Sometimes, due to limitations in the environment or to business requirements, it is impossible to use the CA PAM Client to access a PAM appliance.
However, there may be a use case where CA PAM is basically used for password vaulting. The credential management part of the product does not require java to function and access to such functionality as password rotation, credential groups, schedule jobs, etc should be possible from any browser.
Unfortunately any newly defined user is assigned, by default, the Standard User role which, on logging in in the initial page of PAM will try to load the applets and will remain there forever or error out if the browser is other than Internet Explorer.
This document describes the general procedure for setting up a user which will access just credential management functions and will not try to load the applets when it logs in into PAM.
PRIVILEGED ACCESS MANAGEMENT, lall versions
Every user when defined is automatically assigned the Standard User role, which will attempt to load the applets on log in, thus preventing browsers other than internet explorer from being used to access the product, even if it is only the credential management functionality
These are generic instructions on how to carry out this task. No detailed listing of rights and actions can be given because it will depend on each case of what kind of functionality we want to keep, but following the guidelines in this general use case should help. The procedure below describes how to limit certain users to just being able to log in and manage certain target accounts and applications. The use case may be made much less restrictive with no effort.