Grant Access to Manage Specific Computers

Owned by Phillip Hanegan
Feb 29, 2024
3 min read

n EmpowerID, access to resources is granted through the assignment of Access Levels. Access Levels consist of one or more "EmpowerID Operations" and/or "native system rights," which are specific to a particular resource type. By assigning an Access Level to an EmpowerID actor, you enable the actor to execute the associated operations and rights on the specified resources. This article provides a step-by-step guide on how to assign these.

For computers, access levels include the following:

  • ACT-Computer-Object Administration – Grants assignees the ability to edit and delete the target computer

  • ACT-Computer-Object-Create – Grants assignees the ability to create computer objects

  • ACT-Computer-Shared-Credential-Approver – Grants assignees the ability to approve PSM login requests for the target computer

  • ACT-Computer-Shared-Credential-Assigner – Grants assignees the ability to assign and unassign shared credentials to and from the target computer

  • ACT-Computer-Shared-Credential-Login – Grants assignees the ability to use a shared credential to initiate a privileged session to the target computer

  • Access Manager – The Acces Manager is the owner of the resource and can manage and approve permissions assignments for the target computer

  • All Access (EmpowerID Admin) – Grants assignees the ability to execute any operation against the target computer

  • Local computer Administrator – Adds assignees to the local administrator's group for the computer to control access

Grant access to manage computers

  1. On the navbar, expand Privileged Access and click Computers.

  2. Search for the target computer and click the Display Name link for it.


    This action opens the computer's View One page. View One pages are designed to facilitate the viewing and management of the corresponding objects in EmpowerID.

     

  3. On the View One page, navigate to the RBAC tab and expand the accordion labeled "Who Has Access To Computer (RBAC Access)."

  4. From the "To Which Type of Actor Do You Wish to Assign Access?" dropdown menu, select the appropriate actor type for the assignment. For example, if you want to grant access to a single person, select Person as the actor type.

  5. Click the Add New button.


    This opens the Select to whom you wish to grant access dialog.

     

  6. Search for and select the actor that corresponds to the chosen actor type. For instance, if you selected "Person" as the actor type, you would search for and select a specific individual.

  7. Choose the Access Level that you want to assign to the selected actor.

  8. Click Save.