...
| Info |
|---|
EmpowerID includes default IAM Shop Permission Levels for computers, such as "Local Admin" and "Domain Admin." However, you can create custom permission levels tailored to your organization's needs. For more information on customization, please see Create IAM Shop Permission Levels. |
Organizations can configure the requestable permissions for inventoried computers to give users the ability to request those permissions when connecting to those computers via Privileged Session Management (PSM). These permissions, known as “IAM Shop Permission Levels,” are fundamental to creating a secure IT environment and serve a dual purpose: providing distinct permissions while in a computer session and reinforcing the overall security posture by adhering to the principle of least privilege by removing those permissions from users immediately after their session ends. For successful permission assignment, administrators need to Assign IAM Shop Permission Levels to computers and map them to groups on the actual computer that grant those permissions natively. For example, if you wanted to allow users to connect to a computer as a local admin, you need to map the permission level to a “local admin” group on the computer.
How to assign IAM Shop Permission Levels to Computers
...