Skip to content

Container Details

Click View Details on a container to view and edit its contents.

The page contains three tabs:

Identities
All identities with access to the privileged items, either directly or effectively – Container Details: Identities (Link)

Groups
All groups with access to the privileged items – Container Details: Groups (Link)

Privileged Items All the items to which this container provides access – Container Details: Privileged Items (Link)

PAM Container Owners

The PAM feature lets you designate owners for your PAM containers. This option allows you to separate the responsibility for the PAM container's contents from responsibility for the PAM application itself.

In other words, the PAM application owner is the identity or workgroup responsible for the connection to the PAM source; the PAM container owner is responsible for approving changes to the identities or items in a PAM container.

PAM Container Owners and Viewing/Editing Privileges

The PAM feature uses two user rights to control who can view or edit a PAM container. If you plan to use container owners to designate who will manage your containers, be sure that your owners have the correct user rights:

  • PAM Administrator – the user can view and edit all PAM containers.

  • PAM Viewer – the user can view all PAM containers, and can edit any container the user is an owner of.

Note that if you designate an identity or workgroup as a PAM container owner, but do not also add the PAM Administrator or PAM Viewer capability to that identity or workgroup, the container owner will not be able to directly manage the container(s) they own.

For details about how approvals are handled for changes to PAM containers, see Approvals for Changes to PAM Containers (Link).

Container Details: Identities

Use this tab to view, add, or remove identities in this container.

The add and remove features are only available if this option was enabled during your PAM configuration. See PAM Global Configuration Settings (Link) for more information on these configuration options and Adding and Removing Identities in a PAM Container (Link) for details on adding and removing identities.

The Direct Access tab shows identities granted direct access to this container (view, add, remove)

The Effective Access tab shows identities granted access to this container through group membership (view only)

Display Name
The display name of the identity as aggregated from the privileged account management application.

Status
Current status of the identity as determined through aggregation.

Manager
The listed manager of this identity, if one has been assigned.

Details
View details, permissions granted and the account and application from which they were granted, or Remove the identity from the container. For more details, see Adding and Removing Identities in a PAM Container(Link).

Container Details: Groups

Use this tab to view detailed information about groups.

Display Name
The display name of the group as aggregated from the PAM application.

Description
A description of this group, if one is available.

Details
View details, the identities contained within the group, the permission granted the group by this container, and all of the permissions granted this group and the containers through which they are granted.

Container Details: Privileged Items

Use this tab to view, add, or remove privileged items to which this container grants access. Privileged items are things like accounts, credentials, files, and keys.

The add and remove features are only visible if enabled during your PAM configuration. See PAM Global Configuration Settings (Link) for more information on these configuration options, and Adding and Removing Privileged Items in a PAM Container (Link) for details on adding and removing items.