Symantec Privileged Access Management

Expand all | Collapse all

HOW TO: Allow admin users to expire password view request?

  • 1.  HOW TO: Allow admin users to expire password view request?

    Posted May 22, 2019 10:43 AM

    Is the ability to expire a password view request reserved to users listed in the Dual Authorization tab of a PVP?

     

    Approvers listed under the Dual Auth tab of a PVP can see the Accounts for which a password view request has been submitted / approved, etc under the Credentials-->Workflow--All Requests. 

     

    Furthermore, from there the approver can take actions such as approve / deny / expire / force check-in etc.

     

    Is it possible to, otherwise, configure PAM Global Admins with CM System Admin role to also be able to expire password view requests, without being listed in the Approvers list? 

     

    Currently, it does not appear to be possible.

     



  • 2.  Re: HOW TO: Allow admin users to expire password view request?
    Best Answer

    Posted May 22, 2019 02:35 PM

    found a workaround: temporarily list the admin under the Dual Auth approvers list in the relevant PVP.

     

    The admin can then go under Credentials --> Workflow-->All Requests and expire the approved request.

     

    However, it would be nice if Global Administrators who are also CM System Admins were to be able to do this without having to modify PVPs.