As an administrator,
you can create a policy to enable
credentials to be checked out so that users can check out credentials
by using the self-service interface.
Before you begin
Depending
on how your system administrator customized your system, you might
not have access to this task. To obtain access to this task or to
have someone complete it for you, contact your system administrator.
Ensure
that you created an access control item (ACI) for the protection category
of Shared Access Policy. For more information
about ACIs, see Access control item management.
Organizational roles and services that the shared access policy uses must be in place before
you create the shared access policy.
If a role is a member of another organizational role in a shared access policy, then that role member also
inherits the permissions of the shared access
policy.
Procedure
To create a shared access policy,
complete these steps:
- From the navigation tree, select .
- In the Shared Access Policies table, click
Create.
- On the General page, complete these
steps:
- Type the name of the policy.
- Optional: Type information about
the policy
in the Description field.
- Set the policy status. The status is set
to Enable by default.
- Click Search to specify a business
unit other than the default Organizational business unit.
- Select the scope that the policy uses for
the business
unit. The scope is set to This business unit
and its subunits by default.
- Click the Members page and select the member type that you want to
associate with the shared access policy. If you select Roles specified below, complete these steps to add
one or more roles to the Roles table:
- Click Add.
- On the Organizational Role page, specify your search criteria and
then click Search.
- In the Roles table, select one or more roles.
- Click OK.
- Click the Entitlements page and add one or more entitlements to the
shared access policy:
- Click Add.
- On the Entitlements page, select the Entitlement Target
Type.
- Depending on your selection, do the following.
- Credential
- Specify the information to limit the credential search. Leaving a field blank is the
same as selecting all credentials.
- Type a login ID.
- Type the resource name.
- Click Search.
- Select the credentials that you want to add to the entitlement.
- Credential pool
- Specify the information to limit the credential pool search. Leaving a field blank is
the same as selecting all credential pools.
- Type the pool name or a description of the pool.
- Type the resource name.
- Click Search.
- Select the credential pools that you want to add to the entitlement.
- Filtered
- Under Filter Creation:
- Select the type of filter that you want to create from the list.
- Credentials
-
- Use the Select all check box to entitle all credentials
under the policy business unit. No additional information is needed. The
information fields are deactivated.
- Type the name of the entitlement. If enabled, this field is a required
field.
- Supply the filter information.
- Type the login ID.
- Type the resource name.
- Type the resource tag.
Note: If you do not specify any filter information, the entitlement defaults
to the all credentials entitlement. If you specified an entitlement name, it is
overridden by the default All credentials name.
- Credential Pools
-
- Use the Select all check box to entitle all credential
pools under the policy business unit. No additional information is needed. The
information fields are deactivated.
- Type the name of the entitlement. If enabled, this field is a required
field.
- Supply the filter information:
- Type the pool name.
- Type the resource name.
- Type the resource tag.
Note: If you do not specify any filter information, the entitlement defaults
to the all credential pools entitlement. If you specified an entitlement name, it
is overridden by the default All credential pools
name.
- Click OK. The credentials or credential pools are displayed in the
Entitlements table.
- Click Cancel to return to the Entitlements
page.
- Click Preview to see the list of credentials or credential pools
that are returned by the filter criteria that you specified.
- Click Submit to save the policy.
- On the Success page, click Close.