Identify what you want to manage

Before adding any objects to the Privileged Access Service, you might want to consider the following:

  • Which accounts and account types—local, domain, database, and service—do you want to add to the service?
  • Which account passwords should only be managed by the service?
  • Are there any restrictions on the accounts you plan to add to the service?

You can store and manage accounts and passwords for different types of network systems, such as servers, workstations, swtiches, and routers. You can also store and manage passwords for accounts used to access to domains, databases, Windows services, and Windows scheduled tasks.

To get started, you might want to identify which accounts you want to store to support remote access and which accounts have passwords that should be managed. Some of the common local accounts that are likely candidates for being managed through Privileged Access Service include:

  • root
  • oracle for Oracle database administration
  • sidadm for SAP administration
  • db2inst for IBM DB2 instance administration
  • patrol for BMC Patrol administration

You might have many other administrative tools or in-house accounts that require special privileges, have access to sensitive information, are used to perform database operations, or are required to run specific services. You can use Privileged Access Services to manage the password for any of these accounts. You can also add any other accounts to securely store the account information without having the password managed.