Symantec Privileged Access Management

Expand all | Collapse all

How to separate IT group (servers, database) and Network group (router, radio) using same PAM instance

Jump to Best Answer
  • 1.  How to separate IT group (servers, database) and Network group (router, radio) using same PAM instance

    Posted 05-16-2021 07:44 PM
    Dear expert,
    Need your advice on how to split IT and Network group in the same CA PAM. Currently we have CA PAM instance (clustered with 3 servers in one datacenter and another 3 servers in second datacenter).  The current CA PAM instance already used to manage IT group asset such as servers, databases/apps, including the integration to IT Remedy (ticketing).
    Now there is a need from customer to integrate network asset such as router, radio, etc and the corresponding network Remedy (ticketing) system. Both Network and IT should be treated separately and confidentially. In other word, Network asset can only be managed by Network team while existing IT asset will be managed only by IT team.
    Please advise how these two separate group can be manage by existing CA PAM configuration? what is the limitation if it is possible to have two different groups?
    Thanks.


  • 2.  RE: How to separate IT group (servers, database) and Network group (router, radio) using same PAM instance
    Best Answer

    Posted 05-18-2021 04:50 PM
    Hi Hendrij

    I think that you can achieve what you are looking for by creating a target group that allows you to separate or identify either statically or dynamically the different endpoints registered in PAM, additionally assigning the group or groups of specific credentials created in the previous step for the person or people who configure the Global administrator role, in this way you can separate administrative activities on the Endpopint, however users such as the super will have access to the configuration and administration of all devices. For final access permissions, access policies must be configured on the endpoints that each user requires according to the role or profile.

    I hope it helps you


  • 3.  RE: How to separate IT group (servers, database) and Network group (router, radio) using same PAM instance

    Posted 05-20-2021 12:56 AM
    Thanks Julian for your valuable advise. I will discuss further with my technical team. Once again thanks for your advise and support.
    Cheers,

    Regards,
    Hendrij

    ------------------------------
    Program Manager
    PT Tech Mahindra
    ------------------------------