On 3.2.4.62 CA PAM Physical Appliances
A client has recently identified several users who attempt to use a credential for auto connect from the access tab.
The action triggers the appropriate Dual Auth PVP - but user get the following error message:
This seems to occur for these users irrespective of which workstation they are using or whichever node or site they connect to.
These users are 'Firecall' Aprrovers for certain accounts (by virtue of CM Group filtered by a Target Group) - including the accounts they are requesting (though they are not specifically listed in the PVP as the approvers for those accounts). Approvers can approve own requests.
Another colleague has reported seeing something like this before where the user has some Firecall CM Roles/privileges but can't submit a password request via the Access tab on the client.
The issue seems to have gone away when the CM Role was granted the following privileges:
Get Target Account
Get Password View Policy
List Target Account.
on the other hand, a standard user, doesn't seem to have this issue.
Is this a known issue?
If a standard user is also a CM approver, then the CM privileges conflict with the user's ability to request a password?