PAM-CMN-0236: Roles with the Manage Credential Privilege must have at least one Password Authority group to manage

book

Article ID: 222819

calendar_today

Updated On:

Products

CA Privileged Access Manager (PAM)

Issue/Introduction

Customer cannot promote a PAM user role to to Global Administrator role. The error encountered is  - PAM-CMN-0236: Roles with the Manage Credential Privilege must have at least one Password Authority group to manage

https://api-broadcom-ca.wolkenservicedesk.com/attachment/get_attachment_content?uniqueFileId=Hx02Lz31HavQHpbYuk/YIQ==

 

Cause

A "Password Authority Group"  (aka Credential Manager Group) is required for the User that is promoted to a role of a Global Administrator in PAM. Essentially, a Credential Manager Group was not associated to the user.

Environment

Release : 4.0

Component : PRIVILEGED ACCESS MANAGEMENT

Resolution

A Credential Manager Group was not associated to the user via PAM UI. Use the PAM UI screen below to do the same before promoting the User to "Global Administrator". Without this association made, the promotion of the User to Global Administrator role will fail with the error as mentioned in the issue description.

https://api-broadcom-ca.wolkenservicedesk.com/attachment/get_attachment_content?uniqueFileId=1lomiRgNpjkusiebPGDBxg==

 

Additional Information

None.