Enforcement Policies
Role-based enforcement policy settings for KeeperPAM
Last updated
Was this helpful?
Role-based enforcement policy settings for KeeperPAM
Last updated
Was this helpful?
Role-based Access Controls (RBAC) provide your organization the ability to define enforcements based on a user's job responsibility as well as provide delegated administrative functions. Prior to proceeding with this guide, familiarize yourself with roles and enforcement policies.
From the Admin Console Preview, enable the corresponding PAM Enforcement Policies.
Login to the Admin Console Preview for your region.
Under Admin > Roles, create a new role for PAM or modify an existing role.
Go to Enforcement Policies and open the "Privileged Access Manager" section.
Enable all the PAM enforcement policies to use the new features.
Can create applications and manage secrets
Allow users to create and manage KSM application
Can create, deploy, and manage Keeper Gateways
Allow users to create, setup, and manage Keeper Gateways
Can configure rotation settings
Allow users to configure Rotation settings on PAM User and PAM Configuration Record Types
Can rotate credentials
Allow users to rotate credentials on PAM User Record Types
Can configure connection and session recording
Allow users to configure Connection and Session Recordings settings on PAM Machine, PAM Directory, PAM Database and PAM Configuration Record Types
Can launch connections
Allow users to launch connections on PAM Machine, PAM Directory, PAM Database Record Types
Can view session recordings
Allow users to view Session Recordings
Can configure tunnel settings
Allow users to configure Tunnel settings on PAM Machine, PAM Directory, PAM Database and PAM Configuration Record Types
Can start tunnels
Allow users to start tunnels on PAM Machine, PAM Directory, PAM Database Record Types
Can configure remote browsing and session recording
Allow users to configure Remote Browser and Session Recordings settings on PAM Remote Browsing and Configuration Record Types
Can launch remote browsing
Allow users to launch remote browsing on PAM Remote Browsing Record Types
Can view RBI session recordings
Allow users to view RBI Session Recordings
Discovery is currently only available on Keeper Commander. The UI is coming soon.
Can run discovery
Allow users to run discovery
These policies are not required moving forward, but they exist for support of legacy features.
Legacy allow rotation
Allow users to perform password rotation
The Keeper Commander CLI enterprise-role
command can be used to set these policies through automation. The list of policies related to PAM functionality is listed below.