and more in a single search tool across platforms. Read the announcement here. |
04/18/2023 09:07 PM
I have a use case that will only include the Applications that are PAM enabled to be part of the Campaign.
Is it possible to just filter an endpoint using the PAM_STATE in the query instead of the ep.id?
04/18/2023 09:34 PM
Yes you can use any other endpoint attributes from endpoints tables
04/19/2023 07:10 AM
Hi @mgra
You can design the use case like below:
1. Identity all the endpoints (applications) which are PAM enabled
2. Once you identify the endpoints, choose one of the CP of the endpoint to store the value like 'PAMEnabled'
3. Once all the endpoints are marked then you should be good to start the certification.
4. In the campaign config, add below query in the Application filter
and ep.customproperty8 like 'PAMEnabled'
Assuming that CP8 of the endpoint is storing the required information
Thanks
04/19/2023 08:26 AM
@mgra : PAM_STATE comes from different table so if you have to use that then you have to use subquery. But looking at application field in certification you may need to build HQL query.
I personally tried below queries but was giving syntax error
and ep.id in (select e.endpointkey.id from endpoints_properties e where e.PAM_STATE='ENABLED')
and ep.id in (select e.endpointkey from endpoints_properties e where e.PAM_STATE='ENABLED')
Not sure if there is any issue with HQL query I tried or field itself is not accepting subquery. But same format worked in other parameters.
As a workaround what you can do is you use endpoint customproperty43 (this is default attribute, if you changed the attribute to something else in PAM_CONFIG use that accordingly) to differentiate PAM_ENANBLED endpoints vs regular one, where you will populate visibility control analytics name for all PAM endpoints. Let's say you have used analytics PAMDefaultUserAccountAccessControl for this purpose then you can build the logic as below
and ep.customproperty43 in ('PAMDefaultUserAccountAccessControl')
Otherwise you can also follow the steps mentioned by @dgandhi