13.2 REST PAM Account and Permission Collectors

OpenText Privileged Access Manager manages and monitors administrative access to servers, networks, and databases to any target application through its access control objects, such as user roles, resources, resource pool, and assignments.

User roles and resource pools are logical groupings, where user roles are allocated permissions to access resources. These resources, in turn, are organized within a resource pool. OpenText Privileged Access Manager utilizes assignments to establish a connection between user roles and the associated resource pool.

The PAM account collector collects unique members and group members from all user roles, and the permission collector collects user roles and members included in the role, resource pool, and the user role-resource pool parent-child relationship. These accounts and permissions are mapped to identities by association or other attributes. Because OpenText Privileged Access Manager uses LDAP as its identity source, the PAM collector maps only LDAP accounts to identities.

When configuring the REST PAM account Collector, configure service parameters as needed, then specify the Account-User Mapping parameter as “id” and map it to the identity attribute which holds the objID.

Optionally, if you want the PAM accounts to be populated uniquely in the OpenText Identity Governance catalog, then in the Collect Account view for Mapped Attributes specify the PAM attributes. For example, ID which is unique to PAM account. Then write an ECMA script for the Collect Account attributes for example:

[outputValue = "NetiqPAM" + inputValue]

When configuring the REST PAM Permission Collector, configure service parameters, then depending on the type of permission you want to collect, select the permission type separately for User Role and Resource Pool and specify if you want to collect disabled permissions.