Manage Safes
This topic describes how to add, edit, and delete Safes.
Authorized users can add Safes through the Privilege Cloud portal.
What are Safes?
Safes enable you to store and organize authorized user accounts according to your organization's requirements. For example, you can create a Safe for each department such as Finance or HR, and store the accounts for that department in the relevant Safe. Or you can create Safes for accounts based on operating systems such as Windows or Unix.
Organizing accounts in different Safes enables you to limit access to accounts. For example, only the administrator of Windows accounts would have access to the Windows accounts Safe, and only the administrator of the Unix accounts would have access to the Unix accounts Safe.
Users who have the relevant permissions can add Safes in the Privilege Cloud Portal and modify their properties, as well as manage Safe members and their permissions.
Required authorizations
Users require the following authorizations:
Authorization |
Description |
---|---|
Add safes |
Enables the user to add safes. |
Users who do not have the Add safes authorization can view the Safes page with one of the following authorizations:
Authorization |
Description |
---|---|
Manage Safe |
This authorization is given at the Safe level, as part of the Safe member authorizations. It enables the user to perform the following actions:
|
Manage Safe Members |
This authorization is given at the Safe level, as part of the Safe member authorizations. It enables the user to perform the following actions:
|
Authorization |
Description |
---|---|
Add Safes |
Enables users to add Safes. |
Manage Safe |
This authorization is given at the Safe level, as part of the Safe member authorizations. It enables the user to perform the following actions:
|
Manage Safe Members |
This authorization is given at the Safe level, as part of the Safe member authorizations. It enables the user to perform the following actions:
|
Add a new Safe
Safes that are created in the Privilege Cloud portal are based on properties specified in a Safe template.
To add a new Safe:
-
In the Privilege Cloud portal, click Policies > Safes. A list of safes are displayed depending on your permissions.
The Safes that appear in the list are either Safes created by your user, or Safes for which you have one of the required permissions.
-
Click Create Safe.
The Add Safe page appears, displaying a workflow wizard with the following steps:
-
Define properties
-
Select members
-
Set permissions
-
-
In the Define properties step, enter the following details:
-
Save account versions for a period of <number> days – The number of days that password versions are saved in the Safe.
By default, the last seven password versions are stored.
You can display the saved password versions in the Versions tab of the Account Details page.
-
Save latest account versions: <number>. The number of previous password versions that you want to save for each account. These versions are stored in the Safe indefinitely. A new version replaces the oldest version.
-
Click Next and perform the following tasks:
-
In Select members tab, select Safe members
-
In Set permissions tab, set member permissions
See Add Safe members.
-
-
When done, click Create Safe,
-or-
Click Skip and create safe for quick setup of the Safe.
The Safe is created and appears in the Safe list for future editing, adding of members, and defining member permission, as detailed in Add Safe members
Description |
|
---|---|
Safe name |
Enter a meaningful Safe name using alphanumeric characters. The following characters cannot be used in the Safe name: \ / : * < > . | ? “% & + This field is mandatory. Once defined you can save the Safe for quick setup and complete additional details later. |
Assign to CPM |
In the drop-down list, select the CPM that will manage this Safe's password policy. |
Description |
Enter a description of the Safe. |
Advanced details |
Specify password version management for the Safe: |
Edit a Safe
Review the Required authorizations to see which permissions you need.
To edit a Safe:
- In the Privilege Cloud portal, click Policies > Safes.
-
In the row of the required safe, click Edit
-Or-
Click the row of the required safe, and in the safe details tabs that appear on the right, click Edit.
Edit the safe properties as described in Add a new Safe above.
-
Click Save.
-
To rename the Safe, in the Safe name, field, enter a new Safe name.
- Click Save.
Delete a Safe
Review the Required authorizations to see which permissions you need.
Before you can delete a Safe you must first delete all of its content (accounts and files) permanently. Accounts are deleted permanently only after their retention period has passed.
You cannot recover a deleted Safe. |
To delete a Safe:
- In the Privilege Cloud portal, click Policies > Safes.
- Select a Safe from the list, ellipsis button, and then click Delete.
See also: Manage Safe members