Device is not removed from a device group in CA PAM

book

Article ID: 196023

calendar_today

Updated On:

Products

CA Privileged Access Manager (PAM)

Issue/Introduction

There is a device group configured with several devices. Upon deleting one of the devices from the group and saving the group, the device appears again in the group.

Cause

One of the ways in which a device group may be caused is by choosing tags: that is, the device group will build its contents based not on individual assignment of devices but rather in the tags assigned to those devices matching the group tag (e.g. a device with a tag "testdevice" will always be added to a device group whose tag is equally "testdevice")

Since this is a dynamic assignment, it doesn't matter if the device is removed from the list of devices in the group: it will be added back automatically because it still shares the same tag as the device group tag.

Environment

Component : PRIVILEGED ACCESS MANAGEMENT, all supported versions

Resolution

Remove the tag from the device group (and that will automatically remove all devices sharing that tag) or change the tag for the device you want to remove to make sure it does not match any tag defined for the device group you want to remove it from.