How can we get a report on the list of approvers per Password View Policy?

Release : This applies to any PAM release as of January 2023.

Component : PRIVILEGED ACCESS MANAGEMENT

There is no built-in report, but remote CLI command searchPasswordViewPolicy can be used to rerieve this information. This returns the list of approvers for each policy as a list of user IDs. Command searchUser can be used to get the user name and other information for the returned IDs.

Examples:

# ./capam_command -n xceedium.com -u super -p <superpwd> cmdName=searchPasswordViewPolicy PasswordViewPolicy.name='approval-only'
<CommandResult><cr.itemNumber>0</cr.itemNumber><cr.statusCode>400</cr.statusCode><cr.statusDescription>Success.</cr.statusDescription><cr.result><PasswordViewPolicy><exclusiveCheckoutRequired>false</exclusiveCheckoutRequired><changePasswordOnView>false</changePasswordOnView><changePasswordOnConnectionEnd>false</changePasswordOnConnectionEnd><changePasswordOnSessionEnd>false</changePasswordOnSessionEnd><changePasswordOnSso>false</changePasswordOnSso><reasonRequiredView>false</reasonRequiredView><reasonRequiredSso>false</reasonRequiredSso><checkinCheckoutRequired>false</checkinCheckoutRequired><dualAuthorizationRequired>true</dualAuthorizationRequired><emailNotificationRequired>false</emailNotificationRequired><retrospectiveApprovalRequired>false</retrospectiveApprovalRequired><passwordViewRequestMaxDays>14</passwordViewRequestMaxDays><passwordViewRequestMaxInterval>60</passwordViewRequestMaxInterval><enableOneClickApproval>false</enableOneClickApproval><dualAuthorizationInterval>60</dualAuthorizationInterval><emailNotificationForDualAuthApprovers>false</emailNotificationForDualAuthApprovers><emailNotificationForActiveUsers>false</emailNotificationForActiveUsers><authenticationRequiredView>false</authenticationRequiredView><authenticationRequiredSso>false</authenticationRequiredSso><approverIDs>[1001, 7001]</approverIDs><emailNotificationUserIDs>[]</emailNotificationUserIDs><passwordChangeInterval>60</passwordChangeInterval><checkinCheckoutInterval>60</checkinCheckoutInterval><passwordViewRequestBanner></passwordViewRequestBanner><description></description><name>approval-only</name><readOnly>false</readOnly><createTime>1674244748000</createTime><createDate>Fri Jan 20 19:59:08 UTC 2023</createDate><updateDate>Fri Jan 20 19:59:08 UTC 2023</updateDate><extensionType></extensionType><createUser>super</createUser><updateTime>1674244748000</updateTime><updateUser>super</updateUser><hash>/R1xsnMdzifz9m/J32wTRdUhmg8=</hash><Attribute.serviceDeskServer></Attribute.serviceDeskServer><Attribute.serviceDeskAccount></Attribute.serviceDeskAccount><Attribute.serviceDeskQueryFilter></Attribute.serviceDeskQueryFilter><Attribute.serviceDeskTicketType></Attribute.serviceDeskTicketType><Attribute.serviceDeskType></Attribute.serviceDeskType><Attribute.serviceDeskApplication></Attribute.serviceDeskApplication><ID>5001</ID></PasswordViewPolicy></cr.result></CommandResult>

# ./capam_command -n xceedium.com -u super -p <superpwd> cmdName=searchUser User.ID=7001
<CommandResult><cr.itemNumber>0</cr.itemNumber><cr.statusCode>400</cr.statusCode><cr.statusDescription>Success.</cr.statusDescription><cr.result><User><userID>JPuser</userID><authenticationType>CSPM</authenticationType><gkUserId>7001</gkUserId><userGroupIDs>[1, 1005]</userGroupIDs><firstName>JPuser</firstName><lastName>Test</lastName><email>[email protected]</email><serverKeyId>1001</serverKeyId><lastLogin></lastLogin><viewType>admin</viewType><failedLoginAttempts>0</failedLoginAttempts>...