Transfer Ownership of a Secured Item

When a user who owns a Secured Item (such as a secured note or password) is removed from CyberArk Identity, all users who shared access to the item can no longer access it. You can transfer the ownership of a Secured Item from the user who created the item to another user, ensuring continued access for users with whom the item was shared.

You can specify a list of users (owners) in order of priority. The first person on the list becomes the owner, but if that person is unavailable, the second person on the list becomes the owner, and so on down the list as necessary. An owner can be a manager who is specified on the Users > Accounts page or any non-managerial user.

Consider whether the following practices might benefit your organization:

  • Create a policy set that applies to all users and transfers ownership of Secured Items to managers.

  • Create multiple policy sets, each applying to users with a specific role. For example, a policy for everyone in Sales can transfer ownership of Secured Items to the person at top of the Sales organization, rather than to a direct manager.

If you want the new owner to be able to share the application with new recipients, make sure the owner's role has Shared Credentials administrator rights.

To transfer ownership of a Secured Item:
  1. In the CyberArk Identity Admin Portal, go to Core Services > Policies and select a policy.

  2. Go to User Security Policies > User Account Settings and scroll down to Transfer ownership of shared items.

  3. Select the Owner Type (Manager or Specified User) and click Add

    If you select Specified User, click Add and search for a user to add.

  4. Repeat until you have added all users. You can drag the rows to re-order the priority.
  1. Click Save.