Skip to main content
Question

Best approach to be followed for user group and smart group mapping

  • May 8, 2026
  • 1 reply
  • 46 views
G

Hello,

I would like guidance on recommended best practices for Smart Group to User Group mapping.

Requirement:

  • Multiple teams will access dedicated managed accounts.

We are evaluating the following design approaches:

Option 1:

  • Maintain only two common user groups globally:
    • Read-Only Users
    • Read-Write Users
  • Map all dedicated account Smart Groups across teams to these shared groups.

Option 2:

  • Maintain separate user groups for each team, even if permissions are identical.
  • Example:
    • Team A – RO / RW Groups
    • Team B – RO / RW Groups

We would appreciate guidance on:

  • Recommended best practices for large scale deployments.

 

Regards

GB

      1 reply

      J
      BeyondTrust Employee
      • jchandler
      • BeyondTrust Employee
      • June 8, 2026

      Hello ​@gborse57 

      A Dedicated Account in Password Safe restricts access to a managed account to a single user. Not even an administrator can access a dedicated managed account while its mapped.

      Please have a look at the Best Practices guide for Smart Groups
      https://docs.beyondtrust.com/bips/docs/best-practices-smart-groups.

      If you have any questions please let me know.

       

      John

        Badge Earners

        • BCA: Password Safe
          amarinhohas earned the badge BCA: Password Safe
        • BCSE: Endpoint Privilege Management - Windows
          TheSwitcherhas earned the badge BCSE: Endpoint Privilege Management - Windows
        • BCIE: Password Safe
          ronald95has earned the badge BCIE: Password Safe
        • BCA: AD Bridge
          Anbuhas earned the badge BCA: AD Bridge
        • BCA: Endpoint Privilege Management - Linux
          Anbuhas earned the badge BCA: Endpoint Privilege Management - Linux
        Show all badges
        Terms & ConditionsAccessibility statement