrator accounts and who should own them by considering the following:
How often is this account accessed?
Is the same person always accessing this account?
If an account is accessed frequently, such as part of daily tasks, and is always accessed by the same person, it is a good candidate to make it a personal admin account and assign it single ownership.