PAM Local Group does not show PAM Local User members

Article Id: 141099
Status: Published
Updated On: 02-12-2019 23:00
Products:
CA Privileged Access Manager (PAM) , CA Privileged Access Manager - Cloakware Password Authority (PA) , PAM SAFENET LUNA HSM , CA Privileged Access Manager - Server Control (PAMSC)
Issue/Introduction:

PAM User Group is created and PAM Local Users are assigned but they do not appear in that Group.

 

In the following screenshot there are 2 users.

pamuser1 = PAM Local User

[email protected] = LDAP User

 

PAM Local Group is created, "PAMLocalGroup"

 

In this PAMLocalGroup, the 2 sample users are selected and added.

 

But once you close this and check the "PAMLocalGroup" again, it only shows LDAP user ([email protected]) and PAM Local User (pamuser1) is missing.

 

Cause:

This is a defect which is found on PAM 3.2.5 and PAM 3.2.6 (as of Dec 2019).

However, it is a cosmetic defect so if you create a Policy with this User Group, the policy will correctly apply.

Users who belong to this group will have the target devices appear correctly at their Access page.

Environment:

Release : 3.2.5, 3.2.6

Component : PRIVILEGED ACCESS MANAGEMENT

Resolution:

This behavior is introduced on PAM 3.2.5 (not present in PAM 3.2.3 and 3.2.4)

Upgrade to PAM 3.3.0 (or higher) does not demonstrate this behavior.