Custom Permission Sets for DVLS PAM

Hello,

Thank you for your suggestion. Just to be sure that I understand correctly, you would like to be able to define your own role with permissions for that role, am I right ? Here are the built-in roles and you woule like to add yours, correct ?



I have created a ticket in our backlog and see what can be done.

Best regards,

Hi François,

Yes that is correct. I would like to able to create a role with just the permissions for List and Create.

Please let me know if you would like more info.

Thanks
Joe

Hello François,

I wanted to follow up on this request as it's something we are also interested in using. I'd love the ability to create a custom role where I can pick and choose which functions I'd like the custom role to support.

Thank you,
Gilbert

Hello to both of you,

We are currently reworking the PAM environment so it is more in line with what we have with shared entries.
You will likely be able to create custom permission sets for PAM entry starting in 2024.2, which is scheduled to be released in june this year.

Thank you for your patience,

Kind regards.

Vincent Forest

That is great news, looking forward to testing it out. Thanks for the update Vincent.

Hi Vincent,

Is it possible to create custom PAM permission sets in 2024.2?

Thanks
Joe

Hi Joe,

This feature was planned to be released among others in a big PAM rework on our side, unfortunately, due to some technical challenges, we couldn't make this feature available in 2024.2. Rest assured, we are still working on it and plan to integrate it as soon as possible, but it might have to wait another release cycle. We really hope we won't face any other issues and will be able to release it in 2024.3, which is scheduled for this fall.

Sorry for the inconvenience and thank you for your support and patience,

Best regards,

Vincent Forest

ok, thanks Vincent

Hi Vincent,

Is the PAM custom roles capability available in 2024.3?

Thanks
Joe

Hi Joe,

I'm glad to tell you that we were able to release this feature in 2024.3!

Now that the PAM entries security is in line with the shared entries security, you can set custom permissions for your users on your PAM accounts.
If you want to create custom roles to apply them by batch more efficiently, you can do so in Administration > System settings > PAM vault management and then at the bottom there is a section with PAM permission sets. The role you were used to use in the past have now been converted to permission set and you'll find them there, but you can also use the '+' sign at the top right and create your own set of permission.



After that, to apply the permission set, it is the same way as you would do on a shared entry, you edit the PAM account, then go to security, set the global override to custom and click on the grant access button.


After that you can simply choose "Permission set" in the "Grant by" dropdown and your permission sets will appear there.




Please note that permission set for PAM entries and for shared entries are not the same, since some rights are present in one but not the other and vice versa.

I hope this meets your needs for now, thanks a lot for your patience and don't hesitate if you have any further question !

Best regards,

Vincent Forest

Hi Vincent,

Thats fantastic news and the enhanced functionality will address the use case originally posted.

Fyi, I didnt notice any reference to this isignificant mprovement in the release notes.

Joe

Hi Joe,

You are right, I will ask for PAM changes to be added to the release note since, as you say, it is a significant change.

Thanks for the feedback and I'm glad the solution will work for you!

Best regards,

Vincent Forest