[PAM] User status in User export, Remote CLI and REST API
search cancel

[PAM] User status in User export, Remote CLI and REST API


Article ID: 230796


Updated On:


CA Privileged Access Manager (PAM)


PAM User('user3' in this sample) is set to disabled.

User export (csv) shows the user "Active Flag" is set to "f".

Type,UserName,First Name,Last Name,Password,Password Set Time,Phone,Cell Phone,Email,Description,Active Flag,Activation Time,Last Activation Time,Account Disabled Time,Expiration Time,Authentication,Email On Login Contact,Email Self On Login Flag,Terminate Session on Deactivation Flag,Access Times,Provision Type,Group Membership,Applet Message,Roles,PA Group Membership,Smart Button Group,User Principal Name,Login IP Ranges,API Keys
"user","CN=User3,OU=PAM-Users,DC=kimlabs,DC=net","User3","","","0","","","[email protected]","","f","","1621474870","1639638148","0","ldap","","f","f","","ldap","CN=PAM-Users-Group,OU=PAM-Users,DC=kimlabs,DC=net","","","",,"[email protected]","",""

RemoteCLI shows the following.

 <userID>[email protected]</userID>
 <email>[email protected]</email>
 <createDate>Sun Mar 28 09:55:58 UTC 2021</createDate>
 <updateDate>Thu Dec 16 07:02:29 UTC 2021</updateDate>

REST API returns the following.


Release : All PAM (tested on PAM 3.4.1 and 4.0.0)

Component :


This is an expected result.

If you are checking the user account status, please use the csv export or use the REST API.


User export and REST API are getting the user information from 'uag.user' table which would have the expected state.

RemoteCLI is a Credential Management Utility so it gets the information from 'cspm.admin' table hence the difference.



Use csv user export or REST API to get user account status.