Symantec Privileged Access Management

 View Only
  • 1.  Role Based Access - RFC and Real Life Examples

    Posted May 21, 2019 03:11 PM

    A client has recently gone live with PAM and is starting to think about delegating certain administrative and CM functions to colleagues, without having to "turn over the keys to the kingdom" - in a manner of speaking. They are thinking of setting up a support workflow and escalation built on very-fine-grained role-based PAM & CM privileges, for very specific use cases.


    For example:

    A Functional role capable of only Generate and Verify passwords, In the event that an account were to fall out of sync with the target and a force password change is in order.


    A Functional role capable of only Force-checking-in checked-out accounts, for the occasional "had to leave in a hurry and forgot to check-it back in"


    The client is still exploring exactly which fine-grained functions they want to delegate. But, in the mean time, they would like to reach out to the community to request for comment and/or real life examples.


    Have any other clients out there felt the need to delegate fine-grained functions, if so what uses cases were you/they trying to cover?


    What generic good practices can we recommend in this case?

  • 2.  RE: Role Based Access - RFC and Real Life Examples

    Posted Jun 07, 2019 08:43 AM
    Hi Sebastiano,

    I've only worked with custom roles in my lab environment but there is the capability to create custom User and Credential Roles​. It does take a lot of trial and error to get exactly what your looking for but if you review these pages you might be able to wire something together to achieve what your looking for: