How can I add Credential Manager roles to a PAM user?

Document ID : KB000104955
Last Modified Date : 05/07/2018
Show Technical Document Details
Introduction:
The Access Manager PAM Component and the Credential Manager PAM component deal with the roles in a different manner.
This can create some confusion  the moment the different roles have to be assigned to the users.
The present document should help in the following scenario:
 
  • I have added Access Manager roles to a particular PAM user, in this example 'Auditor'.
User-added image
 
  • But I do not see how to add the Credential Manager roles.
  • When I click on the 'Credential Manager Groups' tab, the pane seems to be grayed out and a message stating "You must add a role that has access to select Credential Management Groups" is shown.
 
User-added image
Question:
How can I add Credential Manager roles to a PAM user?
Environment:
Any hardware or software appliance running any version of PAM.
Answer:
  • In order to add Credential Manager roles to a user you should create a "Credential Manager User Group" first and add the role to it by clicking on the magnifying glass by the Role entry field. In this example 'ViewReports' has been selected.
 
User-added image
 
  • Then in the 'Users' tab add the user we previously mentioned by clicking on the '+' button:
 
User-added image
 
  • And selecting it from the user list and clicking 'OK'

User-added image
 
  • After that, if the user Test opens the PAM Client, it can access the 'Auditor' Access Manager role:

User-added image

 
  • And the 'ViewReports' Credential Manager role:
User-added image