PAM custom role to add target accounts via API Key.
Article ID: 406338
Updated On:
Products
Issue/Introduction
Creating a Credential Manager role for user that has access to add target accounts via API Key in PAM.
Resolution
This is a how to create a Credential Manger Role to add target account via API for user "TestApiKey":
User Role:
User API Keys
Creating Credential Manager Role:
Credentials/Manage Credential Groups/Credential Roles/Add:
If the API Key is only used to add target accounts, "Add Target Account" is the only privilege needed. If you want the API Key to perform other operations on the target account, such as update or delete, you need to add more privileges.
Creating Credential Manager Group:
Credentials/Manage Credential Groups/Add:
Use "Targets" for "Target Group". "Targets" is the target group that includes all targets. If the scope of the API Key should be limited to a subset of target devices, then another target group should be configured.
Add user "TestApiKey" to Credential Manger Group "TestApi"
Choose a target account which will be created via API.
Additional Information
KB 221735 shows an example for creating an AD account using the Rest API.
Feedback
