ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.
Users able to see all accounts after the upgrade from 3.4.0 to the version 4.0.2]
Article ID: 241688
Updated On:
Products
CA Privileged Access Manager (PAM)
Issue/Introduction
After upgrading from version 3.4.0 to 4.0.1 or 4.0.2, users who previously saw in the "Access" and "Target Accounts" option only users who were in the scope of their Role, are now seeing all devices and all the target accounts.
Although they are not allowed to Access devices or see passwords, this is considered a risk for them to see these target accounts.
Cause
After 4.0.1 and 4.0.2 there was a change in the implementation to handle conflicting privileges that have caused this issue. Now to have more clear privileges specified will resolve this.
Environment
Release : 4.0.1, 4.0.2
Component : PRIVILEGED ACCESS MANAGEMENT
Resolution
Include the "List Target Accounts" privilege to the Credential Manage Role that resolved the issue.
Feedback
Yes
No
Powered by
