Products
Applications
Support
Company
How To Buy
Skip to main content (Press Enter).
Sign in
Skip auxiliary navigation (Press Enter).
Register
Skip main navigation (Press Enter).
Toggle navigation
Search Options
Home
Communities
All Communities
Enterprise Software
Mainframe Software
Symantec Enterprise
Blogs
All Blogs
Enterprise Software
Mainframe Software
Symantec Enterprise
Events
All Events
Enterprise Software
Mainframe Software
Symantec Enterprise
VMware
Water Cooler
Groups
Enterprise Software
Mainframe Software
Symantec Enterprise
Members
Symantec Privileged Access Management
Private Community
View Only
Community Home
Threads
Library
Events
Members
Back to discussions
Expand all
|
Collapse all
sort by most recent
sort by thread
CA PAM Custom Credential Roles
Jump to
Best Answer
Dhani
Nov 18, 2019 05:30 AM
Hello, i'm trying to create a custom role for user that will have function to: - approve a password ...
Julian Riano
Nov 18, 2019 09:46 AM
Best Answer
Hi Dhani I have achieved this by customizing the credential role FirecallApprover, I have created a ...
Dhani
Nov 18, 2019 10:46 AM
Hi Julian, It works really well. the only downside is whenever the user is try to access devices the ...
1.
CA PAM Custom Credential Roles
0
Recommend
Dhani
Posted Nov 18, 2019 05:30 AM
Reply
Reply Privately
Options Dropdown
Hello,
i'm trying to create a custom role for user that will have function to:
- approve a password view request
- access device
Here's the role I've created
the roles working fine, the user can approve password view request and he can also request and access his device.
but i want to prevent the user to look at Credential Menu and view Target Account Password & Target Application
I've tried to exclude "Get Target Account & Get Target Application" but if those are excluded, he can't Request Password View.
Is there any way to disable the "Manage Target" Menu ?
so the only available menu is "Access" and Workflow"
Thank you.
Regards.
Dhani
2.
RE: CA PAM Custom Credential Roles
Best Answer
0
Recommend
Julian Riano
Posted Nov 18, 2019 09:46 AM
Reply
Reply Privately
Options Dropdown
Hi Dhani
I have achieved this by customizing the credential role FirecallApprover, I have created a copy with the following permissions
I think it's the same thing that you have done.
The
manage targets
menu is still visible, but when trying to access the options the user receives a message indicating that he is not authorized.
Original Message
Original Message:
Sent: 11-18-2019 05:29 AM
From: Muhammad Ramadhani Fitrianto
Subject: CA PAM Custom Credential Roles
Hello,
i'm trying to create a custom role for user that will have function to:
- approve a password view request
- access device
Here's the role I've created
the roles working fine, the user can approve password view request and he can also request and access his device.
but i want to prevent the user to look at Credential Menu and view Target Account Password & Target Application
I've tried to exclude "Get Target Account & Get Target Application" but if those are excluded, he can't Request Password View.
Is there any way to disable the "Manage Target" Menu ?
so the only available menu is "Access" and Workflow"
Thank you.
Regards.
Dhani
3.
RE: CA PAM Custom Credential Roles
0
Recommend
Dhani
Posted Nov 18, 2019 10:46 AM
Reply
Reply Privately
Options Dropdown
Hi Julian,
It works really well.
the only downside is whenever the user is try to access devices the alert always also shown.
I hope that there will be roles that are far more specific, so that they do not overlap or depend on each role
Thank you for your help.
Regards,
Dhani
Original Message
Original Message:
Sent: 11-18-2019 09:46 AM
From: Julian Riano
Subject: CA PAM Custom Credential Roles
Hi Dhani
I have achieved this by customizing the credential role FirecallApprover, I have created a copy with the following permissions
I think it's the same thing that you have done.
The
manage targets
menu is still visible, but when trying to access the options the user receives a message indicating that he is not authorized.
Original Message:
Sent: 11-18-2019 05:29 AM
From: Muhammad Ramadhani Fitrianto
Subject: CA PAM Custom Credential Roles
Hello,
i'm trying to create a custom role for user that will have function to:
- approve a password view request
- access device
Here's the role I've created
the roles working fine, the user can approve password view request and he can also request and access his device.
but i want to prevent the user to look at Credential Menu and view Target Account Password & Target Application
I've tried to exclude "Get Target Account & Get Target Application" but if those are excluded, he can't Request Password View.
Is there any way to disable the "Manage Target" Menu ?
so the only available menu is "Access" and Workflow"
Thank you.
Regards.
Dhani
×
New Best Answer
This thread already has a best answer. Would you like to mark this message as the new best answer?
Copyright 2019. All rights reserved.
Powered by Higher Logic