To enable the Automatic response “Add to Pending” within PTA when unmanaged credentials are found, what are the minimum permissions required by PTAUser for the PasswordManager_pending safe?
To enable the automatic response “Add to Pending” within PTA when unmanaged credentials are found, the PTAUser needs to have the minimum permissions for the PasswordManager_pending safe as follows:
List Accounts: This permission allows the PTAUser to view the accounts in the safe and their properties.
View Safe members: This permission allows the PTAUser to view the members of the safe and their authorizations.
Add accounts (includes update properties): This permission allows the PTAUser to add new accounts to the safe and update their properties, such as name, address, platform, and policy.
Update Account content: This permission allows the PTAUser to update the password of the accounts in the safe.
Update Account properties: This permission allows the PTAUser to update the properties of the existing accounts in the safe, such as name, address, platform, and policy.
These permissions are required for the PTAUser to be able to detect unmanaged privileged accounts and add them to the pending accounts queue in the PasswordManager_pending safe. The PTAUser also needs to have the same permissions for the PasswordManager_reconcile safe to enable the automatic response “Reconcile credentials” for suspicious password change events. References: Configure PTA Remediations, Safe Member Authorizations
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit