Gain control over web apps and cloud management platforms

Virtually all compliance mandates and security best practice frameworks require some form of role-based access control (RBAC). Access control allows system administrators to manage user roles and permissions efficiently and sustainably. Policies set rules that apply to all users, so you don’t need to make on-the-fly decisions about who should be able to access what, why, and how.

Access Control and Least Privilege

Access control makes it possible to implement and manage a least privilege policy in which users have only the access they require to get their jobs done. When systematically applied, controls reduce the risk that a user will be granted too much access. For example, administrators can ensure that users can’t accidentally or intentionally change administrative settings they shouldn’t have rights to. Just as important as implementing least privilege is maintaining appropriate access over time, and effectively avoiding privilege creep whereby a user retains access to resources they no longer require.

Access Control and Separation of Duties

There are two main types of Separation of Duty policies—Static (SSoD) and Dynamic SoD (DSoD). Mutually exclusive role constraints are used to enforce static separation of duty policies, while dynamic separation of duty policies are intended to limit the permissions that are available to a user.

Access Control and Active Directory

Implementing access control via a hub and spoke model, in which Active Directory is the hub, allows for a unified view and centralized, consistent control. For organizations already managing permissions via Active Directory (AD), user groups often map naturally to user roles.

For a more in-depth look at RBAC, please read our glossary entry for Role-Based Access Control

Role-Based Access Control for Active Directory (RBAC AD) allows IT admins to control what users can do within Secret Server on an individual or group basis. RBAC simplifies common IT admin tasks like onboarding a new user, moving someone to a different department or division, or, most importantly, off-boarding a user. You can quickly modify permissions in bulk – for all users with a particular role – either to grant them additional access, tweak their permissions based on new or obsolete resources, or lock down their permissions, which is especially important in the event of a breach. Users themselves are never directly given a permission. Permission only comes along as part of their role. This prevents permission creep.

Secret Server ships with out-of-the-box roles to solve common configurations and get you going quickly. Each user and group is assigned to one or more roles that define what they can do in the system. If an out-of-the-box role doesn’t suit you, it can be modified, or you can simply create a new one to correspond to your organization’s structure.

Learn more about Role-Based Access Control: RBAC

Users across the organization have many different logins to business applications and sites, they need to do their job with most outside the purview of IT and security protocols. Business users often store passwords in browsers for web applications or use personal vaults with no IT oversight, which increases risk. Consider your HR team who access and control all employee PII or your accounting team with access to private financial information for example.

Delinea Credential Manager reduces that security risk by allowing business users to access credentials for any business account from any browser or mobile device with one click to all their shared credentials in a secure vault that provides a seamless and friendly experience. Delinea Credential Manager gives you oversight across all credentials to any business account or application with enterprise level controls, while providing business users with an easy-to-use vault experience to create, store and access credentials.

Learn more about Delinea Credential Manager

Delinea Secret Server provides a proxy capability to ensure the only way to access your Windows servers is via the secure vault. The RDP proxying feature allows RDP connections established using a launcher to be routed through Secret Server. Direct access can be prevented at your firewall level, forcing administrators to use Delinea Secret Server to store their domain admin credentials and use the proxy to access servers.

The RDP proxy can be used in conjunction with the session recording and monitoring to provide a full audit log of all activities related to the target server.

With Secret Server, privileged users can access the accounts and systems they need without ever seeing a password because credentials are automatically injected. Users don’t have to remember complex passwords, and they avoid the temptation to write them down or share them.

Learn more about access control in Secret Server

• View all the permissions available for RBAC in Secret Server
• View instructions for configuring and assigning user roles

Privileged Remote Access elevates and extends the remote access capabilities of Delinea Secret Server to enable secure remote access with the simplicity of a web browser.

With Privileged Remote Access, third parties can establish secure connections to servers via RDP and SSH for troubleshooting and development. Remote IT users can maintain privileged access to applications when working from home.

Privileged remote access on the Delinea Platform enables all remote users outside your network to securely access privileged accounts with a seamless VPN-less, browser-based workflow while increasing the controls, security, and monitoring for every remote privileged session, taking. This takes your core Secret Server remote access options to the next level.

Learn more about secure remote access while saving time and money »