Working with privileged account workflow

Users who are assigned to a role with the appropriate administrative rights can see the systems, domains, databases, and accounts where they have View permission in the Privileged Access Service. What you can do depends on the additional permissions you have been granted. For example, if you don’t have the Checkout permission, you cannot check out the password for a stored account. However, if one or more accounts are configured to use a request and approval workflow, you might be able to request access to the account password from a designated user or member of a designated role. It is at the approver’s discretion to approve or reject your request, and if approved, to grant you permanent or temporary Checkout permission. For more information on available account permissions, see Additional account permissions.

If an account is configured to require the approval of a designated user or role, you might see the Request Login or Request Checkout actions in the Accounts > Actions menu. Selecting Request Login or Request Checkout sends an email request to the designated user or to the members of a designated role for approval. If your request is approved, you have limited period of time to take the action you requested.

In addition to requesting an account login or requesting to checkout a password, this section also includes information for the following: