Privileged identity refers to the pre-built accounts in nearly every operating system and application. Privileged accounts are general user identities distinguished by the assignment of security, administrative, or system authorities.
Privileged identities are typically distinguished by the names they use. For example, administrator, sa, root, db2admin.
Unlike a personal identity like jdoe, you can access privileged accounts only with a privileged password, and account access is hard to disable. In an enterprise environment, multiple Administrators might share access to a single user ID for easier administration. When multiple Administrators share accounts, you can no longer definitively prove that an account was used by one Administrator as opposed to another. You lose personal accountability and audit compliance.
To better manage privileged identities, a user receives an individual identity to a system:
1. If they need it.
2. When they need it.
3. On the condition that they need it.
4. If they have access to it.
With a reusable or shared access user ID, you can log on to a system without any knowledge of the password for the privileged identity. Instead, a user can check out or lease a reusable ID from a shared access repository for a limited time.