Transferring User Accountabilities

The Transfer User Accountabilities feature in PAM360 allows administrators to securely transfer all resources, responsibilities, and privileges from one user account to another. This is particularly useful when a user departs or transitions roles within the organization. This feature ensures a smooth handover process while maintaining robust access control and security within the system.

At the end of this document, you will have learned about the following topics:

Prerequisites
Transferring the User Accountabilities
Limitations
Transferring Specific Privileges or Resources

1. Prerequisites

Accountabilities can only be transferred to another user with similar or higher profiles in PAM360.
It is highly recommended to create a new user account with a similar profile and to perform this operation (i.e., the replacement user) for a streamlined and easy transfer process.
A user with user management privileges is required to perform the transfer operation for a departing user. Departing users cannot transfer their own accountabilities to a new user.
It is highly recommended to advise the user to export their personal data before initiating the transfer. Personal tab data belonging to the user from whom the accountabilities are being transferred will be permanently deleted upon the transfer process and cannot be recovered.

2. Transferring the User Accountabilities

Navigate to the Users tab and click the User Actions icon beside the respective user whose resources and responsibilities need to be transferred.
In the dropdown that opens, click Transfer User Accountabilities.
In the dialog box that opens,
1. Select the new user account to which the resources and responsibilities are to be transferred.
  
  Note: Only user accounts in PAM360 with similar user roles and access status will be listed. If the desired user account is not available, upgrade the user role and access status accordingly. Click the user roles and access status link to view the required roles and privileges.
2. Tick the consent box after reading the consent message and click Transfer.
Upon successful execution, the specified entities will be transferred to the designated user. Before initiating the transfer, you will receive an email containing detailed user reports of both user accounts.
- Resources
- Resource Groups
- User Groups
- Access Control Authorized Privileges
- Password Reset Listener
- Zero Trust Access Policies
- SSH Keys and SSL Certificates
- SSH Keys and SSL Certificates Groups
- ManageEngine Integrations
- Scheduled Tasks
- Notifications
- MSP Organization Permissions
- Client Organization Permissions
This will be useful for resolving any discrepancies in the future related to the resources and other privileges.

Best Practice: Upon transferring all resources and user responsibilities, lock/delete the respective user account in the PAM360 interface.

3. Limitations

Individual transfer audits will not be available for this feature. However, verification can be ensured by reviewing the user report, which will be sent via email.
This feature does not apply to users with SSH CLI access, as they do not manage any resources or approval privileges in PAM360.
After transferring the user accountabilities, based on their role and access, the user will still have access to the feature configurations related to the above-listed entities. To ensure security, the user should be locked or deleted after the transfer is complete.
SDK applications associated with the user will continue functioning until manually reassigned to the new user under a different policy.

4. Transferring Specific Privileges or Resources

If you have a case where you are about to transfer only the resources or user privileges, perform the following desired operation as required.

To transfer only the approval privileges:

Navigate to the Users tab and click the User Actions icon beside the user whose approval privileges are to be transferred.
In the dropdown that opens, click Transfer Approver Privileges.
Select the new user account to which the approval privileges are to be transferred.
Click Save to complete the transfer.

To transfer only the assets/resources owned by a user:

Navigate to the Users tab and click the User Actions icon beside the user whose assets/resources are to be transferred.
In the dropdown that opens, click Transfer Resource Ownership.
Select the new user account to which the resources are to be transferred.
Click Save to complete the transfer.


Transferring User Accountabilities The Transfer User Accountabilities feature in PAM360 allows administrators to securely transfer all resources, responsibilities, and privileges from one user account to another. This is particularly useful when a user departs or transitions roles within the organization. This feature ensures a smooth handover process while maintaining robust access control and security within the system. At the end of this document, you will have learned about the following topics: Prerequisites Transferring the User Accountabilities Limitations Transferring Specific Privileges or Resources 1. Prerequisites Accountabilities can only be transferred to another user with similar or higher profiles in PAM360. It is highly recommended to create a new user account with a similar profile and to perform this operation (i.e., the replacement user) for a streamlined and easy transfer process. A user with user management privileges is required to perform the transfer operation for a departing user. Departing users cannot transfer their own accountabilities to a new user. It is highly recommended to advise the user to export their personal data before initiating the transfer. Personal tab data belonging to the user from whom the accountabilities are being transferred will be permanently deleted upon the transfer process and cannot be recovered. 2. Transferring the User Accountabilities Navigate to the Users tab and click the User Actions icon beside the respective user whose resources and responsibilities need to be transferred. In the dropdown that opens, click Transfer User Accountabilities. In the dialog box that opens, Select the new user account to which the resources and responsibilities are to be transferred. Note: Only user accounts in PAM360 with similar user roles and access status will be listed. If the desired user account is not available, upgrade the user role and access status accordingly. Click the user roles and access status link to view the required roles and privileges. Tick the consent box after reading the consent message and click Transfer. Upon successful execution, the specified entities will be transferred to the designated user. Before initiating the transfer, you will receive an email containing detailed user reports of both user accounts. Resources Resource Groups User Groups Access Control Authorized Privileges Password Reset Listener Zero Trust Access Policies SSH Keys and SSL Certificates SSH Keys and SSL Certificates Groups ManageEngine Integrations Scheduled Tasks Notifications MSP Organization Permissions Client Organization Permissions This will be useful for resolving any discrepancies in the future related to the resources and other privileges. Best Practice: Upon transferring all resources and user responsibilities, lock/delete the respective user account in the PAM360 interface. 3. Limitations Individual transfer audits will not be available for this feature. However, verification can be ensured by reviewing the user report, which will be sent via email. This feature does not apply to users with SSH CLI access, as they do not manage any resources or approval privileges in PAM360. After transferring the user accountabilities, based on their role and access, the user will still have access to the feature configurations related to the above-listed entities. To ensure security, the user should be locked or deleted after the transfer is complete. SDK applications associated with the user will continue functioning until manually reassigned to the new user under a different policy. 4. Transferring Specific Privileges or Resources If you have a case where you are about to transfer only the resources or user privileges, perform the following desired operation as required. To transfer only the approval privileges: Navigate to the Users tab and click the User Actions icon beside the user whose approval privileges are to be transferred. In the dropdown that opens, click Transfer Approver Privileges. Select the new user account to which the approval privileges are to be transferred. Click Save to complete the transfer. To transfer only the assets/resources owned by a user: Navigate to the Users tab and click the User Actions icon beside the user whose assets/resources are to be transferred. In the dropdown that opens, click Transfer Resource Ownership. Select the new user account to which the resources are to be transferred. Click Save to complete the transfer.