Adding and removing account permissions on CyberArk

The CyberArk administrator can grant or revoke permissions to the Guardium system on the CyberArk vault server.

The Guardium system's account inherits all permissions from the group that it is added to. The minimum group permissions that are required are: List, Retrieve, and View Accounts.

Use the following procedures to add or remove the Guardium system's account from the CyberArk group.

Providing permission to the Guardium system

Use the following procedure to provide permission to the Guardium system on CyberArk.
Note: The CyberArk administrator must grant permission to complete installation of CyberArk on the Guardium system.
  1. Use the CyberArk client to log in to vault server.
  2. From the menu, go to Tools > Administrative Tools > Users and Groups.
  3. On the Users and Groups on Server Vault page, select the group that owns your safe. Click Update.
  4. On the Update group page, click Add and select User from the drop-down menu.
  5. On the Add Members to Group page click the Applications folder, select the member (Guardium system’s account name) Prov_Guardium system's address, and click the right arrow button to move the member to the group.
  6. Click ok to add the account to the group.

Revoking the Guardium system's permissions on CyberArk

When CyberArk is uninstalled from the Guardium system, use the following procedure to revoke permissions on CyberArk.
Note: To reinstall CyberArk on your Guardium system, you must remove the CyberArk account from the group.
  1. Use the CyberArk client to log in to vault server.
  2. From the menu, go to Tools > Administrative Tools > Users and Groups.
  3. On the Users and Groups on Server Vault page, click the Applications folder, and select the member (Guardium system’s account name) Prov_Guardium system's address.
  4. Click Delete to remove the account from the group.