Versions Compared

Old Version 2

changes.mady.by.user Kim Landis

Saved on

compared with

New Version Current

changes.mady.by.user Kim Landis

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

EmpowerID supports tracking and assigning responsible owners for key objects like accounts, groups, computers, management roles, Locations, and Shared Credentials. This ownership relationship differs from that of a Person owning an account because that account represents them and is their personal account. Responsible person ownership is to signify who is responsible for an IT object from a security and audit perspective. Any EmpowerID RBAC Actor Type can be assigned as the "single" responsible owner but in most organizations, EmpowerID will be configured to only allow the assignment of single Person objects. The field storing this assignment is called ownerAssigneeID and is found on the respective objects tables.

If your system is audited, the auditor needs to know who is responsible for any privileged accounts. You can assign an owner using the Single Owner To avoid having accounts with no responsible party, run the Accounts without a Responsible Party report. You can assign responsibility using the Responsible Party property on the Account Details page for each account, or bulk assign them from the Computers ViewMany page.


Info

By default, the type of

owner

responsible party is set to Person, but you can edit the EmpowerID System Settings to change it to any actor type.

Having no one responsible for a privileged account is something to avoid. The Accounts without Owners report can help you to avoid such a situation.

To assign a person as the owner of

See Changing the Responsible Party Type for more information.

To find accounts without a responsible party

  1. In the Navigation Sidebar, expand System Logs and select Reports.
  2. Scroll down and click the Accounts without a Responsible Party tile.

    Image Added

  3. A grid populates with information about all accounts in the EmpowerID system that do not have a responsible party.

    Image Added

To assign a person responsibility for an account

  1. In the Navigation Sidebar, expand Identities and select User Accounts.

    TipTo have Personal Privileged accounts appear at the top of the list, in the grid that lists the

    User Accounts

    , click the Account Type header to sort by that field, or search for a specific account

    .

     

    Image Removed

  2. Click the Logon Name for the account that you want to assign.
  3. On the Account Details page that appears, under Account Information, click in the Single Owner Responsible Person field and start typing a name to search, and then click the tile for that person to select it.
    Image Removed
    Image Added

  4. The account updates automatically when you select the tile, and an Update Complete message informs you when it is finished.
    Image Removed

To change the owner type or allow the user to choose

By default, the owner type is set to 1, so that only a person may be assigned as the Single Owner of an account, but you can hard code another actor type, or set no value so that the Single Owner attribute displays a drop-down list of actor types.

  1. Image Added


To bulk assign a responsible party for a number of accounts

  1. In the Navigation Sidebar, expand Admin, then EmpowerID Servers and Settings, and select EmpowerID System Settings.
  2. On the EmpowerID System Settings page, in the search box, type "owner" and press Enter or click the magnifying glass icon.
    3. Click the Edit button next to OwnerRequiredAsigneeTypeID.
    Image Removed
    The Value field is set to 1 by default, but you can set it to any of the other options listed in the description, or leave the field empty to allow the user to choose.
    Image Removed
  3. Click Save.
  4. To see the Single Owner setting update on the Account Details page:
    1. In the Navigation Sidebar, expand IT Shop and select Workflows.
    2. Click the Recycle EmpowerID AppPools workflow and allow it to finish.

To find accounts without owners

  1. In the Navigation Sidebar, expand System Logs and select Reports.
  2. Scroll down and click the Accounts without Owners Report tile.
    Image Removed
    A grid populates with information about all accounts in the EmpowerID system that do not have an owner.
    Image RemovedIdentities and select User Accounts.
  3. On the Actions tab, click Assign Responsibility for Accounts.

    Image Added

  4. On the Select Accounts page that appears, select accounts to assign to a responsible party and click Submit.

    Image Added

  5. In the Select Person page that appears, select the person you want to assign as the responsible party for the selected accounts and click Submit.

    Image Added

  6. Starting workflow message appears, and when the workflow finishes, a Request Complete message appears.

    Image Added




Div
stylefloat: left; position: fixed; top: 85px; padding: 5px;
idtoc
classtopicTOC


Div
stylemargin-left: 40px; margin-bottom: 40px;

Live Search
spaceKeyE2D
placeholderSearch the documentation
typepage


Div
stylefont-size: 1rem; margin-bottom: -45px; margin-left: 40px;text-transform: uppercase;

In this article



Table of Contents
stylenone