Skip to main content
Version: 3.25

Actions and access controls

First tab of the access group registration screen, you will see what actions this group allows and what access controls must be respected to make use of the privileged information.

Access Group Form - Settings Tab

Some of these fields are used to configure the Access Workflow and will be seen in practice in the next chapter.

  • Access group name: Name of the access group that corresponds to the rules this group applies. This makes it easier to understand and audit;

  • Enabled: Whether the group is active or not. Disabling a group can reduce the amount of information the user has access to, or reduce the level of security required to access the information;

  • Password previw settings:

    • Users can view a password: Determines that the credential password can be seen by the user;

    • Require reason to view a password: Check if it is necessary to register an excuse to see the password;

    • Requires approval to view a password: Check whether another user will need to act as an approver in order to see the password. Once active, you also need to define for how long this approval will be valid;

    • Approvals required to view: Number of approvals required to approve the operation;

    • Disapprovals required for cancellation: Number of refusals to stop the operation;

    • Approval in levels:* Check whether approvers will be triggered in tiers. This way you can define a hierarchy of approvers;

    • Allow emergency access without approval: Flag whether the applicant has the power to stop the approval workflow by approving the operation himself;

    • Users can change the expiration date by up to: Flag whether the applicant has the power to stop the approval workflow by approving the operation himself; :::info In the credentials display window a button will appear for the user to increase by the time, indicated in this field, their access period. :::

    • Part of the password that will be displayed: Allows the requested password to be displayed fractionally. Members of this group will only have access to the fraction defined in this field. This does not prevent the password from being used by the proxy functionality, since the user does not have access to the password in plain text when using any of our proxy solutions;

  • Remote session settings:

    • Users can start a session: Check if member users are allowed to start a proxy session using the credentials that this group allows access to;

    • Requires reason to start a session: Check if it is necessary to register an excuse to start the proxy session;

    • Requires approval to start a session: Check whether another user will need to act as approver in order to start the proxy session. Once active, you will also need to define how long this approval is valid for;

    • Approvals required: Number of approvals required to approve the operation;

    • Disapprovals required for cancellation: Number of refusals to stop the operation;

    • Approval in levels: Check whether approvers will be triggered in tiers. This way you can define a hierarchy of approvers;

      info

      When using level approval, lower level approvers will initially be notified. Only after approvals have been made by them will higher-level approvers be notified to take their approval actions.

    • Allow emergency access: Flag whether the requester has the power to stop the approval workflow by approving the transaction on its own;

    • Approval in levels: Check whether approvers will be triggered in tiers. This way you can define a hierarchy of approvers;

  • Access request settings: Check the following options

    • Governance ID required when justifying?: Check whether the applicant must enter an ITMS code at the time of justification;

    • Always add the user's manager to approvers?: Check if the user responsible for the user's department should be automatically alerted as an additional approver to this group. Therefore, this user will be alerted together with the other approvers in the tab Approvers.;

These fields, as you may have noticed, determine the rules that must be obeyed by all group members if they want to have access to some privileged information accessible by this group.