CA Privileged Access Manager - Cloakware Password Authority (PA)PAM SAFENET LUNA HSMCA Privileged Access Manager (PAM)
After adding additional password view policies (PVPs) we have a problem adding the new policies to target accounts. We can select a new policy and save the target account, but when we edit it, the account shows the Default PVP selected. When trying to view the target account password, we can see that the new policy in fact is executed. This appears to be a UI problem.
The UI uses a page limit that can be configured under Settings > Global Settings > Basic Settings, parameter Default Page Size. The default is 30. The problem can occur if the total number of PVPs defined in PAM exceeds this page limit. The correct PVP was shown for a target account only when it was among those retrieved in the first page. For PVPs not on the first page, the UI would show the default PVP.
Observed with PAM 3.1.2 and 3.2.2, but may also be observed at other PAM 3.X release that are GA as of January 2019.
Hotfixes are available for customer on PAM 3.2.2 or 3.1.2. The problem will be fixed in the upcoming maintenance release 3.2.4.
As a workaround, the Default Page Size under Global Settings can be increased. The maximum value is 50 and the workaround is valid only as long as the total number of PVPs does not exceed 50. Reviewing the number of PVPs and removing those that are not needed can also help avoid the problem.