Manage Safe members

This topic describes how to add Safe members, edit Safe member permissions, and remove a Safe member from a Safe.

What are Safe members?

Users who have access to safes are called Safe members. A Safe member can be a single user or a group.

Each Safe member is given a unique set of permissions in the Safe that enable them to perform tasks on accounts and files in that Safe.

These permissions are given to each Safe member individually.

The list of system users also displays predefined users that are automatically assigned to each Safe by the system when the Safe is created. See Predefined users and groups for Privilege Cloud Standard.

Required authorizations

Users require the following authorizations to manage Safe members:

Authorization

Description

Manage Safe Members

This authorization is given at the Safe level, as part of the Safe member authorizations.

It enables the user to perform the following actions:

  • Add existing Privilege Cloud users and groups as Safe members in the Privilege Cloud Portal

  • Add users in external LDAP directories as Safe members in the Privilege Cloud Portal

  • Specify and update Safe permissions

  • Remove a user from a Safe

View Safe Members

Enables the user to view the permissions of Safe members in the Privilege Cloud Portal.

Add Safe members

Add Safe members through the Privilege Cloud portal.

To add Safe members:

  1. In the Privilege Cloud portal, click PoliciesSafes.

  2. Select a Safe from the list, and then click the Members tab.

  3. Click Add Members.

    The Add member to Safe wizard opens.

  4. On the Select Safe members page, search and select the members that you want to add.

    The maximum number of Safe members is 64, including predefined users. In the list of potential members, select up to ten users at a time, and repeat until all necessary users are assigned.

    Use the following filter options.

    Field

    Description

    Source

    Narrow the search according to the origin of the users/groups:

    • Privilege Cloud (created locally)

    • External directories, like LDAP

    Member type

    • User

    • Group

    Search

    Search for a specific member by name.

    • Enter an alphanumeric string of at least three characters.

    • Member names cannot include the following characters: \ / : * < > “ | ? % & +

    • If you are searching for a name that is less than three characters, enter the first character followed by two spaces, or first two characters followed by a space

    Results display names that include the search string anywhere in the name.

  5. After you select all the members you want to add to the safe, you can use the Show selected only toggle to verify your selection, and then click Next.

  6. On the Set Permissions page, set the permissions for the Safe member.

    • Membership expiration is Off by default. You can click Set and define an expiration date.

    • Permissions presets allow to select a preconfigured permissions profile. Select one of the default profiles. You can adjust default preset permissions according to need, in which case the preset type changes to Custom.

      For details about permissions and their meaning, see Permissions.

  7. Click Add member.

Edit Safe member permissions

 
  • When you edit a Safe member's permissions, you can assign only the specific permissions that your user has.

  • You can only edit a Safe member's permissions who has either the same permissions that you have or less permissions.

  1. In the Privilege Cloud portal, click Policies > Safes.

  2. Select a Safe from the list, and then click the Members tab.

  3. For the Safe member that you want to update, click the More options button and then select Manage Permissions.

  4. Change the Safe permissions for this Safe member, according to the following options:

    • Set membership expiration date

    • Select a Permissions preset profile or select a custom group of specific permissions

    • Click Show permissions to view the permissions in a group

    • Click a check box to either select or remove a specific permission

    • Click a group's title check box to select or remove a group of permissions.

  5. Click Save.

Remove Safe members

  1. In the Privilege Cloud portal, click Policies > Safes.

  2. Select a Safe from the list, and then click the Members tab.

  3. For the Safe member that you want to remove, click the More options button and select Remove.

Permissions

This section includes all the permissions that you can grant to Safe members, grouped by the permission's type.

See alsoManage Safes