Secrets > Vaults page missing items
search cancel

Secrets > Vaults page missing items

book

Article ID: 274877

calendar_today

Updated On:

Products

CA Privileged Access Manager (PAM)

Issue/Introduction

We have user groups assigned as secret owners or secret viewers for a subset of vaults we have defined in PAM. When the users go to the Secrets > Vaults page, they only see a subset of vaults.
E.g. I have added myself to groups for Vaults prefaced with nnn, sss, www, xxxx, yyy, and zzz.
When I look in the Vault though, with no filters on,  I only see nnn, sss, and www.
When I filter for vaults containing the string xxx, the vault starting with xxx shows up.

 

Environment

Release : 4.1-4.1.5

Cause

There was a problem processing paged data, if the total number of vaults was larger than the default page size. This is the Default Page Size parameter on the Settings > Global Settings page under Basic Settings. The default value is 30. When the vaults were filtered for a user who does not have access to all vaults, only the results from the first page were shown. Clicking on the name column to sort z-a instead of a-z would bring up a different subset of vaults. When a filter was used on the page, e.g. only show vaults containing substring "xxx", and the subset of all vaults matching the filter did not exceed the default page size, then the user would see all vaults assigned to him within that subset.

Example:

PAM has 40 vaults defined with the following vault names, and the default page size of 30 is used:

a1,a2,a3,a4,a5,a6,a7,a8,a9,a10,b1,b2,b3,b4,b5,b6,b7,b8,b9,b10,c1,c2,c3,c4,c5,c6,c7,c8,c9,c10,d1,d2,d3,d4,d5,d6,d7,d8,d9,d10

User1 is configured to have access to vaults a1,b1,c1,d1

In this case the Secrets > Manage Vaults page for User1 would only show a1,b1,c1, missing d1, because d1 is on the second page of the list of all vaults. If the Name column was clicked to sort from z-a, the list would change to d1,c1,b1, missing a1.

Resolution

This problem will be fixed in 4.1.6 and 4.2. If you need a solution at a lower 4.1.X release, please open a case with PAM Support.