Which PAM administrator authorized the session

Products Privilege Secure Ideas
,
1

What is a one sentence summary of your feature request?

Which PAM administrator authorized the session.

Please describe your idea in detail. What is your problem, why do you feel this idea is the best solution, etc.

We are using the Netwrix Privilege Secure (PAM) solution with multiple PAM administrators.
It is critically important for auditability and compliance to be able to identify which PAM administrator approved a privileged session.

Currently, the system does not provide clear visibility into which PAM administrator approved a specific session. As a result, when a session is approved in violation of internal policies, it is not possible to determine which PAM administrator performed the approval.

For example, according to internal policies, entering a valid internal ticketing system reference number is mandatory when creating a privileged session. However, users may enter non-existent or generic values (e.g., “1111”), and the session can still be approved by a PAM administrator.

Since there are multiple PAM administrators (five in total), the lack of traceability prevents accountability, audit transparency, and enforcement of internal security policies.

How do you currently solve the challenges you have by not having this feature?

I cannot resolve this issue.

2

Hi Viktor,

Thank you for submitting this request!

I agree that this is something we need to add to the product. I’m thinking that kind of tracking would be done in Audit & Reporting → Events. In Events, there could be a specific event per approval that shows which user approved.

I think an Event per approval is necessary since we allow users to configure approvals to need multiple approvals and/or tiers of approvals.

What do you think? Do you like that approach? If so, I can’t comment on a specific timeline at this time, but I appreciate your feedback and want to track this request.

- Dan