PAM-CMN-0236: when attempting to add a new user

book

Article ID: 207966

calendar_today

Updated On:

Products

CA Privileged Access Manager (PAM)

Issue/Introduction

PAM Global administrator cannot add a LDAP+Radius user into PAM.  Even if we give the user a Password authority group - we get the error:

PAM-CMN-0236:  Roles with the Manage Credential privilege must have at least on Password Authority group to manage:

 

 

Environment

Release : 3.4.x

Component : PRIVILEGED ACCESS MANAGEMENT

Resolution

Ultimately there was a mismatch between PAM's two databases.

Inside the uag.user table the user was active, but in the cspm.admin the user was inactive.

To fix this problem, please open up a support case in which an engineer will have to open Remote SSH Debugging and manually fix the db.