Hi,
We have onboarded CyberArk Privilege Cloud source and wanted to aggregate container permissions for the user.
As per the document of the source, under supported features it is mentioned that it supports aggregating ‘Container/Safes permissions as a Direct Permission’ but document doesn’t contain any information of how that can be achieved. What modifications are required in the schema ?
Thanks,
Sagar
Hi Sagar,
There are no changes required in the schema.
You should be able to get the Safes and its permissions assigned to Groups after entitlement aggregation is completed.
Please make sure that Groups are assigned to Containers.
To check on the Managed system side, you can verify ContainerPermissions endpoint.
Also there are few prerequisites in terms of service account permissions and those are documented as part of Prerequisite section which navigates to CYberark doc those needs to be configured correctly to Service Account.
Thanks Rajat, I think I slightly misunderstood here, I want to aggregate Container Permissions given to the user account. Is that possible ?
Hi Sagar,
I believe you are talking about this use case mentioned below.
UserA> Container A>Read/Write
As of now, this feature is not supported for this connector
cc @deepesh_kumar
Hi Sagar - this is on the roadmap for the later part of the year, but will allow only “read”.
Thanks @Rajat_Majumder & @deepesh_kumar, till the time it is implemented, I might have to shift to Web Services connector to aggregate those permissions.
Even source type SCIM 2.0 won’t help here, because there is no configurate option to call another API, post iterate account call, am I right ?