Add a Safe

This topic describes how to add a Safe with or without Safe members in the PVWA, and the authorizations a user must have to add a Safe or view the Safes page.

Required authorizations

Add a Safe authorizations

To add a Safe, you must have the following authorization in the Vault:

Authorization

Description

Add Safes

This authorization is given at the user level, as part of the PrivateArk User management.

It enables the user to perform the following actions:

  • Add Safes

  • Rename a Safe

View the Safes page authorizations

To view the Safes page, you must have one of the following authorizations in the Vault:

Authorization

Description

Manage Safe

Enables the user to view the Safes page and manage the properties of existing Safes.

Manage Safe Members

Enables the user to view the Safes page and manage Safe members’ authorizations.

Add a Safe

 
  • Safes that are created in the PVWA are based on default properties. For more information, see Default Safe properties.

  • Reports Safes and PSM Recording Safes are created automatically with the Auto-purge is enabled setting, which means that files in these Safes will automatically be purged after the Object History Retention Period defined in the Safe properties. In addition, these Safes cannot be managed by the CPM.

  1. In the PVWA, go to Policies > Safes.

     

    The Safes that appear in the list are either Safes created by your user, or Safes for which you have one of the required permissions.

  2. Click Create Safe.

    The Create Safe page appears.

  3. Define the following Safe properties, and then click Next:

    1. Enter a name for the new Safe.

    2. In the Assigned to CPM drop-down list, select the CPM that will manage the remote devices stored in this Safe.

    3. (Optional) Enter a description for the Safe.

    4. Click Advanced details to select the account (password) version management for the Safe and enable Object Level Access Control (OLAC):

      • Object Level Access Control cannot be disabled.

      • Enabling OLAC impacts Vault performance.

      Option

      Description

      Version management: Save account versions for a period of <number> days

      The number of days that password versions are saved in the Safe.

      You can select only one of the two Version management options.

      Version management: Save latest account versions

      The number of previous password versions that you want to save for each account. These versions are stored in the Safe indefinitely. A new version replaces the oldest version.

      You can select only one of the two Version management options.

      Enable Object Level Access Control

      Sets different permissions for individual accounts in the Safe. For more information, see Use Object Level Access Control in Safes.

      You can view saved password versions in the Account properties pane, in the Versions tab. By default, the last five password versions are stored. For more information, see Password version control.

  4. Do one of the following actions:

    • To finish creating the Safe, and not add members at this time, click Skip and create Safe.

      The Safe is created without Safe members. For more information about adding Safe members to a Safe, see Add a Safe member.

    • To add Safe members now, continue with the steps below.

  5. Select the members for this Safe, and then click Next:

    1. Under Source, select from where the users or groups will be retrieved.

    2. Under Member type, select whether the members are users, groups, or both.

    3. Search for specific users or groups by entering at least three characters contained in the name of the user and/or group.

    4. Select the members that you want from the list of results.

  6. By default, the member's expiration date is not set. To specify a date when the user's Safe membership should end, click Set next to Membership expiration is set to off, and select a date.

  7. Set the Safe member permissions:

    • Select one of the Permission preset groups or select a custom group of specific permissions.

    • Click Show permissions to view the permissions in a group.

    • Click a group's title check box to select or remove a group of permissions.

    • Click a check box to either select or remove a specific permission

    For detailed information about permissions, see Safe member permissions.

  8. Select one of the following options:

    • Create Safe to create the Safe and return to the Safes page.

    • Create Safe and create new to create the Safe and begin adding another Safe.

    The Safe is created in the Vault.

  9. To review the properties of the Safe that you just created, select the Safe and click the Details or Members tab.

    In the Members tab, all predefined users and groups are hidden by default. To display them, click the Hide predefined users and groups toggle. For more information about Safe members and their authorizations, see Add a Safe member.