Symantec Privileged Access Management

  • Private Community
 View Only

  • 1.  About export and import target account

    Posted Oct 21, 2021 10:09 PM
    Hi support team,

    I have a problem, i want to export all include user, devices, application, target account, database.... and import to another CAPAM server, how i can export target accounts to another server, i don't see target account export button.

    Can you help me find solution?

    Thank so much
    Phong Tran


  • 2.  RE: About export and import target account

    Broadcom Employee
    Posted Oct 21, 2021 10:32 PM

    Hello, I understand. As you might know you can get most of this information from the supplied downloads from their respective pages (Users, Devices, and their groups, policies and such). To get the Target Applications exported you need to use the Command line interface and the REST API to extract the remaining data. Check our PAM documentation on these and see if that helps. 


    Be sure to use the API Browser to help you with formatting the API calls and testing them.  If you do not see the API browser, you may need to enable API from your Configuration page.

     You'll need to write a script to pull the data and use an API Key assigned to your user account with the requisite permission to access the data in PAM. 

    I hope this helps!

    David



    ------------------------------
    David Miller
    Symantec PAM Services Consultant
    Broadcom
    ------------------------------

    Original Message


  • 3.  RE: About export and import target account

    Broadcom Employee
    Posted Oct 22, 2021 01:01 PM

    The easiest way is to add the new server to a cluster with the old, let the database sync, then break the cluster.  However that will bring over everything.

    You cannot just import target accounts.  A target account is a child object of a target application, which is itself a child object of a device.  Additionally every target account has a password view policy, and target application has a password composition policy that would need to exist and match to bring them over.

    There is quite a lot of work to do to import target accounts, you may quickly find that its faster to just recreate them.

    That said, open a support ticket, they have a tool that does what you want, though I am unsure if it can be shared, and you may find that it still more work than you would like.


    Original Message