PAM Container Owners

The PAM feature lets you designate owners for your PAM containers. This option allows you to separate the responsibility for the PAM container's contents from responsibility for the PAM application itself.

In other words, the PAM application owner is the identity or workgroup responsible for the connection to the PAM source; the PAM container owner is responsible for approving changes to the identities or items in a PAM container.

PAM Container Owners and Viewing/Editing Privileges

The PAM feature uses two user rights to control who can view or edit a PAM container. If you plan to use container owners to designate who will manage your containers, be sure that your owners have the correct user rights:

PAM Administrator – the user can view and edit all PAM containers.
PAM Viewer – the user can view all PAM containers, and can edit any container the user is an owner of.

Note that if you designate an identity or workgroup as a PAM container owner, but do not also add the PAM Administrator or PAM Viewer capability to that identity or workgroup, the container owner will not be able to directly manage the container(s) they own.

For details about how approvals are handled for changes to PAM containers, see Approvals for Changes to PAM Containers.


	You are here: