Unable to render embedded object: File (Emp18Notice.png) not found.
Skip to end of banner
Go to start of banner

Administering Account Ownership

Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Next »

EmpowerID supports tracking and assigning responsible owners for key objects like accounts, groups, computers, management roles, Locations, and Shared Credentials. This ownership relationship differs from that of a Person owning an account because that account represents them and is their personal account. Responsible person ownership is to signify who is responsible for an IT object from a security and audit perspective. Any EmpowerID RBAC Actor Type can be assigned as the "single" responsible owner but in most organizations, EmpowerID will be configured to only allow the assignment of single Person objects. The field storing this assignment is called ownerAssigneeID and is found on the respective objects tables.

If your system is audited, the auditor needs to know who is responsible for any privileged accounts. You can assign an owner using the Single Owner property on the Account Details page for each account. By default, the type of owner is set to Person, but you can edit the EmpowerID System Settings to change it to any actor type.

Having no one responsible for a privileged account is something to avoid. The Accounts without Owners report can help you to avoid such a situation.

To assign a person as the owner of an account

  1. In the Navigation Sidebar, expand Identities and select User Accounts.

    To have Personal Privileged accounts appear at the top of the list, in the grid that lists the User Accounts, click the Account Type header to sort by that field, or search for a specific account. 

  2. Click the Logon Name for the account that you want to assign.
  3. On the Account Details page that appears, under Account Information, click in the Single Owner field and start typing a name to search, and then click the tile for that person to select it.



  4. The account updates automatically when you select the tile, and an Update Complete message informs you when it is finished.



To change the owner type or allow the user to choose

By default, the owner type is set to 1, so that only a person may be assigned as the Single Owner of an account, but you can hard code another actor type, or set no value so that the Single Owner attribute displays a drop-down list of actor types.

  1. In the Navigation Sidebar, expand Admin, then EmpowerID Servers and Settings, and select EmpowerID System Settings.
  2. On the EmpowerID System Settings page, in the search box, type "owner" and press Enter or click the magnifying glass icon.
  3. Click the Edit button next to OwnerRequiredAsigneeTypeID.



  4. The Value field is set to 1 by default, but you can set it to any of the other options listed in the description, or leave the field empty to allow the user to choose.



  5. Click Save.
  6. To see the Single Owner setting update on the Account Details page:
    1. In the Navigation Sidebar, expand IT Shop and select Workflows.
    2. Click the Recycle EmpowerID AppPools workflow and allow it to finish.

To find accounts without owners

  1. In the Navigation Sidebar, expand System Logs and select Reports.
  2. Scroll down and click the Accounts without Owners Report tile.



  3. A grid populates with information about all accounts in the EmpowerID system that do not have an owner.





  • No labels