Symantec Privileged Access Management

Hi

I have question ,,

we have implemented CA PIM 12.9 , and we assign privileged account to be used by users to access via RDP and SSH

but for some privileged account, we don't want the user to know the password of those account , what is the policy needed to be modified so that those regular users cannot show th password of the account ..

in another word : We want to remove the "show password" from the Account action part of the dropdown menu in he Action column

thanks for you help in advance

wael

You need to check 'Login application check out only' under the privileged account , where you want to restrict showing clear text password to end user. See the below wiki link for more details:

https://wiki.ca.com/display/CMINDER12901/How+to+Set+Up+Shared+Accounts

Regards,

Leela

Thanks lagle01

one more question plz

this solution on the shared account itself ,,, but can I remove this feature from the user himself , I mean the privileged access role of the Domain user , so if certain users login into the CA PIM console could show the Shared account passwords , but other users can't ?

thanks

This feature is available at a per account level and is applied on the account irrespective of the user trying to log in. It would be nice to have some flexibility while applying this feature depending on the user logged in/any other dynamic characteristic(worth creating an enhancement request)

ok , or should i wait until more details about the moving to Xceeduim (or CA PAM now)  which will replace the SAM part,, until now i don't know the details of that Xsuite.

thanks for your help anyway

Hello,

   you can try and customize the my_account.jsp page, so the ShowPassword menu is only displayed to the users that you need.