Hello again ManicRaj,
The black/white list options in CA PAM do provide fine-grained control over what commands can be run. Both CA PAM and PIM offer similar controls, however CA PAM's control is on the user side where PIM enacts control over the server side. The one you choose to use would depend on which fits your requirements.
Here is the difference:
CA PAM acts as a tunnel between the end user's PC & the target device. When a user types any command the command is sent to the CA PAM appliance, CA PAM then checks the command against the blacklist and either sends it through to the target device or blocks it and registers a violation. This means that ONLY sessions started through CA PAM (via the built-in applet or an SSH service) will be monitored, direct connections (connections not tunneled through CA PAM) to the device will NOT be monitored.
The PIM agent is installed directly on the server. Using selang rules you can define who can access which binaries. When a user attempts to run a command the PIM agent checks its ruleset to see if this should be allowed and either allows the command to be run or blocks the command and depending on your settings creates audit logs showing the attempt. These rules can be applied at the folder level to block whole directories, at an individual file level to block binaries or access to any specific files & there are may more options. Using PIM these rules are in place for the user no matter HOW they access the server. Direct access = monitored, access via ENTM = monitored, access via CA PAM = monitored, GUI access = monitored.
CA PAM & PIM can be combined for maximum control.
-Christian