Manage Safes

This topic describes how to add, edit, and delete Safes.

Authorized users can add Safes through the Privilege Cloud portal.

What are Safes?

Safes enable you to store and organize authorized user accounts according to your organization's requirements. For example, you can create a Safe for each department such as Finance or HR, and store the accounts for that department in the relevant Safe. Or you can create Safes for accounts based on operating systems such as Windows or Unix.

Organizing accounts in different Safes enables you to limit access to accounts. For example, only the administrator of Windows accounts would have access to the Windows accounts Safe, and only the administrator of the Unix accounts would have access to the Unix accounts Safe.

Users who have the relevant permissions can add Safes in the Privilege Cloud Portal and modify their properties, as well as manage Safe members and their permissions.

Required authorizations

Users require the following authorizations:

Authorization

Description

Add safes

Enables the user to add safes.

Users who do not have the Add safes authorization can view the Safes page with one of the following authorizations:

Authorization

Description

Manage Safe

This authorization is given at the Safe level, as part of the Safe member authorizations.

It enables the user to perform the following actions:

  • View the Safes page in the Privilege Cloud Portal

  • Manage the properties of existing Safes

Manage Safe Members

This authorization is given at the Safe level, as part of the Safe member authorizations.

It enables the user to perform the following actions:

  • Add existing Privilege Cloud users and groups as Safe members in the Privilege Cloud Portal

  • Add users in external LDAP directories as Safe members in the Privilege Cloud Portal

  • Specify and update Safe permissions

  • Remove a user from a Safe

Authorization

Description

Add Safes

Enables users to add Safes.

Manage Safe

This authorization is given at the Safe level, as part of the Safe member authorizations.

It enables the user to perform the following actions:

  • View the Safes page in the Privilege Cloud Portal

  • Manage the properties of existing Safes

Manage Safe Members

This authorization is given at the Safe level, as part of the Safe member authorizations.

It enables the user to perform the following actions:

  • Add existing Privilege Cloud users and groups as Safe members in the Privilege Cloud Portal

  • Add users in external LDAP directories as Safe members in the Privilege Cloud Portal

  • Specify and update Safe permissions

  • Remove a user from a Safe

Add a new Safe

Safes that are created in the Privilege Cloud portal are based on properties specified in a Safe template.

To add a new Safe:

  1. In the Privilege Cloud portal, click PoliciesSafes. A list of safes are displayed depending on your permissions.

     

    The Safes that appear in the list are either Safes created by your user, or Safes for which you have one of the required permissions.

  2. Click Create Safe.

    The Add Safe page appears, displaying a workflow wizard with the following steps: 

    • Define properties

    • Select members

    • Set permissions

  3. In the Define properties step, enter the following details:

  4. Safe properties

    Description

    Safe name

    Enter a meaningful Safe name using alphanumeric characters.

    The following characters cannot be used in the Safe name:

    \ / : * < > . | ? “% & +

    This field is mandatory. Once defined you can save the Safe for quick setup and complete additional details later.

    Assign to CPM

    In the drop-down list, select the CPM that will manage this Safe's password policy.

    Description

    Enter a description of the Safe.

    Advanced details

    Specify password version management for the Safe:

    • Save account versions for a period of <number> days – The number of days that password versions are saved in the Safe.

      By default, the last seven password versions are stored.

      You can display the saved password versions in the Versions tab of the Account Details page.

    • Save latest account versions: <number>. The number of previous password versions that you want to save for each account. These versions are stored in the Safe indefinitely. A new version replaces the oldest version.

  5. Click Next and perform the following tasks:

    • In Select members tab, select Safe members

    • In Set permissions tab, set member permissions

      See Add Safe members.

  6. When done, click Create Safe,

    -or-

    Click Skip and create safe for quick setup of the Safe.

    The Safe is created and appears in the Safe list for future editing, adding of members, and defining member permission, as detailed in Add Safe members

Edit a Safe

Review the Required authorizations to see which permissions you need.

To edit a Safe:

  1. In the Privilege Cloud portal, click Policies > Safes.
  2. In the row of the required safe, click Edit

    -Or-

    Click the row of the required safe, and in the safe details tabs that appear on the right, click Edit.

    Edit the safe properties as described in Add a new Safe above.

  3. Click Save.

  4. To rename the Safe, in the Safe name, field, enter a new Safe name.

  5. Click Save.

Delete a Safe

Review the Required authorizations to see which permissions you need.

Before you can delete a Safe you must first delete all of its content (accounts and files) permanently. Accounts are deleted permanently only after their retention period has passed.

 

You cannot recover a deleted Safe.

To delete a Safe:

  1. In the Privilege Cloud portal, click Policies > Safes.
  2. Select a Safe from the list, ellipsis button, and then click Delete.

See alsoManage Safe members