| 摘要 |
In an approach for providing auditable retrieval of privileged credentials in a privilege identity management (PIM) system, a processor invokes a checkout of a PIM credential, based on, at least, a determination that a PIM server cannot be accessed. A processor receives a request to access the PIM credential by a user. A processor receives validation of the request to access the PIM credential and an identity of the user. A processor retrieves the PIM credential from a database, wherein the database stores a plurality of PIM credentials owned by a system owner. |
| 主权项 |
1. A computer system for providing auditable retrieval of privileged credentials in a privilege identity management (PIM) system, the computer system comprising:
one or more computer processors of a system owner computing device, one or more computer readable storage media of a system owner computing device, and program instructions stored on the one or more computer readable storage media of the system owner computing device for execution by at least one of the one or more processors of the system owner computing device, the program instructions comprising: program instructions to register with a PIM server, wherein registering includes, at least, authenticating a use of a server with a plurality of PIM credentials of a system owner; program instructions to request an update to the plurality of PIM credentials owned by the system owner, wherein the requested plurality of PIM credentials are updated and synchronized from the PIM server to a database of the system owner; program instructions to secure the plurality of PIM credentials, wherein securing the plurality of PIM credentials comprises encrypting the plurality of PIM credentials; program instructions to invoke a checkout of a PIM credential on behalf of a user, based on, at least, a determination that the PIM server cannot be accessed, wherein the determination that the PIM server cannot be accessed is selected from the group consisting of the PIM server is down and a plurality of system owners, including, at least, the system owner, and a plurality of users, including, at least, a user, have no access to the PIM server, the PIM server is running and the system owner has access to the PIM server but the plurality of users have no access to the PIM server, and the PIM server is running but the system owner and the plurality of users in a region cannot access the PIM server due to a regional network outage; program instructions to receive a request to access the PIM credential by the user; program instructions to receive validation of the request to access the PIM credential and an identity of the user; program instructions to retrieve the PIM credential from the database, wherein the-database stores a plurality of PIM credentials owned by a system owner; program instructions to generate an audit for the checkout, wherein the audit includes, at least, the user, the PIM credential, and a period of time; program instructions to submit the audit to the PIM server; program instructions to receive a notification of a reconciliation process, wherein the notification of the reconciliation process comprises generating a reminder to the user to check in the PIM credential when the user is done using the PIM credential and to indicate to the user an earlier request to access the PIM credential; and program instructions to receive a notification of the PIM credential being checked in and a change of password, wherein the change of password is updated and synced to the database. |
