> For the complete documentation index, see [llms.txt](https://docs.devolutions.net/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.devolutions.net/pam/knowledge-base/knowledge-base-articles/limitations-on-account-brokering-for-specific-tools.md). # Limitations on account brokering for specific tools Privileged Access Management (PAM) systems often restrict the visibility of passwords for security reasons. In Devolutions Server, and similar to some of our partners, we implement a dual permission approach: one allows viewing the password, and the other permits the use of the password through Remote Desktop Manager acting on your behalf. We refer to this functionality as account brokering, commonly known as "acting by proxy." Essentially, Remote Desktop Manager acts like a concierge who, instead of giving you a key, directly opens the door for you. However, this functionality presents a challenge with Remote Desktop Manager, which was initially designed to prioritize ease-of-use, flexibility, and integration with nearly 160 different technologies. For some of these technologies, restricting password usage proved to be highly complex. The only viable solution to mitigate risk was to disable access to certain technologies entirely. Examples of these include command lines, PowerShell, and various management tools. While it remains a possibility to enable these technologies in the future, currently, the risk of potential security breaches — especially considering that a malicious user could substitute a secure tool with a self-created, insecure one — is too great to address effectively at this time. In Devolutions Server, granting permission to view the password can circumvent some issues, but if your security protocols prohibit this or if you utilize an integration that lacks this option, unfortunately, there is no current workaround available. As part of our agreement with CyberArk, it is forbidden to ever display a password that has been obtained through our integration. For this reason, a significant number of built-in technologies in Remote Desktop Manager will trigger an error when you attempt to use a CyberArk credential. --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.devolutions.net/pam/knowledge-base/knowledge-base-articles/limitations-on-account-brokering-for-specific-tools.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.