A privileged account (PA) in Devolutions PAM is an account used to perform highly privileged actions. Due to their breadth of access, privileged accounts need to be strongly defended, as they may allow access to an organization's entire IT infrastructure, grant application owner rights, and contain troves of sensitive data. Some non-IT users with access to sensitive data or processes, such as those in legal and finance departments, are also considered highly privileged.
Here is a list of privileged account types along with short descriptions:
| PRIVILEGED ACCOUNT TYPES | DESCRIPTION |
|---|---|
| Application account | Allows access, configuration, and management of a particular application software. Application accounts perform background tasks on their own, only requiring human intervention for maintenance by privileged users. |
| Domain administrator account | Grants access to an entire Active Directory domain. Useful for adding and deleting users, as well as for modifying their permissions, or any other content or configuration in AD. |
| Emergency account | Allows for temporary elevation in case of emergencies, or when administrator credentials stop working. |
| Local administrator account | Manages a single Windows computer, but has no access to the Active Directory. |
| Root and administrator account | Give elevated access to computers, specific servers and databases, as well as domains and entire IT infrastructures. Root and administrator accounts are most often used to install/remove software, change configurations, etc. |
| Service account | Runs background processes and owns data and configuration files. Apart from the occasional administrative task, Service accounts are not meant to be used by people. They tend to have broad privileges over an entire system. |
| System account | Runs operating system (OS) components and owns related files. System accounts are created during OS installation, and often have predetermined user IDs. Their privileges tend to be limited to the specific operations they perform, namely running apps or services. |
Related topics
See also
Give us Feedback