searchTargetAuthorization Contains -1 for IDs
search cancel

searchTargetAuthorization Contains -1 for IDs


Article ID: 251221


Updated On:


CA Privileged Access Manager (PAM)


The searchAuthorization CLI command is used within a script to get the A2A authorization mappings in an automated fashion, then searchTargetAlias is used to map the IDs to their names. However, some of the results contain a -1 for the Target Alias. What would cause this behavior to occur?

    <createDate>Fri Sep 30 19:52:20 UTC 2022</createDate>
    <updateDate>Fri Sep 30 19:52:20 UTC 2022</updateDate>


Privileged Access Manager, all versions


When an authorization mapping is created in the PAM GUI, the following screen will pop up. A mapping can be configured to either a Target Alias or Target Group, but not both.

As such, PAM will insert a -1 for any item that is not configured. For example, if a mapping is configured to a Target Alias, the Target Group value will be -1. If the mapping is to a Target Group, then the Target Client will be -1. The same will be true for Request Client vs Request Group. Going back to the example, targetAliasID was -1, but targetGroupID  was 19001. This means the mapping was done based on a target group rather than a target alias.

To search for a target group, the searchGroup CLI command would be used with the Group.type filter set to target. An example is below.

> capam_command capam= adminUserID=super cmdName=searchGroup Group.type=target


Additional Information

For more information about the searchGroup command: