Attribute-based Exclusive Mapping
Active Mapping lets you define the principles of access in your IT environment by letting you map User groups with Account Groups. If you want to skip the tedious task of manually selecting Accounts to while providing Exclusive Access to a User Group, you can use the 'Mapped User and Privileged Account' option. You may define a pattern using "prefix%Username%suffix" format. The '%' before the Username indicates that there may be any number of characters before the Username. Similarly, the '%' after the Username indicates that there may be any number of characters after the Username. The username may be the exact Username or a chunk from it. All the Accounts from the afore-selected Account Groups will be compared to this pattern and mapped if they match the defined pattern.
Procedure:
- Login to the system and select PAM from the product navigator.
- Go to Policies → Active Mapping → New Active Mapping →Fill up the Name and Description
- Check the desired User group and on the other side select the desired Account groups.
- Select the Exclusive Only option.
- Enable the Mapped User and Privileged Account checkbox.
- Specify the pattern.
- Click on Update.