Create exceptions to Master Policy
This topic describes how to create exceptions to the Master Policy.
You may decide that certain accounts need to be handled differently from the rest.
The following scenario describes a typical workflow using the Master Policy and Platform Management technical settings.
In a large enterprise that manages multiple accounts on local and remote machines, a Risk Manager has issued a security policy defining that all passwords in the organization must be changed every 90 days. In response, the IT/IS Group Manager informed him that passwords for the Windows PCI systems in the organization’s US offices only need to be changed once a year. In addition, the Vault Administrator has suggested using a different port to manage Windows_US PCI systems.
To ensure compliance with enterprise and standard policies, the Compliance Auditor emphasizes the importance of compliancy and wants to know how to verify that all accounts comply with the Master Policy.
The new Master Policy enables all the above users to get what they want:
■ | The Master Policy defines password changes for all privileged accounts every 90 days. |
■ | An exception is created within the Master Policy to change passwords on Windows PCI systems in the US offices once a year. |
■ | The Compliance Auditor can see the effective accounts policy that is enforced throughout the organization in the Master Policy, and can view compliancy to it in the standard compliance report. |
■ | Finally, technical settings that are set in the new Platform Management page enable the Vault administrator to set a different port or any other technical settings for all accounts that are managed on the Windows_US PCI system. |
Exceptions are created for specific platform and affect all of the accounts associated with that platform. You need to create platforms before you create exceptions in the policy for those platforms. For details, see Manage platforms.
To create an exception:
- In the Privilege Cloud Portal, click Policies > Master Policy.
- Select a rule, and then, in the Rule Preview pane, click Add Exception.
- On the Create Exception dialog box, select the platform for which you want to create the exception, and then click Next.
- Set the Exception, and then click Finish.