XTAM Permissions

Xton Access Manager provides a robust set of permissions that can be granted to users or groups (Principals) in order to control the level of access they have to objects and areas of the software.

Note that permissions in XTAM are additive, meaning that a higher level of permission includes all the roles of a lesser, and permissions can be inherited via folders.

Below is a list of available permissions and roles in XTAM.

Global Roles

Global Roles provide system wide access to XTAM.

  • Auditor

    • The Auditor role grants a limited “View Only” role to all folders and records in the system. It grants access to the Audit Log (record and system), Session History (record and system), Job History (record and system) as well as Administration Reports. For additional information, please see What is the Auditor Role.

  • System Administrator

    • The System Administrator role (the highest level available) grants full access to all vaults, folders, records, logs, security, script library, workflows, configuration and reports system wide. It can be used to grant and revoke other principals to this System Administrator role and therefore it should only be given to trusted users.

  • Split View

    • The Split View roles grants access to only the first or last part of a split password when the Split View Role is enabled. The Split View Role is configured in the Parameters section of the Administration page. What is Split View?

  • Service
    • The Service account is used for a distributed job engine deployment so an Administrator can designate certain records to be executed by specific job engine nodes. Read more about Distributed Job Engine Deployments.

FAQ-GlobalRoles

Grant Global Access and Permissions

Record Control

Record Control provides access to objects (Folders and Records) located in the Records area of XTAM.

  • Viewer
    • The Viewer role grants View Only access to the object.
  • Unlock
    • Viewer plus the ability to Unlock (view) secured fields like Passwords, Secrets and Certificates.
  • Editor
    • Unlock plus the ability to Edit the object as well as its associated Formula and to view its Session History, Video Recordings and Keystroke and Clipboard Events.
  • Manager
    • Editor plus the ability to Create or Delete objects (folders and records). Manager cannot create (share) or modify object permissions.
  • Owner
    • Full Control of the object. This includes creating new objects, modifying or deleting existing objects, sharing access (permissions), workflow configuration, Audit Events, History and Session Termination.

Session Control

Session Control provides access to connect to Remote Sessions using a record in XTAM.

  • None
    • The principal may not establish a remote session using this record.
  • Connect (Optionally recording without session events)
    • The principal may establish a remote session using this record and can choose whether their session is video recorded or not. Session events (keystrokes including SQL traffic over tunnels, clipboard and file transfer) will not be recorded.
  • Connect (Always recording without session events)
    • The principal may establish a remote session using this record and their session will always be video recorded. Session events (keystrokes including SQL traffic over tunnels, clipboard and file transfer) will not be recorded.
  • Connect (Optionally recording with session events)
    • The principal may establish a remote session using this record and can choose whether their session is video recorded or not. Session events (keystrokes including SQL traffic over tunnels, clipboard and file transfer) will be recorded.
  • Connect (Always recording with session events)
    • The principal may establish a remote session using this record and their session will always be video recorded. Session events (keystrokes including SQL traffic over tunnels, clipboard and file transfer) will be recorded.
  • Connect (No Recording with session events)
    • The principal may establish a remote session using this record and their session will not be video recorded. Session events (keystrokes including SQL traffic over tunnels, clipboard and file transfer) will be recorded.
  • Connect (No Recording without session events)
    • The principal may establish a remote session using this record and their session will not be video recorded. Session events (keystrokes including SQL traffic over tunnels, clipboard and file transfer) will not be recorded.

Task Control

Task Control provides access to Tasks associated to Records in XTAM.

  • None
    • The principal may not execute, review or manage tasks.
  • Execute
    • The principal may execute tasks.
  • Review
    • The principal may execute or review task results.
  • Manage
    • The principal may execute or review task results as well as manage the task list which includes the ability to Add/Remove tasks and edit Task Policies.

FAQ-ObjectPermissionLevels

Grant Object Access and Permissions

 

FAQ-ObjectPermissionLevelsEdit

Edit Object Access and Permissions