Checking out an account password

When you add database accounts to the Privileged Access Service, you can store the passwords for those accounts securely in a local repository, in the Centrify, or in a key management appliance such as SafeNet KeySecure. If you have the appropriate global or database-specific permissions, you can check out the password for a stored database account used to connect to a database. When you check out a password, you choose whether to display or copy it to the clipboard for use. The password remains checked out until either you check it back in or the Privileged Access Service checks it automatically.

The maximum length of time you are allowed to keep a password checked out is configured by the Setting database‑specific policies policy. However, you can extend the checkout time for a password that is currently checked out, if needed. For more information about configuring the Checkout lifetime policy, see Setting database‑specific policies. For more information about extending the checkout time, see Extending the password checkout time.

To check out a database account password:

  1. In the Admin Portal > Resources > Databases to display the list of databases.
  2. Select a database to display the database details.
  3. Select the appropriate database account from the list of accounts, then click Checkout or Request Checkout.

    If you don’t have the Checkout permission and click Request Checkout, your request is sent to a designated user or to the members of a designated role for approval. If your request is approved, you have limited period of time to check out the account password. For more information about the “request and approval” work flow, see Managing access requests.

  4. Click Show Password if you want to view the password for the selected account as plain text or click Copy Password to copy the password without viewing it.

    Depending on how authentication rules and authentication profiles are configured for the database and account, you might be required to respond to one or more authentication challenges before viewing or copying the stored password. If you are able to authenticate successfully by responding to one or more authentication challenges, the checkout proceeds. The checkout is then recorded as recent activity in the dashboard, in your workspace, and in the list of database activity.

  5. Click Close.

  6. Log on to the database using the selected account name and password.

After taking the appropriate action on the database, close the session to log off and check in the password. For more information about checking in a password, see Checking in a password.