In the PAM there are default local users. I can't understand how work the default local user DSApiUser, LDAPApiUser, MCApiUser, CATapApiUser. Could anyone please advise role of these local user? Is there any documents in Broadcom site? I tried to change email address of them but could not change. I get an error when tried to change for the MCApiUser. The error is "PAM-CMN-4814:PAM 管理コンソールAPIユーザのロールは変更できません". For other user I can not open edit screen. Thank you for kind help. IIM Takazawa

Symantec Privileged Access Management

View Only

Can I change e-mail address of the Default local user?(DSApiUser, LDAPApiUser, MCApiUser, CATapApiUser)

Kazuhisa Takazawa posted Feb 03, 2023 07:07 AM

In the PAM there are default local users.
I can't understand how work the default local user DSApiUser, LDAPApiUser, MCApiUser, CATapApiUser.
Could anyone please advise role of these local user?
Is there any documents in Broadcom site?

I tried to change email address of them but could not change.
I get an error when tried to change for the MCApiUser. The error is "PAM-CMN-4814:PAM 管理コンソールAPIユーザのロールは変更できません".
For other user I can not open edit screen.

Thank you for kind help.
IIM Takazawa

Broadcom Employee Ralf Prigl posted Feb 03, 2023 04:11 PM

See KB 259252.

Kazuhisa Takazawa posted Feb 05, 2023 05:43 AM

Dear Ralf-san,
Thank you for your quick advice.
I understood.

Kazuhisa Takazawa posted Feb 05, 2023 07:07 PM

Dear Ralf-san,
Please let me ask a little more detail.

Our customer wants to change e-mail address of these 3 users.

1) MCApiUser
2) DSApiUser
3) LDAPApiUser

About MCApiUser, we can change the e-mail address by using of REST API as explained in the following KB.
https://knowledge.broadcom.com/external/article?articleId=139580

But about DSApiUser and LDAPApiUser, we can not change edit mode by selecting the in User control screen.

We tried to change by using of the REST API, too. But it was impossible.
How can we change the e-mail address of these users?

Thank you.
IIM Takazawa

Broadcom Employee Ralf Prigl posted Feb 06, 2023 10:33 AM

What is the motivation for wanting to change the email address? These are not interactive users and their email address should not be a concern.

Kazuhisa Takazawa posted Feb 07, 2023 03:40 AM

Derar Ralf-san,
Thank you for your advice.

The e-mail address of the internal users was set when our customer set the super user.
But that e-mail address is already very old and it can't be used.
Then our customer wants to update to usable e-mail address.
But from your advice, we understood the e-mail address can not be changed.

Won't be there any problem if our customer uses old e-mail address?
We think it will be used when the PAM needs to inform any important information.

Please let us know in what case the e-mail address will be used?
Because we don't understand how the e-mail address will be work in what case,
please let us know about it.

Thank you for your explanations.
Best Regards,
IIM Takazawa

Broadcom Employee Ralf Prigl posted Feb 07, 2023 11:07 AM

There will be no problem. As mentioned before here, "These are not interactive users and their email address should not be a concern." When you try to add a local user to PAM, you will find that the email address is a required field. PAM populates it for internal users with the initial super email address to satisfy that requirement, but it doesn't matter if the email address is working or not.