Granting an outstanding access request

About this task

When you receive an email that informs you that a request for temporary access is submitted, you can see the request by looking in the Outstanding Access Requests list.

To grant temporary access, complete the following steps:

Procedure

  1. Click Reports > Outstanding Access Requests.
  2. Select the request.
  3. Select View/Edit Request from the Actions list on the left.
    The Manage Access to Target pane is displayed. The Requested access requirements section displays the things that the user requested.
  4. Click the arrow button next to the target name at Request Targets to view effective policies and check whether there are any existing policies set for the user and target.
    Any existing policies that are set for the user and target, must be considered when you set the policies and permissions for the temporary access.
  5. Click Cancel to return to the Manage Access to Target screen.
  6. Use the Specify access allowed pane to set the policies and time period for the access.
    Setting the permissions effective during the session
    You can enable and set the policies and permissions that are effective during the temporary session by using an already defined permission set or by enabling individual policies. Choose the appropriate method for setting the policies.
    1. Permissions Set - Use an already defined set of permissions.
      1. Select a defined set of permissions from the list
      2. Click the arrow button next to Permissions, to show the policies, and permissions that are set. You can also change any of the values.

      For more information about permissions sets, see Creating a set of permissions that can be applied to a group.

    2. Permissions - Manually enable each policy.
      1. Click the arrow button next to Permissions.
      2. Choose the appropriate method for enabling the policies.
        • To enable every policy, click Enable all. You must select this option if there are existing policies set.
        • To enable some policies, select the check box next to each policy that you want to enable. It is important to enable all policies that you want, particularly if there are existing permissions set between the user and the target. Any existing policy that is not enabled is not in effect in the temporary session.
    3. Set the priority for each enabled policy. The default priority value is the value that is displayed first in the list and is set by the trc.default.request.priority property in trc.properties file. For more information about editing the properties files, see trc.properties.
      5
      This value is the highest priority. This value overrides any existing priority 0 and priority 1 policy that might exist between the user and target.
      1
      This value overrides any existing priority 0 policy that might exist between the user and target.
      0
      This value is the lowest priority. Any existing permission that is in effect between the user and target that is of a higher priority, overrides this policy. Therefore, you must set the policy to a higher priority value if there are existing permissions.
    4. Set or enter a value for the enabled properties. For more information about definitions and values for the policies, see Server session policies .
      Set to Yes
      The policy is in effect during the temporary session if there are no existing permissions set up between the user and target. If there are existing permissions, the priority value determines whether the policy is in effect.
      Set to No
      The policy is not in effect during the temporary session if there are no existing permissions set up between the user and target. If there are existing permissions, the priority value determines whether the policy is in effect. If the priority is set to 0 or 1, an existing policy of priority 5 Yes overrides the No value and the policy is in effect for the temporary session.
    Admin Notes®
    Type in here any relevant additional information. For example, to inform the user of the time that the session is valid for if it is different from the requested time.
    For example : Session is valid today between 12:00:00 and 14:30:00. 
    Starting on
    1. Select from the calendar or type the date, in the format yyyy-mm-dd, on which you want the access to commence.
    2. Type in a time in the format hh:mm:ss that you want the access to commence.
    Ending on
    1. Select from the calendar or type the date, in the format yyyy-mm-dd, on which you want the access to end.
    2. Type in a time in the format hh:mm:ss, that you want the access to end.
  7. Click Grant.

Results

An email is sent to the requesting user to inform them that the request for temporary access is granted. The request is saved to the Live access requests list.