Predefined users and groups for Privilege Cloud Standard

This user appears on the highest level of the User hierarchy and has all possible permissions. As such, it can create and manage other Users on any level on the User hierarchy.

This user is a member of the Auditors group. This user appears at the top of the User hierarchy, enabling it to view all the Users in the Safe. The Auditor User can produce reports of Safe activities and User activities. This enables it to keep track of activity in the Safe and User requirements.

This user is a member of the Backup Users group. It has the Backup Safe authorization, and can backup all, several, or individual Safes.

This user is an internal user that cannot be logged onto. This user carries out internal tasks, such as automatically clearing expired user and Safe history.

This user is a member of the DR Users group and is specifically for use in Disaster Recovery. This user can replicate the Safes in the production Vault to the Disaster Recovery Vault, keeping it continuously up-to-date.

This user has all the available Safe member authorizations, except Authorize password requests, and therefore has complete control over the entire system. This user is used to manage a full recovery when necessary.

It cannot be removed from any Safe.

This user is in use by CyberArk Cloud Services.

This user is installed with the Event Notification Engine (ENE). It retrieves information about activities that occur in Safes as well as contact details of recipients so that the ENE can send notifications. It is a member of the Notification Engines group. Used by CyberArk Cloud Services.

This user is a member of the Operators group that has the Manage Safe authorization which enables it to update the Safe properties and carry out other administrative operations, such as compressing the Safe and changing the size of the Safe.

As the Operator user does not have any of the authorizations that would enable it to view the contents of a Safe, when it opens the Safe the Open Safe icon appears but not the Safe contents. In addition, it cannot view Safe logs or the Owners list.

Privilege Cloud Admins group is a group of Vault administrators. This group can be added to Safes with all Safe member authorizations. This group is added automatically to the following Safes:

The Auditors group has the View audit and View Safe Members authorizations, which enables members to view the contents of the Safe, the activity logs, and the Owners list. The predefined Auditor user is added automatically to this group.

The Backup Users group has the Backup Safe authorization, which enables members to backup all, several, or individual Safes. It is recommended to use members of this group for backup operations and not grant this authorization to individual users. The predefined Backup user is added automatically to this group.

The DR Users group has the Backup Safe authorization and is used in Disaster Recovery. It is recommended to use members of this group for replication and not grant this authorization to individual users. The predefined DR user is added automatically to this group.

The Notification Engines group is a group of NotificationEngine users that are added during ENE installation, and which enable the ENE to send notifications about activities in the Safes. This group has the View audit and View Safe Members authorizations so that it can monitor activities in the Safe, but does not have access to any information. Used by CyberArk Cloud Services..

The Operators group has the Manage Safe authorization, which enables members to update the Safe properties and carry out other administrative operations, such as compressing the Safe and changing the size of the Safe. The predefined Operator user is added automatically to this group.