Skip to main content

Hello everyone,

We’re struggling with lack of possibility to introduce more granular access for PS Administrators, there’s an idea for the same More granular access rights for custom PS | All Product Ideas - Public 

Do you have similar experience with the product? If yes then please share your thoughts on that and like an idea if you find it useful, maybe it will get some attention thanks to that.

Cheers,

Bartosz 

Hi ​@Bartosz , 

 

Granular admin rights can be assigned to user, refer to How to grant a user administrator access to Web Console

Hello, Thank you for a reply, however what we’ve got in mind is even more granular access to avoid overprovisioning of permissions. Idea is to have a possibility to build custom permissions for a group but with more control over level of permissions and particular configuration that members can perform.

Hi,

I’m also interested to remove the right to view recorded sessions from admins as they’re supposed to only administrate the solution and not be tempted to review a recorded session. I have admin accounts without that permission set up but then many other things can’t be done.

@Robert A.  I think this could be done by not giving full admin rights and just granting the admins permssions they need.  For example How to grant a user the ability to manage web console User Management and Roles

These article may also be of use:

How to assign permissions and features for login users to do onboarding of assets and Managed Accounts

 

How to assign permissions and features for login users to test and change password on managed accounts

 

@GloriaB I’ve set up the permissions a while back (approx. 2 years ago) with help from BT and it was not possible to create an admin like account just without the permission to view session recordings. These admin accounts without access to recordings do not have all required rights to administer PS properly. I’ll check those links again to see if it’s possible but doubt that this has changed since we set up the admin users. Thanks!

@Robert A. Granular admin rights started in 23.1 and has been improved upon since then.  This KB article is How to assign user's permissions to access Analytics & Reporting and view Session Replays or Competed Sessions is used a lot for auditor accounts. 

@GloriaB I’m trying to do the opposite of what is described in the article. I already have an auditor group which is working fine for me. I want an admin group which does not have access to recorded sessions.

The article describes to provide the following permissions to allow access to session recordings:

  • Read access to an Asset Smart Group (Ex. All Assets) and the Auditor Password Safe role assigned
  • Read access to Managed Account Smart Group (Ex. All Managed Accounts) and the Recorded session reviewer role assigned.

Which one of the above to I revoke to only remove access to session recordings and not impact anything else?

Reply


Badge Earners

  • BCSE: Privileged Remote Access
    jreeveshas earned the badge BCSE: Privileged Remote Access
  • BCA: Password Safe
    alessio.marottahas earned the badge BCA: Password Safe
  • BCSE: Password Safe
    AmilaKhas earned the badge BCSE: Password Safe
  • BCA: Password Safe
    Tony Forsterhas earned the badge BCA: Password Safe
  • BCIE: Endpoint Privilege Management - Windows
    Angelahas earned the badge BCIE: Endpoint Privilege Management - Windows
Show all badges
Terms & ConditionsCookie settings