Symantec Privileged Access Management

  • Private Community
 View Only

  • 1.  CA PAM Custom Credential Roles

    Posted Nov 18, 2019 05:30 AM
    Hello,

    i'm trying to create a custom role for user that will have function to:

    - approve a password view request
    - access device 

    Here's the role I've created

    the roles working fine, the user can approve password view request and he can also request and access his device.
    but i want to prevent the user to look at Credential Menu and view Target Account Password & Target Application

    I've tried to exclude "Get Target Account & Get Target Application" but if those are excluded, he can't Request Password View.

    Is there any way to disable the "Manage Target" Menu ?

    so the only available menu is "Access" and Workflow"


    Thank you.
    Regards.
    Dhani


  • 2.  RE: CA PAM Custom Credential Roles
    Best Answer

    Posted Nov 18, 2019 09:46 AM
    Hi Dhani

    I have achieved this by customizing the credential role FirecallApprover, I have created a copy with the following permissions

    Role Permissions


    I think it's the same thing that you have done.


    The manage targets menu is still visible, but when trying to access the options the user receives a message indicating that he is not authorized.


    Original Message


  • 3.  RE: CA PAM Custom Credential Roles

    Posted Nov 18, 2019 10:46 AM
    Hi Julian,

    It works really well.
    the only downside is whenever the user is try to access devices the alert always also shown.

    I hope that there will be roles that are far more specific, so that they do not overlap or depend on each role
    Thank you for your help.

    Regards,
    Dhani

    Original Message