These steps are to create a Credential Manager Group to allow the user to have any permission on any target account but not to view the passwords. This article was created based in a request to deny the view password access to the Global Administrators in PAM
The preconfigured Access Roles with Credential Manager privileges are:
The Credential Manager Group is then assigned to a User account through the Credential Manager Groups tab. This tab has settings that are enabled when you select an Access Role with Credential Manager privileges.
CA Privileged Access Manager is preconfigured with the provisioned Credential Manager Group "System Admin Group". This might appropriately be used to provision a Global Administrator using the PM Groups setting.Important: The Credential Manager Groups are configured user per user.