How can I add Credential Manager roles to a PAM user?


Article ID: 104955


Updated On:


CA Privileged Access Manager - Cloakware Password Authority (PA) PAM SAFENET LUNA HSM CA Privileged Access Manager (PAM)


The Access Manager PAM Component and the Credential Manager PAM component deal with the roles in a different manner.
This can create some confusion  the moment the different roles have to be assigned to the users.
The present document should help in the following scenario:
  • I have added Access Manager roles to a particular PAM user, in this example 'Auditor'.



  • But I do not see how to add the Credential Manager roles.
  • When I click on the 'Credential Manager Groups' tab, the pane seems to be grayed out and a message stating "You must add a role that has access to select Credential Management Groups" is shown.


How can I add Credential Manager roles to a PAM user?


Any hardware or software appliance running any version of PAM.


  • In order to add Credential Manager roles to a user you should create a "Credential Manager User Group" first and add the role to it by clicking on the magnifying glass by the Role entry field. In this example 'ViewReports' has been selected.

  • Then in the 'Users' tab add the user we previously mentioned by clicking on the '+' button:



  • And selecting it from the user list and clicking 'OK'


  • After that, if the user Test opens the PAM Client, it can access the 'Auditor' Access Manager role:


  • And the 'ViewReports' Credential Manager role:



1558699924616000104955_sktwi1f5rjvs16jxg.jpeg get_app
1558699922696000104955_sktwi1f5rjvs16jxf.jpeg get_app
1558699920928000104955_sktwi1f5rjvs16jxe.jpeg get_app
1558699919166000104955_sktwi1f5rjvs16jxd.jpeg get_app
1558699917509000104955_sktwi1f5rjvs16jxc.jpeg get_app
1558699915559000104955_sktwi1f5rjvs16jxb.jpeg get_app
1558699913595000104955_sktwi1f5rjvs16jxa.jpeg get_app