Permissions on PAM can be controlled at two levels—system-wide and on a provider-by-provider basis. When designing a PAM permission scheme, you may use entirely system-wide permissions or you may use a combination of system-wide permissions and provider-level permissions. Both system-wide and provider-level permissions are configured through Security Roles (see Security Role Operations).
> Privileged Access Management page, and Modify permissions to modify the settings.System-wide PAM permissions are controlled using the Privileged Access Management role permission. These permissions control which users have access to viewing and managing any PAM providers you will use in your Keyfactor Command implementation.
Figure 347: Global PAM Permissions
PAM provider-level permissions are controlled with the optional provider-by-provider permissions on the PAM Provider Permissions tab of the Security Role Information dialog. The permissions set on the PAM Provider Permissions tab allow a user to access only the referenced PAM provider when selected.
Any PAM providers that do not have provider-level permissions applied fall back to the system-wide permissions, if any system-wide permissions have been set for that security role.
Figure 348: PAM Provider Permissions
PAM permissions can be granted system-wide or on a provider basis. Both options share the same permission options (see Privileged Access Management (PAM)).