Symantec Privileged Access Management

Hi, we need to onboard several oracle/sql/mysql ecc... db in PAM , in order to manage secure access (recording session, password manage of db users etc ..) as we already do with rdp/ssh connection.
I've only found some old guide , can anyone please help me to found recent docs / guide to do that ?

i've have created the target application of type "mysql" , with password policy and db name;  also created a target account on that target app with the mysql database account , now i can't add this type of access (mysql) to  users 

thank you !

​Hello, The latest document version is for the newest PAM release 3.3. Under page https://docops.ca.com/ca-privileged-access-manager/3-3/EN/implementing/protect-privileged-account-credentials/identify-target-applications-and-connectors you will find build-in Oracle and MySQL target connectors. PAM 3.3 also includes a custom connector framework that you can use to manage accounts not covered by built-in target applications. Note that Online documentation is being transitioned to a new platform, and may not be accessible at times. I had a problem myself earlier today, but could access it fine just now.
Original Message:
Sent: 07-22-2019 05:13 AM
From: Patrizio Begni
Subject: How to onboard sql/oracle in PAM

Hi, we need to onboard several oracle/sql/mysql ecc... db in PAM , in order to manage secure access (recording session, password manage of db users etc ..) as we already do with rdp/ssh connection.
I've only found some old guide , can anyone please help me to found recent docs / guide to do that ?

i've have created the target application of type "mysql" , with password policy and db name;  also created a target account on that target app with the mysql database account , now i can't add this type of access (mysql) to  users 

thank you !

Hi Ralph, thank you , i' have made the target mysql-application and the target database account, and seems working correctly.
Now i don't know how to do the next step:  let the operators connect to mysql DB without know the user db  password ? (like we already do with rdp/ssh sessions)

Thank you
Original Message:
Sent: 07-23-2019 12:10 PM
From: Ralf Prigl
Subject: How to onboard sql/oracle in PAM

​Hello, The latest document version is for the newest PAM release 3.3. Under page https://docops.ca.com/ca-privileged-access-manager/3-3/EN/implementing/protect-privileged-account-credentials/identify-target-applications-and-connectors you will find build-in Oracle and MySQL target connectors. PAM 3.3 also includes a custom connector framework that you can use to manage accounts not covered by built-in target applications. Note that Online documentation is being transitioned to a new platform, and may not be accessible at times. I had a problem myself earlier today, but could access it fine just now.
Original Message:
Sent: 07-22-2019 05:13 AM
From: Patrizio Begni
Subject: How to onboard sql/oracle in PAM

Hi, we need to onboard several oracle/sql/mysql ecc... db in PAM , in order to manage secure access (recording session, password manage of db users etc ..) as we already do with rdp/ssh connection.
I've only found some old guide , can anyone please help me to found recent docs / guide to do that ?

i've have created the target application of type "mysql" , with password policy and db name;  also created a target account on that target app with the mysql database account , now i can't add this type of access (mysql) to  users 

thank you !

Hi Patrizio, That depends on what clients are used to connect to the database. Possible options are:
- A TCP/UDP service launching a local client on the user's workstation and taking credentials as input arguments, see documentation page https://docops.ca.com/ca-privileged-access-manager/3-3/EN/implementing/configure-policies-to-provision-user-access-to-devices-and-applications/configure-devices/set-up-access-to-a-target-device/create-tcp-udp-services-to-access-a-device
- A Web Portal service, if a Web portal exists to access the database, see https://docops.ca.com/ca-privileged-access-manager/3-3/EN/implementing/configure-policies-to-provision-user-access-to-devices-and-applications/configure-devices/set-up-access-to-a-target-device/create-tcp-udp-services-to-access-a-device/configure-a-service-to-access-a-web-portal
- An RDP transparent login configuration, where the user connects to a Windows server, and PAM automatically launches a database access client with auto-login on the Windows server, see https://docops.ca.com/ca-privileged-access-manager/3-3/EN/implementing/configure-policies-to-provision-user-access-to-devices-and-applications/configure-devices/setting-up-transparent-login/set-up-transparent-login-for-rdp-servers

Regards,
Ralf​
Original Message:
Sent: 07-24-2019 10:51 AM
From: Patrizio Begni
Subject: How to onboard sql/oracle in PAM

Hi Ralph, thank you , i' have made the target mysql-application and the target database account, and seems working correctly.
Now i don't know how to do the next step:  let the operators connect to mysql DB without know the user db  password ? (like we already do with rdp/ssh sessions)

Thank you
Original Message:
Sent: 07-23-2019 12:10 PM
From: Ralf Prigl
Subject: How to onboard sql/oracle in PAM

​Hello, The latest document version is for the newest PAM release 3.3. Under page https://docops.ca.com/ca-privileged-access-manager/3-3/EN/implementing/protect-privileged-account-credentials/identify-target-applications-and-connectors you will find build-in Oracle and MySQL target connectors. PAM 3.3 also includes a custom connector framework that you can use to manage accounts not covered by built-in target applications. Note that Online documentation is being transitioned to a new platform, and may not be accessible at times. I had a problem myself earlier today, but could access it fine just now.
Original Message:
Sent: 07-22-2019 05:13 AM
From: Patrizio Begni
Subject: How to onboard sql/oracle in PAM

Hi, we need to onboard several oracle/sql/mysql ecc... db in PAM , in order to manage secure access (recording session, password manage of db users etc ..) as we already do with rdp/ssh connection.
I've only found some old guide , can anyone please help me to found recent docs / guide to do that ?

i've have created the target application of type "mysql" , with password policy and db name;  also created a target account on that target app with the mysql database account , now i can't add this type of access (mysql) to  users 

thank you !