Grant Access to Manage Specific Computers

In EmpowerID, access to resources is granted through Access Levels—collections of operations and rights specific to a resource type. Assigning an Access Level to a user or group enables them to perform the associated operations on specified computers.

Computer Access Levels

The following Access Levels are available for computers:

• ACT-Computer-Object Administration – Edit and delete the target computer
• ACT-Computer-Object-Create – Create computer objects
• ACT-Computer-Shared-Credential-Approver – Approve PSM login requests for the target computer
• ACT-Computer-Shared-Credential-Assigner – Assign and unassign shared credentials to and from the target computer
• ACT-Computer-Shared-Credential-Login – Use a shared credential to initiate a privileged session to the target computer
• Access Manager – Manage and approve permission assignments for the target computer (owner role)
• All Access (EmpowerID Admin) – Execute any operation against the target computer
• Local computer Administrator – Membership in the local administrators group for the computer

Prerequisites

To grant access to specific computers, you need the appropriate Management Roles for computer administration as described in Access Needed to Manage Computers.

Grant Access to a Computer

1. On the navbar, expand Privileged Access and click Computers.

2. Search for the target computer and click its Display Name link.

   The computer's View One page opens.

3. Navigate to the RBAC tab and expand the Who Has Access To Computer (RBAC Access) accordion.

4. From the To Which Type of Actor Do You Wish to Assign Access? dropdown, select the appropriate actor type.

   For example, select Person to grant access to an individual user, or Group to grant access to all members of a group.

5. Click the Add New button.

   The Select to whom you wish to grant access dialog opens.

6. Search for and select the actor that corresponds to your chosen actor type.

7. In the Access Level dropdown, select the Access Level you want to assign.

8. Click Save.

Results

After saving:

• The selected actor is granted the specified Access Level for the computer
• The actor can perform operations permitted by the assigned Access Level
• The assignment appears in the Who Has Access To Computer (RBAC Access) list on the computer's RBAC tab

Related Topics

• Access Needed to Manage Computers – Management Roles required for computer administration
• Configure Eligibility for Computers – Control who can request access through the IAM Shop
• Onboard Computers – Configure access settings during computer onboarding