Getting error PAM-CMN-0338 when attempting to either unselect or select a Device Type
search cancel

Getting error PAM-CMN-0338 when attempting to either unselect or select a Device Type

book

Article ID: 398715

calendar_today

Updated On:

Products

CA Privileged Access Manager (PAM)

Issue/Introduction

Privileged Access Management (PAM) Admin wants to give users (with API permissions) the ability to alter Devices in PAM.  They have given the permission “Device/Group Manager” role, but when they attempt to either select/unselect the Device Type checkbox of A2A or Password Management, they get the following error:

PAM-CMN-0338: Device <Device Name> was not updated due to Password Authority authorization errors

Cause

Users will need credential management rights as well.  The reason depending on if the are unselecting or selecting the checkbox of A2A or Password Management -> PAM needs to either add/remote the associated Target Server and/or A2A Client.

Resolution

You would need to give the associated users:
  • Additional role of Password Manager:
  • Then create and assign them to a custom Credential Management Group/Role
    • First you have to create the Credential Management Role:
      • Name: API Permissions Roles
      • Selected Privileges:
        1. Add A2A Client
        2. Add A2A Client Defaults
        3. Add Target Server
        4. Delete A2A Client
        5. Delete A2A Client Defaults
        6. Delete Target Server
        7. Search A2A Client
        8. Search Target Server
    • Then create a Credential Manage Group:
      • Name: Api Permissions Groups
      • Role: API Permissions Roles
      • Target Group: Targets
      • Request Group: Requesters

Additional Information

Note:  In above example gave these rights apply to All Target Servers and A2A Clients.   You can update this Credential Group to a different Target Group or Request Group to limit the spectrum of Target Servers and/or A2A Clients

Powered by Wolken Software