Announcing the Saviynt Knowledge Exchange unifying the Saviynt forums, documentation, training,
and more in a single search tool across platforms. Read the announcement here.
This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

CPAM-How to Restrict users to view only specific instance ID through privilege session

Diwakar
Regular Contributor
Regular Contributor

‎01/23/2024 10:43 PM

Hi,

We have use case, we onboarded 20 on-prem servers to CPAM and these on-prem servers is to access through JIT.

Now our query is how to restrict end users to view only specific instance ID when requesting the PAM access through On-Prem Privilege Session. Currently all users are able to see all on-prem instance id which we onboarded to CPAM.

Thanks,

Diwakar.

Labels:
0 Kudos
5 REPLIES 5

DixshantValecha
Saviynt Employee
Saviynt Employee

‎01/25/2024 07:20 AM

Hi @Diwakar,

 
We are checking on your request and we will keep you posted.
0 Kudos

DixshantValecha
Saviynt Employee
Saviynt Employee

‎01/29/2024 01:40 AM

Hi @Diwakar,

Could you please provide more context or specifics about your business use case? This will help me tailor the detailed information to your specific needs and requirements.

0 Kudos

Diwakar
Regular Contributor
Regular Contributor
In response to DixshantValecha

‎01/29/2024 01:51 AM

Hi @DixshantValecha  Main context is lets say we onboarded 10 servers to CPAM. Now these 10 servers are showing under Privilege session to request for PAM access. Now our requirement is not all users should see these 10 servers under their Privilege Session list when requesting for PAM session.

Currently in my case, whoever end users logging to IGA they can request and see all 10 servers which were onboarded to CPAM.

Hope that clarifies! Please suggest.

Thanks,

Diwakar,

0 Kudos

DixshantValecha
Saviynt Employee
Saviynt Employee

‎01/31/2024 12:00 AM

Hi @Diwakar,

 

You can use the Access Query parameter in the Endpoint Details tab to control the endpoint visibility.You must define a query what users should have access to that endpoint.
0 Kudos

DixshantValecha
Saviynt Employee
Saviynt Employee

‎01/31/2024 12:04 AM

Hi @Diwakar,

Please refer the below mentioned documents for detailed information on Accesss Query.

https://docs.saviyntcloud.com/bundle/CPAM-Admin-Guide-v24x/page/Content/E-Onboard-Target-Endpoint/Co...

https://docs.saviyntcloud.com/bundle/EIC-Admin-v24x/page/Content/Chapter13-Access-Requests/ars-uc-im...

https://docs.saviyntcloud.com/bundle/EIC-Admin-v24x/page/Content/Chapter02-Identity-Repository/Viewi...

We have created a sample query for your reference as well 

SELECT
ep.endpointkey AS ENDPOINTS__PRIMARYKEY,
'FIREFIGHTERID,Service Account' AS ENDPOINTS__ACCOUNTTYPEFORSERVICEACCOUNT
FROM
Endpoints ep
WHERE
ep.ENDPOINTNAME = 'Cred_Vault_App_Admins'
AND ep.endpointkey NOT IN (
SELECT
endpointkey
FROM
PrivilegeSessionList
WHERE
UserID IN (
SELECT
UserID
FROM
Users
WHERE
-- Add conditions to filter out users who should not see the servers
-- For example, you can use user roles or groups here
-- Example condition: role != 'Restricted Role'
)
);

Please validate and let me know if further details are needed on this.

0 Kudos
Copyright © 2024 Khoros, LLC