CA PAM - Password Expiry Details
search cancel

CA PAM - Password Expiry Details

book

Article ID: 416924

calendar_today

Updated On:

Products

CA Privileged Access Manager (PAM)

Issue/Introduction

The password expiry details that are visible to the Global Administrator such as 'super' are not the same as for a user account that is having the Session Manager Role of 'Password Manager' and the Credential Manager Role of 'FireCallUser'

Below is the example screenshot for the same Target Account, that belongs to the same Application Type.

This is the view the 'super' user or the Global Administrator has.

This is the view the user with Session Manager Role and the Credential Manager role will have

Environment

All Supported versions of CA PAM.

Cause

The reason for the difference in the Password Expiry details is due to the fact that the Credential Manager Role 'FireCallUser' does not have the privileged 'Get Most Recent Password History' associated. Adding this privileged to the 'FireCallUser' role would show the same details for the user having the Global Administrator role and the custom role assigned to other user.

  

Resolution

Add the privileged 'Get Most Recent Password History' to the 'FireCallUser' Credential Manager Role.

Attachments

416924_user_view_custom_role.png get_app
416924-Super_user_view.png get_app
Powered by Wolken Software