PAM permissions

From Devolutions Server v.2024.3 on, PAM vault management settings practically mirror those of regular Vault management, with a few notable exceptions:

  • Default permission sets are different (see image below).

  • The My account settings and Security settings sections are not available in PAM vault management.

  • In Default permissions, the More tab is replaced by a PAM tab, which lists PAM–only settings and options (see table below).

Note that PAM permission sets are not applicable to non–PAM vaults, and vice-versa.

PAM vault management
PAM vault management

PAM folder-specific permissions

Permissions can also be set for individual PAM folders by heading to PropertiesSecurityPermissions.

PAM folder permissions
PAM folder permissions

PAM–only settings

   
Reset password Allow every user (or specific ones if Custom is chosen) to reset PAM entries' passwords in accordance with their Password template mode.
Approve checkout request Allow every user (or specific ones if Custom is chosen) to approve demands for checkout on PAM entries.
Force checkin Allow every user (or specific ones if Custom is chosen) to force other users to checkin PAM entries.
Checkout Allow every user (or specific ones if Custom is chosen) to checkout PAM entries.
Read logs Allow every user (or specific ones if Custom is chosen) to read PAM entries' logs.

PAM default permission sets

Here is a table summarizing each default permission set in PAM vault management:

PAM vault management – Permission sets
PAM vault management – Permission sets

See also

 

Devolutions Forum logo Give us Feedback