Limited PAM Administrator
2 votes
We would like to give a group enough access to PAM to allow them to create Providers, Scan Configurations, Propagations, and allow them to add users to specific vaults, but not allow them full PAM admin rights.
Use case:
We have a network team that we want to have manage PAM for their devices, appliances, and tools. The server team (which also manages DVLS and PAM) does not have access to network team resources and does not want to give network team access to server PAM resources. Network team should be able to manage all their own PAM needs.
Otherwise, it seems we need to stand up and entirely new DLVS instance just for them.
All Comments (1)
Our own team asked for this when we gave them our PAM initially.
We have a huge undertaking of harmonizing our PAM with the RDM architecture. We are hoping to finish the project by the end of the year. Once that is done, we can finally think of reworking the permissions. Its always been a let-down for me to only see the PAM under the Administration menu. I cannot wait to separate the functionalities per area of concern instead.
Sorry about that
Maurice