Real Time Authorization

Real Time Authorization allows administrators to remove users from groups while they are logged in with a directory account and use the registry key to perform an additional check to ensure that the user still has access to the password at the time they requested it. This puts the user through the log in process every time a password is requested.

Enable the following registry key to turn on this feature:

HKLM\SOFTWARE\BeyondTrust\PBPS\EnableCheckoutAuthorization

User receives  Missing Required Password Safe role error during request. Real Time Authorization check configured.

After the user is removed from the group, they receive the following error message when they request password access: Missing required Password Safe role.