Who has the ability to edit Directory Mappings in CyberArk?

The ability to edit Directory Mappings in CyberArk is specifically designated for the Built-in Administrator. This role is essential for managing the overarching configurations and ensuring that directory settings align with the organization's security policies and compliance requirements.

The Built-in Administrator has elevated privileges that allow them to make changes to critical system settings, including Directory Mappings, which directly affects how authentication and user provisioning processes interact with various directory services. These mappings define how users are granted access to the CyberArk Vault by linking directory accounts to specific roles and permissions within the Vault.

In contrast, while any user with Vault access, Vault Users, and Auditors have specific roles within CyberArk, they do not possess the necessary privileges to modify these core directory mapping configurations. This limitation helps maintain the security and integrity of the Vault's access controls, as only those with the most comprehensive knowledge and responsibility for the system's overall management are trusted with such capabilities.