With the Privileged Access Service, you can securely store local user name and password combinations (accounts). You can then use those accounts to connect interactively to servers, switches, and routers (systems). You can also choose who is authorized to use the accounts on which systems and who is authorized to view or copy the account password.
The systems you manage might include servers and network devices inside of your organization’s firewall, outside of the firewall, or a combination of the two. For example, you might have some users who can log on to specific systems inside of the firewall and others who can access specific systems located outside of the firewall.
In the most common scenario, you would add shared local accounts—such as root, patrol, or oracle—for the systems you add to the Privileged Access Service. You would also specify which users are allowed to use those shared accounts and what different users are allowed to do. For example, you can specify which users can connect using a given account without having to specify the password for the account.