Password View Reason available for PAM Auditors

book

Article ID: 182875

calendar_today

Updated On:

Products

CA Privileged Access Manager (PAM)

Issue/Introduction

It may be useful for the PAM Auditors task to be able to view the 'Reason' for a Password View Policy request.
This information is not present in the Session Logs.
Can the "Reason Required for Auto connect/View" be available in any way to the members of the PAM Auditors role?

Cause

When using a Password View Policy with "Reason Required for Auto connect/View" the provided reason is not stored in the audit logs.
The PAM Auditors are only able to see the Session Logs and the reason is not visible there.

Environment

Product: Layer7 Privileged Access Manager
Version: 3.x

Resolution

Schedule a job to run the 'Password View Policy Request Report' and make the auditors recipients of the report.
The report includes fields titled Details and Codes. They contain the Reason Description and Reference Code, as entered into the window that opens when attempting to view the password of an account for which Reason Required is specified in the Password View Policy.



Please, be aware that when an autoconnect is done, two records appear in the report for the same connection (in the image these are the first and the second records). 
However, when a Password View is requested, just one record appears in the report (in the image these are the third and fourth records).

Additional Information

See also: