Account & Group Creator User
The user who created it can create their own static and dynamic accounts. A Device Realm is required when creating all accounts, except for a SAPM STATIC Strategy. The Kron PAM Admin user is the one who created the Device Realm. Each user-created account and group is private to the user. Other User Groups need permission to view and manage these accounts and groups. To create a private account, the following parameters must be entered on the System Config Manager screen:
Parameter Name | Parameter Value | Description |
sapm.private.option.default.value | YES (Default value is NO) | The parameter that creates the private account. |
sapm.private.option.hide | true (Default value is false) | Parameter that removes the private field from the SAPM Accounts tab. |
Creator user groups must have the following function groups:
Function Group | Description |
SAPM Management | The main SAPM function group. |
SAPM Account Module Visibility | Function group that grants the authority to see the SAPM Account Tab. |
SAPM Group Module Visibility | Function group that grants the authority to see the SAPM Group Tab. |
SAPM Group Admin | Can authorize the user to create an account. |
SAPM Group Manager | Can authorize the user to create a group. |
SAPM Historical Password Viewer | Can authorize the user to see old password values. |