When trying to add an approver to a password view policy, the following error occurs.

PAM-CM-1056: Password view policy approvers are not able to access the target accounts that use this policy.

However, the GUI does not have the ability to filter the target accounts for a specific password view policy, making it tougher to identify the account in question. How can I list all target accounts which use a specific password view policy?

Privileged Access Manager, all versions

First, use the remote CLI command searchPasswordViewPolicy to get the password view policy ID, an example is below.

> capam_command capam=10.20.30.40 adminUserID=super cmdName=searchPasswordViewPolicy PasswordViewPolicy.name="test"

From the output, search for <ID>#####</ID> to get the ID and put it in the remote CLI command searchTargetAccount.

> capam_command capam=10.20.30.40 adminUserID=super cmdName=searchTargetAccount PasswordViewPolicy.ID=#####

This output will list every target account which uses that password view policy. Copy the output to a notepad and search for <userName> to get the names of the target accounts.

For more information about using the remote CLI with PAM, refer to the documentation link below.

https://techdocs.broadcom.com/us/en/symantec-security-software/identity-security/privileged-access-manager/4-1-7/programming/credential-manager-remote-cli-and-java-api/use-the-credential-manager-cli.html