Customizing 'Reason' list items in Reason Required Password View Policy dialog
search cancel

Customizing 'Reason' list items in Reason Required Password View Policy dialog


Article ID: 366911


Updated On:


CA Privileged Access Manager (PAM)


Utilizing 'Reason Required For View' or 'Reason Required For Auto Connect' Password View Policy (PVP) will show below dialog when PAM user attempt to show password or auto connect.
The default 'Reason' field list items are
    Severity 1: Manual recovery from server outage
    Severity 1: Manual change due to potential password breach
    Severity 2: Password composition audit
    Severity 3: Application migration
    Severity 3: Pre-production application testing

How can we customize the 'Reason' filed list items?


PAM 4.1.x


Please do the following.

1. Login as 'super' user, go to Configuration>Security>Access and make sure the following items are Enabled
         - External REST API
         - Credential Management CLI

2. Please screen capture the current/default Reason field's items on Show Password dialog, for backup.

3. Now use your Google Chrome browser to access the following

https://<PAM server fqhn>/cspm/servlet/adminCLI?adminUserID=super&adminPassword=<password>$&cmdName=setSystemProperty&propertyName=ViewPasswordReasons&propertyValues=Reason 1: Manual recovery|Reason 2: Automatic recovery|Reason 3: Application migration

  <PAM server fqhn> : PAM server Fully Qualified Hostname or PAM server's IP address
  <password> : 'super' user password

4. You will see the result similar to the following when completed

5. Now the "Show Password" Password View Policy  dialog shows the following

5. you can disable items at step 1 if necessary.