Symantec Privileged Access Management

Expand all | Collapse all

Profile auditors

Jump to Best Answer
  • 1.  Profile auditors

    Posted 03-13-2019 06:23 AM

    Hi, we need to profile auditors per device/user group , is this possibile ?

    example

    auditor1 can view session recording for device/usergroup1

    auditor2 can view session recording for device/usergroup2

     

    Thank you

     



  • 2.  Re: Profile auditors
    Best Answer

    Broadcom Employee
    Posted 03-13-2019 10:48 AM

    Hello Patrizio,

     

    Unfortunately this is not possible as of now in PAM.

    I suggest to raise an idea here in the communities to introduce access control for recordings on a device or user level.

     

    Currently, any user being member of an access role which owns the sessionRecordingRead privilege is able to view all session recordings in this Cluster.

    Please see

    https://docops.ca.com/ca-privileged-access-manager/3-2-4/en/implementing/configure-policies-to-provision-user-access-to-devices-and-applications/configure-users/identify-user-roles-and-privileges f.f.

     

    You would need to setup a separate PAM cluster processing the different devices or users to have separate recordings and access to these recordings.