Create and View Smart Rules for Endpoint Privilege Management Policy Users
You can manage user-based policies for Endpoint Privilege Management users with Smart Rules, and view the policy users with the assigned policies.
This feature is only available when an Endpoint Privilege Management license is detected.
To deploy policies to users, you need to first create rules and policies in the Endpoint Privilege Management Policy Editor, and then you can log in to BeyondInsight to create applicable Smart Rules.
Create a Smart Rule
When a policy is deployed using a policy user-based Smart Rule, only the policy rules set in the User Configuration Rule Management section of the policy are processed by Endpoint Privilege Management clients that receive the policy. Policy deployment is controlled by the specifications in the Smart Rule.
A policy user-based Smart Rule can deploy policies to Windows Active Directory domain users and local users that are not part of a domain.
- From the Home page in the BeyondInsight console, click Configuration.
- In the General pane, click Smart Rules.
- Select Policy User from the dropdown for the Smart Rule type filter.
- Click Create Smart Rule +. A new window opens.
- Select Policy Users for the category.
- Provide a Name and Description for the policy.
- Select a Reprocessing Limit from the dropdown to set how often the Smart Rule runs.
- In the Selection Criteria section, select and add your desired filters to add the Endpoint Privilege Management accounts.
- To onboard local policy users, use the User Account Attribute filter after discovering users via scans. Then use their privilege attribute or their name for the Selection Criteria.
- In the Actions section, select and add the following actions:
- Add Policy Users: Adds users to BeyondInsight.
- Deploy Endpoint Privilege Management Policy: Deploys policies to the user accounts.
- Mark each policy user for removal: Deletes the user accounts from the Smart Group.
- Show as Group: Displays the Smart Rule as a Smart Group on the Policies page.
- Click Create Smart Rule.
View Policy Users
After the Smart Rule processes, you can view policy users on the Policy Users page. This page shows the policies assigned and applied.
- To view the page, click Policy Users on the Home page, or on the menu under Endpoint Privilege Management.
- Displayed policy users are filtered by the selected Smart Group filter.
- Displayed policy users can also be filtered by other criteria.
- Displayed policy users can be downloaded, and the grid view can be modified.
Depending the configuration of your grid and selected columns, not all policy user details may be visible. To configure display preferences, and see other options for the grid display, please see Change and Set the Console Display and Preferences.
- To remove a user from a policy, click the vertical ellipsis at the right end of the line and select Delete Policy User.