Announcing the Saviynt Knowledge Exchange unifying the Saviynt forums, documentation, training,
and more in a single search tool across platforms. Read the announcement here.
This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Avanced Account visibility control

lionelrl
New Contributor III
New Contributor III

‎07/15/2023 06:32 PM

Hi ,

Is there a way we can fine tune the account visibility on the endpoint using a role ?, for example , I have 10 accounts in AD endpoint , is there way I can make selected set of accounts visible to selected set of individuals ?. 

 

Also , what does the below configuration in the PAM_Config affects ? I had searched documents and did not find any viable information, 

"endpointPamConfig": {
         "maxConcurrentSession": "50"
      },
      "accountVisibilityConfig": {
         "accountCustomProperty": "customproperty55",
         "accountMappingConfig": [
            {
               "accountPattern": "cpamuser*",
               "mappingData": "roletest1",
               "override": "false"
            },
            {
               "accountPattern": "cpamuser1,cpamuser2",
               "mappingData": "roletest2",
               "override": "false"
            }
         ]
      }
Labels:
0 Kudos
4 REPLIES 4

vikasjv
Saviynt Employee
Saviynt Employee

‎07/17/2023 03:11 AM

Hi @lionelrl ,

Thanks for posting your question.
Please refer to the below article for managing account visibility.
https://docs.saviyntcloud.com/bundle/CPAM-Admin-Guide-v23x/page/Content/L-Manage-Accounts/Account-Vi...
Please let us know if you have any queries.

0 Kudos

anitha_swapna
Saviynt Employee
Saviynt Employee

‎07/17/2023 07:31 AM

Hi @lionelrl ,

Thanks for reaching out. 

Regarding the configuration information in the PAM_Config that you had posted, please find the details:

  • endpointAccessQuery: It provides the endpoint visibility for requesting privileged access. It is based on a user-defined query or any entitlements and roles.

  • allowChangepasswordquery: It ensures the change of password or password rotation for an account.

  • accountVisibilityControl: It helps in determining the accounts that must be displayed for users when requesting for privileged access. The analytical control PAMDefaultUserAccountAccessControl includes the query for this feature, and it is added to the custom property of an endpoint. This analytical control is available by default and can be easily added to an endpoint.

The account visibility is based on roles or entitlements assigned to users and it is added to the custom property of an endpoint. For example, users in the finance department cannot view any accounts that are available to human resources (HR), as the account visibility is mapped to the user's role within the organization.

Thanks,

Anitha.

0 Kudos

NageshK
Saviynt Employee
Saviynt Employee

‎07/25/2023 08:34 AM

@lionelrl As discussed in the SME hours call, please share the updated query that worked for you. It will help others looking for similar information.

Thanks,

Nagesh K 

0 Kudos

suresh_ravuri
New Contributor III
New Contributor III

‎10/07/2023 03:32 PM

@NageshK  @lionelrl I would appreciate it if you could provide the query since we also have similar requirements for the client

0 Kudos
Copyright © 2024 Khoros, LLC