Using account set access
Once you have checked out the account set, you can use the available controls to access the privileged accounts within the time given. You can access individual accounts within an account set using the same access disclosure plugins that are available in a single-account check-out.
To obtain access to a particular account:
From the CHECK-OUTS heading in the Filter panel, click the link for the account set you want to access.
The individual accounts attached to the account set will be displayed in the Results panel.
Select an account from the Results panel.
The Privileged access app displays available access disclosure plugins in the Actions panel to the right.
For information about each access disclosure plugin see Access disclosure plugins .
Running commands
In addition to the single account controls, you may have an option to execute commands on multiple accounts if your administrator configures the Run commands option.
To run commands that were specified during the check-out request:
From the CHECK-OUTS heading in the Filter panel, click the link for the account set you want to access.
The individual accounts attached to the account set will be displayed in the Results panel.
Select the accounts you want to run the commands on.
The command will be pre-filled. If Can only execute the specified command was selected at request time, you will not be able to modify the command here, otherwise, modify the command if required.
Click >_Run Command.
Click Run.
There is a 450 character limit for commands.
To specify and run commands after checking out the account set:
From the CHECK-OUTS heading in the Filter panel, click the link for the account set you want to access.
The individual accounts attached to the account set will be displayed in the Results panel.
Select the accounts you want to run the commands on.
Click >_Run command.
Specify commands in Command.
Click Run.
Alternatively, you can run commands by selecting the checked out account set from the PRIVILEGED ACCESS heading.
You can also run commands across multiple account sets by selecting more than one checked-out account set and then clicking Run command . In this case, the command will run across all accounts belonging to those account sets.
Saving and loading commands
You can either manually enter commands, or save and load them.
To save commands:
From the CHECK-OUTS heading in the Filter panel, click the link for the account set you want to access.
The individual accounts attached to the account set will be displayed in the Results panel.
Select the accounts you want to run the command on.
Click >_Run commands.
Enter the commands you want to run.
Click Save.
Verify your command in the pop-up.
Enter a command name.
Click Save.
Saved commands can be loaded anywhere a command can be specified. To load a saved command, search for existing commands, and select the desired command.
Viewing command execution status
A COMMANDS category is added to the Filter panel when at least one command execution is attempted.
To view a run commands execution status:
Click the link on the pop-up confirmation message, click Recent from the Filter panel and search for the command under COMMANDS.
Select your command.
Click Command status.
If the commands have been processed, and an output file is save, you can click Download to download the file.
If the commands have not been processed, you can cancel the commands by selecting it and clicking Cancel command.
If the command is in "queued" status you can cancel it before it starts running, Once it starts running you cannot cancel it, even if it is still in the "queued" status; Bravura Security Fabric displays an error message like the one illustrated below.
Setting other options
The following options are only available if your product administrator allowed users to override them:
Delete command output after expiration date – select to remove an output file from the server after it expires. By default, this is selected and files are deleted in 365 days.
Retrieve command output and save on server – select to retrieve and save an output file. By default, this is selected.
The default Connector timeout as defined on the Target system information page is 300 seconds. Update this value if the command you are running will take longer.