If you want quick steps to assign a user to password view approver with pre-defined roles, you can do the following.
I have following 3 user accounts.
1. super (Global Administrator)
2. funnyuser (AD User, for password view approver)
3. OU1Group1User1 (target account which has dual approval)
4. pam-ad-svc (AD User, target account, Enterprise Admin)
funnyuser is configured with following role.
"Password Manager" Role
PAM User logon and tries to access target device using OU1Group1User1 account which requires approval.
Asked to provide how long the password access is required.
Need to wait approver to approve this access.
Logon as funnyuser and check for "My Password View Approvals" list.
OU1Group1User1 password request is in "Pending" status.
Approve the password access.
------------------------------
Support Engineer 5
Broadcom
------------------------------
Original Message:
Sent: 11-01-2019 04:42 AM
From: Jorghy Misnan
Subject: Role for Password View Approver
CA PAM v3.2.6
So i have a requirements for user who want to access device, they need approval for another user. For that i need the approver be assigned as Password Manager, but with privileges limited to only and only approval. Existing Credential Roles doesn't provide what i need so i have to create custom Credential Role with privileges that only and only allow approval function. What privileges do i need to accomplish this? Thank you.
------------------------------
Regards,
Jorghy M.
------------------------------