USER MANAGEMENT
      Back to home
      1. Safetica
      2. MANAGEMENT: Manage your environment
      3. USER MANAGEMENT

      🆕Privileged access

      Grant users time-limited exceptions from all policy protection.

      In this article, you will learn about:

       

      Introduction: What is privileged access

      Privileged access turns off policy protection for a selected user for a limited time (1 hour, 6 hours, or until the end of the day). During this time, the user can perform operations that would normally be blocked or notified by data policies (these operations will still be logged).

      ❗With Privileged access, blocked actions will be allowed for the user for a selected time period.

      For now, Privileged access only turns off data policies.

       

      Necessary permissions

      To grant Privileged access to users, the admin needs the Privileged access management permission. The permission can be enabled or disabled in Settings > Accounts and permissions.

       

      How to grant Privileged access

      1. Go to Safetica console > Users.
      2. Click the user you want to grant Privileged access to.
      3. In the Actions drop-down, select Grant Privileged access.
      4. Set the duration of Privileged access (1 hour, 6 hours, or until the end of the day). After that time, policy protection will start working for the user as usual.

      ✍️Privileged access always expires at midnight. So, if you grant Privileged access to a user for 1 hour at 23:30, it will only last until 0:00.

        5.  You can check which users have Privileged access granted and until when in the Privileged access column in the Users table.

        6. Operations performed with Privileged access are recorded in the Data section. You can filter them by selecting Add filter > Operation context > Privileged access.

      ✍️When a user is granted Privileged access, an insight appears in Insights

      Insights related to Privileged access cannot be closed while Privileged access is granted to the user. To close such an insight, revoke the Privileged access first - just go to the Quick actions in the insight detail and click Revoke privileged access to given user.

       

      Example: A company uses a blocking policy to protect files with credit card numbers (files with the CCN data classification).

      An employee from the finance department needs to transfer a large number of files with credit card numbers to a USB. They ask the admin to be allowed to perform this action.

      The admin decides to grant the user Privileged access for 1 hour to allow the employee to complete the transfer. This will turn off policy protection for the user for the selected amount of time, but their actions will be logged.

       

      How to revoke privileged access

      To revoke Privileged access, follow the same steps as above, but select Revoke Privileged access in the drop-down.