Privileged Identity Management - Types of Privileged Identities

Types of Privileged Identities

The term “Privileged Identities” refers to any type of user or account that holds special or extra permissions within the enterprise systems. Privileged identities are usually categorized into the following types:

• Generic/Shared Administrative Accounts – the non-personal accounts that exist in virtually every device or software application. These accounts hold “super user” privileges and are often shared among IT staff. Some examples are: Windows Administrator user, UNIX root user, and Oracle SYS account. System administrators may perform interactive logins using these accounts, to perform system maintenance and related tasks.
• Privileged Personal Accounts – the powerful accounts that are used by business users and IT personnel. These accounts have a high level of privilege and their use (or misuse) can significantly affect the organization’s business. Some examples are: the CFO’s user, DBA user.
• Application Accounts – the accounts used by applications to access databases and other applications. These accounts typically have broad access to underlying business information in databases. Another common name for these is app2app accounts, as they are used by one application to sign into another.
• Emergency Accounts – special generic accounts used by the enterprise when elevated privileges are required to fix urgent problems, such as in cases of business continuity or disaster recovery. Access to these accounts frequently requires managerial approval. Also called: fire-call IDs, break-glass users, etc.
• Service Accounts – these accounts provide a security context to a running process, such as a file server, web server, e-mail server, etc. On the Windows platform in particular, services accounts have passwords and consequently password management for Windows service accounts is a significant part of the Privileged Access Management problem space.