PAM360 » Features » Privilege elevation and delegation management » Self service privilege elevation

Provisioning self-service privilege elevation for Windows and Windows domain accounts

PAM360 enables administrators to configure self-service privilege elevation on target endpoints using an agent-based approach. With access control enabled for accounts in resources where self-service privilege elevation agents are configured, self-service privilege elevation will take precedence over password access control. This means users can log in to their target resources and run specific types of applications (CMD, EXE, MSI, MSC, and BAT) as a PAM360 privileged account with elevated privileges without requiring privileged account credentials.

Self-service privilege elevation enables users to perform special administrative actions on applications by auto-approving their requests and elevating their privileges temporarily to carry out their intended tasks. Once the requested activity is completed, their application privileges will be revoked and the credentials to the target resources will be rotated automatically.

This is different from the regular just-in-time privilege elevation, as JIT includes a time-based request-release mechanism to elevate users into respective security groups automatically and demote them.

A couple of good use cases pertaining to this feature include, but not limited to:

  • Developers who need to install a particular application in a remote endpoint, but do not have sufficient privileges to do so, can leverage self-service privilege elevation to execute the installer file using a privileged account in the endpoint.
  • DBAs who wish to perform database maintenance operations using Microsoft SQL Studio, but do not have full on administrator rights to the end point in which SQL instance is running, can leverage self-service privilege elevation to run SQL Studio using a privileged account permission.

 

With appropriate privileges, administrators and users can generate custom reports on self-service privilege elevation events. Learn more about enabling and configuring self-service privilege elevation on target systems.

Watch video