The Connection Reservation and Query Approval features have been integrated into the SQL Proxy module. These enhancements ensure that users must receive managerial approval either to access a database or to execute specific queries. The following sections detail how these processes function within Kron PAM.

Within the SQL Proxy module, users are required to create a reservation when attempting to connect to a database. This reservation specifies the time frame for access and must be approved by a manager.

The policy group must contain approval definitions. First, create an Approval Workflow that indicates what to do if some kind of reservation is created. 

Depending on your realm setup, specific user groups, such as MSSQL user groups, may exist, and members of these groups will be required to obtain approval from a manager before accessing databases. 

 by selecting the target database and specifying a "Reason" for the connection. For example, users may need to perform tasks such as creating tables or retrieving data. This reason is communicated to the manager for approval. 

The manager reviews the reservation request, which includes details such as the user’s name, the target database, and the reason for the request. The manager may approve, reject, or ignore the request. Without approval, the user will not be able to connect to the database. User Manager needs to be navigate to Dashboard page and approve the request in ‘My Approvals’.

Once the reservation is approved, the user is allowed to connect to the database within the specified time frame. During this session, additional policies may govern the queries that can be executed.

After connecting to the database, certain sensitive queries may require further approval before they can be executed. This ensures that critical data remains protected, with managerial oversight for specific query executions.

: Users attempting to execute a query, such as extracting data from a sensitive customer table, may be blocked if the query matches predefined policy rules. In such cases, an approval request is automatically sent to the manager.

: The manager receives an approval request via email, SMS, or the GUI, allowing them to approve or reject the query. Once the query is approved, it can be executed by the user.

All connection attempts and query executions are logged for auditing purposes. The logs include details of the sessions, the queries executed, and the approvals granted or denied. These logs allow for comprehensive monitoring of database access and query execution.

Logging SQL Queries

Connection Reservation & Command Approval

Creating Data Types 

Bulk Data Type Import

Data Discovery

Schedule Discovery

Managing Data Standards and Data Types

Data Discovery with Standards

Data Regulatory Standards

Adding a Data Dictionary

Scheduling a Discovery Using Data Dictionary

Viewing and Managing Discovery Results

Data Dictionary

Sensitive Data Discovery

3.8.1 Kron PAM Web GUI

License Manager

Email Server Configuration

Language Settings

Menu Lists Management

System Configuration Parameters

Enabling Push Notifications for Kron PAM Mobile Client Application

Enabling HTTPS on the Kron PAM Web GUI

Backup Management

Log Management

SAML Authentication

Hardware Security Module (HSM) Integration

Windows Authentication on the Kron PAM GUI

PKI Authentication

SMS Configuration

Logo and Background Customization

Multitenancy

Kron PAM Administration

Manual User Creation

Kron PAM Users Search

User Actions Menu

Editing Kron PAM Users

Editing User Properties

Temporary User

Local User Bulk Import

New User Request

Force New User to Change Password 

User Password Strength Settings 

User Password Hash Algorithm Settings

Notifying Inactive Users Before Lock

LDAP/Active Directory Integration

Microsoft Entra ID Integration

User Group Creation

Assigned Credentials

SSH Keys Manager

User Management

Element Type

Device Groups

Device Inventory

Device Management

Policy Key Creation

Policy Groups Creation

Device Realm Creation

Policy Tracking

Policy Management

Managerial Approval for Connections 

Managerial Approval Connection Reservation

Managerial Policy Reservation

Managerial Approval for Commands

Managerial Approval in Shared Account Password Manager (Vault)

Approval Workflow

Approval Workflow SMS Settings

Approval Management

SSH Proxy

RDP Proxy

HTTP Proxy

Advanced Authorization Methods

User and Entity Behavior Analytics

OT/ICS Session Manager

Session Manager

Password Vault

Application Token

Audit

Vault Agent

Secrets

Sending the MFA QR Code to Users

Creating a Connection Between Kron PAM and the Kron PAM Mobile Client Application

Enabling Multi-Factor Authentication (MFA)

Using MFA to Log in to the Kron PAM Web GUI

Using MFA to Log in to the Kron PAM Desktop Client

Using MFA for SSH Connections

Using MFA for RDP Connections

Using MFA for SSH Proxy

Using MFA for HTTP Proxy

Using MFA for SFTP Proxy

Using MFA for TACACS+ Manager

Using MFA for Radius

Using MFA for Kron PAM Mobile Client Application

Using MFA for Remote Privileged Access Management

Offline Mode Settings

Using SMS for MFA

Using E-mail for MFA

User Token Management

Using Hardware Tokens for MFA

Using Authentication Key (FIDO Key) for MFA

Using Keystroke for User Behavior Analytics

MFA Configurations for VPN Services

External MFA Providers

Multi-Factor Authentication

Basic Configurations for Unified Access Management

MSCHAPv2 RADIUS Configuration

TACACS+ Management Configuration Page 

Unified Access Manager

SQL Proxy

SFTP Proxy

Data Access Manager

Importing Devices from Amazon Web Services

Importing Devices from Microsoft Azure

Importing Devices from the Google Cloud Platform

Cloud PAM

CSP Account Definition

Enabling CIEM Service

Azure

Cloud Infrastructure Entitlement Management (CIEM)

Creating Script Group

Creating Script

Adding a Script Realm

Running a Script

Privileged Task Automation Logs

Privileged Task Automation

Kron PAM Logs

Active Sessions and Dual Control

System Log Viewer

SIEM Configuration

Reports

Threat Analytics and Response Dashboard

Tamper-Evident Logging

Kron PAM Reporting and Logging Functions

Monitoring

Alarms

Alarm Configuration

Monitoring & Alarms

Watchdog Configuration 

Watchdog Mechanism

High Availability

Failover Scenario

Visualizing Reports and User Rights

Creating Charts for Reporting

Creating Dashboards

Scheduling Reports

Dynamic Reports

Reporting

Logical Architecture

Tenant Management Requirements 

Tenant Management Interface

Administration by Tenant Admins

System Config Manager Parameters for Multitenancy

DevOps Integration

Kron PAM Remote Access Portal

RPAM Connector

User Types for Remote Privileged Access Management

License Management

LDAP Integration

Remote Access Configuration in Kron PAM

Kron PAM Remote Privileged Access Management (RPAM)

APPENDIX 1: System Config Manager Parameters

APPENDIX 2: Job Descriptions for Job Scheduler

Reference Guide