For different situations like audits or system administrators' session reviews, it is required for older session recordings created by PAM to be played back. What PAM appliances can access old session recordings?

Privileged Access Manager, all versions

PAM uses a key to encrypt all session recordings for security and confidentiality purposes, they cannot be accessed outside of PAM.

For PAM versions 3.3.2 and below, this encryption key was unique to each PAM appliance. Session recordings for those versions can only be viewed by the PAM appliance that created the recording.

For PAM versions 3.3.3 and above, the encryption key is shared within a PAM cluster. Session recordings for these versions can be viewed by any appliance within the same cluster which created them.

View Session Recordings Documentation: https://techdocs.broadcom.com/us/en/symantec-security-software/identity-security/privileged-access-manager/4-1-3/administrating/session-management/view-session-recordings.html