In many organizations, there are many IT workers who have the right skills to manage a wide range of systems, but whose normal responsibility is narrow. These people should not and normally do not have administrative access to systems outside their normal scope of responsibility.

Using Hitachi ID Privileged Access Manager, this pool of talent can be leveraged when needed -- during periods of high workload or in emergencies -- without having to grant large numbers of users permanent access to systems.

  1. Privileged Access Manager ensures that every administrator account has a unique, frequently changing password:

    1. Sensitive passwords cannot be shared, since they are always changing.
    2. It is possible to give out passwords for a limited time, since administrative access will naturally expire.

  2. Privileged Access Manager controls access disclosure using a variety of mechanisms, including a workflow engine that supports granting temporary or exceptional access:

    1. Business logic restricts which passwords can be requested.
    2. Authorization logic routes requests to application owners.
    3. Business users can authorize one-time access disclosure to technical users.

Some examples of this flexibility are common in specific industries:

  1. Universities and Colleges: computer science students can be asked to help with IT tasks.
  2. IT Outsourcers: one customer's support team can be asked to help with another customer's systems.
  3. In general: developers can provide assistance with production systems.