ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

Users able to see all accounts after the upgrade from 3.4.0 to the version 4.0.2]

book

Article ID: 241688

calendar_today

Updated On:

Products

CA Privileged Access Manager (PAM)

Issue/Introduction

After upgrading from version 3.4.0 to 4.0.1 or 4.0.2, users who previously saw in the "Access" and "Target Accounts" option only users who were in the scope of their Role, are now seeing all devices and all the target accounts.
Although they are not allowed to Access devices or see passwords, this is considered a risk for them to see these target accounts.

 

Cause

After 4.0.1 and 4.0.2 there was a change in the implementation to handle conflicting privileges that have caused this issue. Now to have more clear privileges specified will resolve this.

Environment

Release : 4.0.1, 4.0.2

Component : PRIVILEGED ACCESS MANAGEMENT

Resolution

Include the "List Target Accounts" privilege to the Credential Manage Role that resolved the issue.