Symantec Privileged Access Management

  • Private Community
 View Only
Back to discussions
Expand all | Collapse all

CA PAM Server Control - use different privileges with shared privileged account

  • 1.  CA PAM Server Control - use different privileges with shared privileged account

    Posted Nov 21, 2019 10:09 AM
    Hi all,

    We are starting with implementation of PAM Server Control. There is a way how to identify who is using shared privileged account with integration PAM SC with PAM.
    Can we set up different authorizations for one privileged account? For example: John using Administrator account will have unequal authorizations as Luke logged in as the same Administrator.

    Thanks for reply.


  • 2.  RE: CA PAM Server Control - use different privileges with shared privileged account
    Best Answer

    Broadcom Employee
    Posted Nov 21, 2019 11:54 AM

    Hello Lukas,

     

    Integration of PAM SC with PAM basically propagates the user logged on to the PAM portal into session of the PAM SC endpoint.

     

    E.g.

    1. logon as "super" to the PAM Client

    2. then open an SSH access session from PAM to the PAM SC endpoint

    3. in the session submit "sewhoami" and observe it returns "super"

     

    This means any authorization to resources protected by PAM SC on that box apply to "super"

     

    To answer your question, yes, the authorization to the PAM SC resource is specific to the user logged on to PAM itself (1.) – not to the account used to open the session (2.)

     

    Best Regards,

    Andreas

     




    Original Message