Configure User Permissions for Remote Support Vault

The Vault features and configuration options are available in the /login interface. There are two permissions you can assign to users to help manage your BeyondTrust Vault instance.

  • Allowed to Administer Vault: This permission grants the user full rights to discover, add, modify, and manage privileged accounts stored on the B Series Appliance.

If a user has not been granted this permission, they cannot view or add shared generic vault accounts. However, they can add and manage their own personal generic vault accounts.

  • Allowed to View Vault Reports: This permission indicates what level of rights a user has for viewing Vault reports.  
    • Not Allowed: The user does not have permission to view any Vault reporting events.
    • View Only His/Her Events: The user has permission to view only their Vault reporting events and cannot view any other user account activity.
    • View All Events: The user has permission to view all Vault reporting events for all users.

By default, representatives are not given access to credentials. However, if an administrator grants a representative access to a credential, the representative can begin using the credential in BeyondTrust sessions and can check out the credential in /login (if enabled). Once the representative uses the credential, they are able to view reporting about their credential use.

By default, when BeyondTrust Vault is enabled, users with administrator privileges in BeyondTrust Remote Support will automatically possess the Allowed to Administer Vault and the Allowed to View Vault Reports - View All Events permissions. For other users, these permissions need to be explicitly configured. Follow the steps below to set these permissions.

  1. From the /login interface, navigate to Users & Security > Users.
  2. Locate the user you wish to assign the permission. Click Edit Account (pencil icon).

Allowed to Administer Vault User Permission

  1. Click General Permissions to expand that section.
  2. Under Administration, check Allowed to Administer Vault.
  3. Under Reporting, select a permission from the Allowed to View Vault Reports dropdown.
  4. Click Save.

 

Vault administration and report privileges can also be configured via group policy at Users & Security > Group Policies.

For more information, please see Users: Add User Permissions for a Representative or Admin.