CA PAM v3.2.6
Background:
My customer needs PAM to grant access to some users with accounts that have administrator privileges and account that have read-only privileges on Linux servers. Those users can use read-only account anytime they want, but for administrator they need to request access using Workflow Approval. Since i created the policy based on group, those user are put to two different user group, which are Admin and View user group and mapped to same target device. Administrator and read-only accounts have different command filtering applied to them.
Issue:
Since those users belong to two different user groups, two different policy and two different command filtering, logically speaking those users will have different blacklisted command according to which account they login to. The problem is it's not like that in PAM. Even if those user login as administrator, the blacklisted command from read-only account also applied to them. How am i suppose to approach this?
------------------------------
Thank you.
Regards,
Jorghy M.
------------------------------