Limit user access to passwords
In Thycotic Management Server, you can limit the resources that users can access. By default, all administrators, users, and help desk role users have access to all computers and user account passwords in Arellia. To change the default access, do the following steps:
- First, create and sync your Active Directory. (For instructions about how to sync your Active Directory, go to Create an Active Directory Domain.)
- In the Thycotic Security Manager, click the Configuration tab.
- In the file library in the left pane, navigate to Settings > Configuration > Resource Settings > Resource Types > Computer.
- In the right pane under Settings > Security Scope Set, click the Select... link.
- In the Select Item dialog box, click Active Directory Domains.
- Click OK.
In the right pane, click Save. (Note: You might need to scroll down to see the Save button.)
Important
At this point help desk role users will no longer have default access to all computers and user account passwords in Thycotic, so you must complete the following steps 8-16 to change their security descriptors.
- Click the Resources tab.
- In the file library in the left pane, navigate to Organizational Views > Active Directory Domains.
- Click Active Directory Domains.
- Right-click an organizational unit that you want to change the access of and click Properties.
 - Click the Security tab.
- Select Security descriptor and click the Select... link.
- Click the security descriptor you want to change.
- Click Save.
- Repeat for further security descriptors as needed.Â
Â
After making the preceding changes, users will be able to see only the resources in the organizational units that they have access to.Â
Â