Symantec Privileged Access Management

  • Private Community
 View Only

  • 1.  Removing multiple Target Account for specifi Target Application only

    Posted Nov 21, 2018 05:07 AM

    Hello,

     

    I would like to ask if there is a way to automatize the deletion of multiple Target Accounts already created in PAM?

    I need to remove all accounts (10.000 entries) defined as UNIX Application Type and it's not possible to select and remove all accounts using che CA PAM Console.

     

    Looking for any suggestions.

     

    Thank you!

    Davide



  • 2.  Re: Removing multiple Target Account for specifi Target Application only
    Best Answer

    Broadcom Employee
    Posted Nov 21, 2018 05:22 AM

    Hello Davide,

     

    In the GUI you can define a Filter on various criteria - you can then select all displayed entries at once clicking the top left check box beside the  Account Name field

     

    Regards,

    Andreas



  • 3.  Re: Removing multiple Target Account for specifi Target Application only

    Posted Nov 21, 2018 05:56 AM

    Hello Andreas,

     

    Thank you for your reply.

    I've been already tried to follow what you are suggesting but it doesn't work. The top left check box doesn't select all pages but it selects the only accounts displayed in the first page.

     

    I've tried to increase the "Default Page Size" underd the Global Settings but, the maximum entries that can be displayed is 50.

     

    Do you have other suggestions? Am I doing something wrong?

     

    Thank you :-)

    Davide



  • 4.  Re: Removing multiple Target Account for specifi Target Application only

    Broadcom Employee
    Posted Nov 21, 2018 08:23 AM

    Hello Davide,

     

    I see - even with the Filter the number of displayed records spans over many pages - hence is unmanageable in the UI.

     

    Instead of the UI you can also use the Command Line Interface of PAM Credential Manager.

     

    Please see these articles giving you a first overview how to install and use the CLI:

    https://comm.support.ca.com/kb/how-to-use-the-ca-pam-command-line-interface/kb000010240

    https://comm.support.ca.com/kb/password-authority-cli-command-syntax-on-windows/kb000044744

    https://comm.support.ca.com/kb/how-to-create-a-unix-device-application-and-target-account-using-cli/kb000072558

     

    The relevant CLI command to delete a target account is "deleteTargetAccount” and is described in the documentation:

    https://docops.ca.com/ca-privileged-access-manager/3-2-2/EN/programming/credential-manager-remote-cli-and-java-api/credential-manager-cli-commands/deletetargetaccount

     

     

    Regards,

    Andreas