Add IAM Shop Assignees for Requesting Access

IAM Shop Assignees for Requesting Access is a feature that enables eligible users to request specific permissions, known as IAM Shop Permission Levels, for computers within the IAM Shop. By default, permission levels include Local Admin and Domain Admin, but administrators can create custom levels as needed. Configuring assignees allows administrators to control the types of access users can request, enhancing security and ensuring compliance with organizational policies.

Procedure

1. Navigate to the Computers page by expanding Privileged Access and selecting Computers on the navbar.
2. Select the Computers tab and then search for the target computer. 
3. Click the Display Name link for the computer.
   This action opens the View One page for the computer.
   
4. From the View One page for the computer, click the RBAC subtab and expand IAM Shop Assignees for Requesting Access.
5. Click the Add New button.
   
6. Under General, select the IAM Shop Permission Level you want to assign.
   
7. Under Assignee Granting the Permission Level, do the following:
8. Select the assignee type from the Which Type of Assignee For This Policy dropdown.
9. Select the appropriate assignee from the Select <Assignee> To Receive Policy dropdown.
   
10. Click Save.
    
11. Repeat to add other assignees as needed.
12. Click Submit to complete the process.
    

Expected Results

The assignee being granted the permission level should be able to see it as an option when requesting access to the computer in the IAM Shop.