Dear Community I would like to know how I can hide accounts endpoint managers, the menu of privileged user accounts can deploy. attached image Thanks in advance for collaboration.
This can be accomplished by leverage Custom fields on the targeting accounts. An example would be on your Endpoint Administrator accounts, populate Custom5 with a value of EndpointAdmin. Within then your scoping rule for your PAR role, populate Privileged Account where Custom5 != EndpointAdmin. In this scenario, the accounts populated with that value will no longer be available for them to request.
Now in your scenario, the assumption here is that the User group has access to request all accounts in your solution with the exception of the Endpoint Administrator which does seem to be a bit broad. Ideally for your PAR role, it should be more focused and leveraging scoping rule to limit groups of users to specific accounts. This allows them least privilege within the solution as well as is a proactive approach so that non-valid access requests are not created.
To define the "scope" which accounts should be available for the SAM User role do
-> Users & Groups / Roles / Privileged Access Roles / Modify Role / SAM User / Members / Member Policy
Thanks for the suggestion, actually, what I need is to define the "scope" of the accounts that could be available in the menu of privileged accounts requirement; because the user when entering this option, you can view all accounts, including endpoint managers, these accounts being one that does not want the user may request.
Please if you could comment me how you could do this. I await your comments. Thanks in advance for your help.
Retrieving data ...