Require an Account Check-Out to View the Password
If an account has a Check-out/Check-in view policy, the account must be checked out to view the password. The person then has exclusive access to the password. While it is checked out, other persons cannot view the password nor can they change any aspect of the account in any way. Once the password is checked back in to Credential Manager, others can view it and can update it.
capam32
If an account has a Check-out/Check-in view policy, the account must be checked out to view the password. The person then has exclusive access to the password. While it is checked out, other persons cannot view the password nor can they change any aspect of the account in any way. Once the password is checked back in to Credential Manager, others can view it and can update it.
The Check-out/Check-in policy can have a time interval, after which the account is automatically checked back in.
Sometimes an administrator needs immediate access to a password that is checked out. The administrator can remove the restriction on the account by checking in the account on behalf of another user. By default, only the administrator role has permission to force a check-in operation. If necessary, you can configure other roles with this permission.
This topic describes the following procedures:
2
For the equivalent procedures using the CLI, see Require a Password Check Out and Check using the CLI.
Check Out a Password Using the UI
Follow these steps:
- SelectCredentials,Manage Targets,Accounts.
- Select the blue View icon (which resembles an eye) in theActioncolumn of the Account for which you want to request authorization. A Show Password pop-up window appears, prompting you for your password and the reasons for viewing the target password.
- Enter your (Credential Manager administrator) password.The password field is displayed if the target account is authenticated.
- Select yourReasonfor viewing the (target account) password.
- (Optional) Enter theReason Description.
- SelectView.The GUI displays the account User ID and the password. The GUI also notifies you that the account is checked out.
- SelectOK.
Determine Who Has a Password Checked Out
Use the following procedure to find out how has a password that is checked out.
Follow these steps:
- SelectCredentials,Manage Targets,Accounts.
- For the appropriate entry in the Target Accounts list, select the blue Checkout icon (which resembles an eye with an X across it) located in the Action column. A dialog appears showing who has checked out the password.The Reference Code is shown only if the requestor has entered the reference code in View Account Password Request screen before viewing the account password.
Check In a Password Using the UI
When you check out a password, no other user can view the password or can change the account until you select it back in again. Checking in the password removes this restriction and frees the account for use by others. In emergency situations, an administrator can check in a password on behalf of another user.
Checking in passwords does not affect open access sessions. Users currently in active access sessions will remain logged in regardless of the password being checked in.
You can check in an account password from the following GUI locations:
- Credentials, Manage Targets, Accounts
- Credentials, Workflow, My Requests
- Access screen
Use the following procedure to check in a password from the
Credentials
, Manage Targets
, Accounts
screen.Follow these steps:
- SelectCredentials,Manage Targets,Accounts.
- For the account password to be checked in, select the Check-In icon (a black right-facing arrow inside a box). The icon is in the Action column.A message confirms that the password has been checked in.
Use the following procedure to check in a password from the
Credentials
, Workflow
, My Requests
screen.Follow these steps:
- SelectCredentials,Workflow,My Requests
- Select the entry for the account (with status “Checked Out”) whose password you want to check in and selectView. The Password View Request Details screen appears.
- In the Password View Request Details dialog, selectCHECK IN.A message confirms that the password has been checked in.
Use the following procedure to check in a password from the
Access
screen.Follow these steps:
- If you are logged in as an administrator, selectAccessfrom the main menu. If you are not an administrator, the home screenisthe Access screen (though it is not labeled).A list of checked out passwords is presented at the top of the screen.If you are not an administrator, you might need to log out and log back in again before checked-out passwords are visible.
- SelectCheck Inin the right-hand column of the password line item.
Force a Password Check In Using the GUI
When an account password is checked out, other users cannot view the password nor can they change the account. Use this procedure to force a check-in of an account password on behalf of another user.
Checking in passwords does not affect open access sessions. Users currently in active access sessions will remain logged in regardless of the password being checked in.
When you perform a forced check in, any required activities that are associated with that operation also occur, for example, an update of the account password.
The administrator can check in an account on behalf of another user from the following screens:
- Credentials,Manage Targets,Accounts
- Credentials,Workflow,All Requests
User the following procedure to check in a password using the
Credentials, Manage Targets
, Accounts
screen.Follow these steps:
- SelectCredentials,Manage Targets,Accounts.
- For the password to be checked in, select the Check-In icon (black right-facing arrow inside a box). The icon is in the Action column.A message confirms that the password has been checked in.
Use the following procedure to check in a password using the
Credentials
, Workflow
, All Requests
screen.Follow these steps:
- SelectCredentials,Workflow,All Requests.
- Select the account (with status “Checked Out”) for which you want to view check out details and selectView. The Password View Request Details screen appears.
- Select theFORCE CHECK-INbutton.The account password is checked in.