Case 2: Users who need to run new apps with admin rights that are not covered under policies¶
When the users who need to elevate apps that are not covered in the policies, they can use the request-release workflow provided by Securden EPM.
Users can raise a request using the agent and once the administrator approves the request, the user can run the app with admin rights.
Follow the steps below to test the request-release workflow:
Step 1: Raising a request from the end user machine¶
1) In the endpoint, right click on an application that is not covered in a policy and click on Run with Securden Privilege.
2) A Securden dialog box will be displayed stating that you do not have necessary permissions to run the app with admin rights. In this dialog box, you will have the option to raise a request with the administrator. Click Request Admin Privilege.
3) In the window that appears, specify details such as the start and end time or the duration of the elevated access required.
4) Select the check box named With Admin Rights if shown.
Note
This checkbox will only be displayed when an allowlist/blocklist policy is enforced.
5) Provide a reason and submit the request.
Step 2: Approving/Rejecting the request¶
1) In the EPM server, go to the Requests tab.
2) Ensure the Request Filter is set to To Be Approved and find the request placed from the endpoint.
3) Click on Approve.
4) You will be able to specify the time or duration of elevated access that you as an administrator want to grant the end user.
5) Provide a reason and click Approve.
Note
Even though the user places a request with specific time/duration parameters, elevated access will be granted according to the time or duration specified by the administrator while approving the request.
Step 3: Elevating the application¶
Note
Verify whether the temporary access permission is still valid, i.e, the Securden server time must be between the approved start and end time of the access request. For duration-based privilege elevation, the time of the Securden server doesn’t have a bearing on the validity of the request.
1) In the end user machine, find the application for which the request was placed.
2) Right-click the application and select Run with Securden Privilege.
Note
You can try any one of the methods discussed in Case 1>>Step 2 to elevate the application.
3) The app will open with admin privileges. You will also be able to see a count-down on the bottom-right corner of the screen. Once the timer runs out, the app will be terminated automatically.
Note
You can also submit your elevated access before time by closing the timer window.
Now, you can try elevating a different application to which the user doesn’t have permission. The same dialog box will be displayed with the option to raise a request.
