Create PAM Vault that is just visible for the user who have access and administrator

Hello Kai,

This is possible by leveraging permissions on the PAM vault. Unless you assign permissions to users, they cannot see PAM vaults. Administrators have access to everything in the solution (they ignore permissions).

For example, if you give the "Reader" role on the root of the PAM vault to a user group, only users who are members of this group will see the PAM vault and its PAM accounts.

You can then customize permissions as desired on the PAM account itself.

Here's an example:




In my example, only members of "SomeRandomGroup" can list the content of the PAM Vault "Alpha".

Here's the documentation regarding this: https://docs.devolutions.net/pam/server/roles-permissions/

Let me know if this helps!

Best regards,
Marc-Antoine Dubois

Hi,
thanks for the response!

I have tried that, but it is still visible and other users can still see the users in it.
Our case is that we will have approximately 150 users at the start and each user will have about 10-20 PAM users in their vault.
These users are private users, that's why we want them to be invisible to all the other users.
we will also have some shared PAM users, this needs indeed to be visible to all

@kalshum I think the second step is missing and that is to allow only access as a reader to the user directly on the account in the PAM vault. We do this all the time for our vaults so that we do not have to create a vault per person and for tidy organization

Set the PAM Vault to have at least reader to the group of users whose accounts are in that vault and then set each PAM account at least Reader role to the user needing it. Hope this helps. also see graphics for more clarity

Hi,

Thanks for this, we now have figured out the reason why all users saw all other users Pam vaults, and it is solved :D