Configuration

Privileged Access Management provides the ability to associate and execute one or more Tasks on records.

This can allow for elevated job execution by securely sharing this record (but not the password) with a user that would typically not be permitted to run such a command.

A Task is a combination of a Script (what is executed against the record) and a Policy (when it is executed against the record).

The principal may execute or review task results as well as view the task list. To include the ability to Add/Remove tasks and edit Task Policies, the user should be assigned both Record Control: Owner and Task Control: Manage permissions.

To configure and execute a script associated to a record

  1. Open your record and click the Manage > Tasks button along the bottom.

    2. TaskExecution-01.png

  2. Once in the Task view, click the Make Unique button and then OK on the confirmation dialog.

    If you do not want to make tasks unique to this record, you can click the name of the Record Type that it inherits located along the top portion of this frame. Then from the Record Type page, you may then click its Task button to add or modify tasks that will then automatically inherit back down to this and all records that use this record type.

    Strategy-MakeUnique.png

  3. Click the Add Task button.

    TaskExecution-03-AddTask.png

  4. On the Task page, select your Script from the dropdown menu. The scripts that appear in this selection menu are stored in the System Scripts library. If you would like to create a new custom script or modify an existing script, navigate to Administration > Scripts and click the Create or Edit buttons.

  5. Assign a Policy Event for when the Script should be executed.

    Note that adding the On Demand option will allow a user to execute this Task by simply clicking the Execute button on this record. This is the recommended Event for testing scripts before deploying to production records.

    TaskExecution-05-TaskConfigured.png

  6. Click the Save button when you are finished configuring your Task.

  7. You may now add an additional Task or you can return to your Record View by clicking on the breadcrumb.

    TaskExecution-07-TaskBreadcrumb.png

  8. From the Record view, click the Execute button and then select your Script from the dropdown menu.

    PAM-TaskExecution-08-TaskExecute

  9. This Script will now be added to the Job Queue.

    Strategy-JobQueue.png

  10. When the Job is processed, it will be removed from the Queue. Depending on your System configuration settings and the current system activity, this may take anywhere from a few seconds or minutes to complete.

  11. To view the current status of any Job, click the Job History button.

    JobHistory-Toolbar.png

  12. The Job History view will display all scripts that have been executed with this record. The most recent will be sorted to the top. If necessary, click the Refresh button until the State changes to Completed.

    Task-Execution-Task-History.png

  13. When the State is either Completed or Error, click the Details to view the response that was returned when the strategy was executed.

    FAQ-JobHistory-View-Completed-Details

JobHistory-View-Completed-Details-Expanded.png