search cancel

Question About Scheduled Job Password Updates and Password View Policies


Article ID: 238508


Updated On:


CA Privileged Access Manager (PAM)


In PAM, target accounts are currently configured with a Password View Policy that will rotate the password after a certain amount of time. These same accounts also have a scheduled job that rotates the password once every 7 days. 

If a target account's password is viewed and is set to have its password changed shortly after the scheduled job rotates its password, will the scheduled job negate password rotation by the password view policy?


Privileged Access Manager, all versions


The scheduled job would not negate the password view policy's password rotation, the account's password would be updated twice.

When the password is viewed, the PVP causes a one-time scheduled job to be created as seen in the screenshot below. Another scheduled job running would not be able to delete the one created by the password view policy.

If it is desired that a scheduled job cannot rotate the password while in use by a PVP, configure the PVP for check-out/check-in. If an account is checked out while a scheduled job is running, the scheduled job will produce an error such as the one below.