Global Permissions

Privileged Access Management provides an additional level of permissions called Global Permissions that is available to quickly and easily grant users and groups non-Administrative permissions to all objects (folders, vaults and records) stored in the Record List.

For example, you may now provide a user with Viewer only permissions to all objects, regardless of their current inheritance setting and without having to navigate to each object, by simply granting Global Permissions to this principal account.

 

A few details to note when considering the use of Global Permissions.

  • Global Permissions do not override object permissions, meaning if a user is an Owner of an object, Global Permissions cannot be used to reduce this existing permission level.
  • Global Permissions can be assigned to both local and Active Directory Users or Groups.
  • Global Permissions are not displayed when viewing the permissions for a specific object; however they will be displayed when viewing the object’s Access Report.
  • Global Permissions can only be assigned and managed by PAM System Administrators.

Assigning Global Permissions

  1. Login to PAM as a System Administrator.
  2. Navigate to Administration > Global Permissions.
  3. Click the Grant Permission button.
  4. In the Principal field, enter the User or Group Name and then click Add.
  5. Select the permissions that you wish to globally assign to the selected principals using the available dropdown menu options.
  6. When complete, click the Select button to assign the global permissions.

The Administration section previously named Permissions has been removed. This section was used to assign permissions to the Record List’s Root Folder and this can now be managed only from the Manage > Permissions option available in the Root Folder’s top menu.

Global Permissions

Global Permissions enables a method to quickly and easily grant users and groups non-Administrative permissions to all objects (folders, vaults and records) stored in the system vault.

For example, you may now provide a user with Viewer permissions to all objects, regardless of their current inheritance setting and without having to navigate to each object, by simply granting Global Permission to this principal account.

To grant a principal Global Permissions, navigate to Administration > Global Permissions and click the Grant Permission button. Enter your principal(s), click the Add button, select the level of permissions to grant and finally click the Select button to complete the process.

To edit existing Global Permissions, simply click the Edit button for the required principal, make the necessary adjustments and click the Select button to finalize the update.

To remove existing Global Permissions, check the box next to each principal(s) to select them and then click the Revoke Permission button.

On the Global Permission page, use the Access Report button to generate a list of all user principals that have access to any object throughout the entire system.