Symantec Privileged Access Management

 View Only
  • 1.  Remove inherited role

    Posted May 24, 2019 08:16 AM

    Hi All, 

    By Default, when I import an LDAP user, it comes with inherited role of "Standard User" 

    Is there any way to remove this standard user role from the inherited roles and add a new role instead.



  • 2.  RE: Remove inherited role

    Broadcom Employee
    Posted Jun 05, 2019 02:11 PM
    Good afternoon,

    Is it possible, yes. You do need to import the group first though. After the group has been brought in, which also brings in the users, if you goto Users -> Manage Groups -> Roles you can remove the standard user role by clicking the X and then add the applicable role you would like.  The users that were brought in from that group will be updated accordingly. To be cognizant though this removes the access page for the users so they would not be able to see credentials that may have been assigned to them via a policy. The standard user role is what allows the user to have access to the access page along with systems/credentials that may be provisioned to them via a policy. Keep in mind PAM is a zero trust solution. If a user has the standard user role but no policies have been created to give them access to credentials, the access page would be blank.