Available Credential Manager Reports

The following list describes the available Credential Manager reports.
capam33
The following list describes the available Credential Manager reports. The maximum number of report entries defaults to 5000. For information about changing this setting, see Maximum Number of Report Entries on Set Up Credential Manager Operation Settings. The setting can be changed at
Settings
,
Credential Manager
,
General Settings
.
You can refine the output of most reports by date and other filterable parameters by entering values in the available fields or selecting values using the calendar or magnifying glass icons beside them as is seen in the following screenshot:
Credential Manager report filters
Screenshot showing Credential Manager report filters
The following content lists the data returned by all the available reports and indicates which values can be filtered when requesting the report:
Account Password Update Attempts
This report lists accounts where an attempt was made to change the password. This report returns the following information:
  • Date:
    Select a
    Quick Date
    (such as This Month) or the
    Start
    and
    End Date
    of the update. (Filterable)
  • Target Account Name:
    The name of the target account. (Filterable)
  • Changes By:
    The User who initiated the password update attempt. (Filterable)
  • Target Server Host Name
    : The name of the target server host. (Filterable)
  • Target Application Name:
    The name of the target application. (Filterable)
  • Account Access Type:
    The type of account access. (Filterable)
  • Password View Policy ID:
    Use the magnifying glass to filter by Password View Policy. (Filterable)
  • Changed:
    This value displays TRUE if the password update attempt succeeded, or an error code if the update failed.
  • Gen'd:
    Displays whether a password was automatically generated. This value displays TRUE if PAM auto-generated a new password for this password update attempt based on the Password Composition Policy associated with the target application. Otherwise, the column displays FALSE (for example, if a user manually updated the password for a target account, or a scheduled job runs with a manually configured password).
  • Duration:
      The duration of the password update attempt.
  • User:
    The user that initiates the password update attempt. For example, such a user might be a PAM admin who updates a target account from the user interface, a scheduled job to update target account passwords, or the user could be the expired password processor.
Account Requests
This report lists A2A account password retrieval requests. This report returns the following information:
  • Date:
    Select a
    Quick Date
    (such as This Month) or
    Start
    and
    End Date
    of the update. (Filterable)
  • Target Alias Name:
    The name of the target alias. (Filterable)
  • Execution User ID:
    The ID of the execution user. (Filterable)
  • Request Server Host Name:
    The name of the request server host. (Filterable)
  • Request Server IP Address:
    The IP address of the request server. (Filterable)
  • Account Access Type:
    The type of account access. (Filterable)
  • Script Name:
    The name of the script.
  • Execution:
    The user who executed this request.
  • Error code:
    The error code generated, if any.
  • Error Description:
    A description of the error code.
Accounts
This report lists target accounts. This report returns the following information:
  • Account Type:
    Synchronized or Unsynchronized. (Filterable)
  • Password State:
    Expired or Not Expired (Filterable)
  • Account:
    Displays the target account name
  • Target Application:
    The name of the target application.
  • Target Server:
    Displays the target server.
  • Password Composition Policy
    Displays the Password Composition Policy.
  • Password Created:
    Displays the date and time the password was created.
  • Max Pwd Age:
    Displays the maximum password age, in days.
  • Password Expiry:
    Displays the date and time the password expires.
  • Synchronized:
    Displays whether the account is synchronized (true) or not (false).
Accounts with Expired Passwords
This report lists accounts with expired passwords. This report returns the following information:
  • Account:
    Displays the account name
  • Target Application:
    The name of the target application. If "unknown", the account referenced application information that was not found. Contact Technical Support for assistance with resolving this issue.
  • Target Server:
    Displays the target server.
  • Password Composition Policy:
    Displays the Password Composition Policy.
  • Password Created:
    Displays the date and time the password was created.
  • Max Pwd Age:
    Displays the maximum password age, in days.
  • Password Expiry:
    Displays the date and time the password expires.
  • Synchronized:
    Displays whether the account is synchronized (true) or not (false).
You cannot filter any parameters for this report.
Accounts with Incorrect Passwords
This report lists accounts whose passwords have not verified. This report returns the following information:
  • Target Server:
    The name of the target server.
  • Target Application:
    The name of the target application. If "unknown", the account referenced application information that was not found. Contact Technical Support for assistance with resolving this issue.
  • Target Account:
    The name of the target account.
  • Last Used:
    The date and time the account was last used.
You cannot filter any parameters for this report.
Administrative Activities
This report lists administrative activities. This report returns the following information:
  • Date:
    Select a
    Quick Date
    (such as This Month) or
    Start
    and
    End Date
    of the update. (Filterable)
  • User:
    The user initiating the activity, such as a PAM administrator user name.
  • Activity:
    List of administrative activity, such as Add, Update, or Delete.
  • Type:
    The type of object that is involved in the activity, such as Target Server, Account, or User.
  • User Name:
    Name of the object that is involved, such as Server IP address, account name, or user name. (Filterable)
  • Details:
    Clarifying details, such as, for example, "Synchronized=true, Device Name=WinServer, Owner User ID=1"
  • Date:
    Select a
    Quick Date
    (such as This Month) or
    Start
    and
    End Date
    of the update.
  • User Name:
    The name of the user.
  • Activity:
    The administrative activities, including Add, Update, or Delete. (Filterable)
  • Type of Object:
    The type of object, including All, A2A Authorization, A2A Request Script or Application, A2A Request Server Default, A2A Request Server, Account History, Password Composition Policy, Password View Policy, Role, Scheduled Job, Server Key, SSH Key Pair Policy, System Property, Target Account, Target Alias, Target Application, Target Server, Target or Request Group, User (Group), or User. (Filterable)
Authorization Mappings
This report lists all authorization mappings. This report returns the following information:
  • Alias/(Group):
    The target alias/group, such as AWS API Proxy Access Accounts,
  • Target Server:
    Displays the target server.
  • Application:
    The name of the target application.
  • Account:
    The name of the account.
  • Request Server (Group)
    The request server and its group, such as AWS API Proxy Clients.
  • Script:
    The script used in the mapping.
You cannot filter any parameters for this report.
Automatically Updated Expired Passwords
This report lists target accounts that are updated to comply with applicable Maximum Age policy. This report returns the following information:
  • Date:
    Select a
    Quick Date
    (such as This Month) or
    Start
    and
    End Date
    of the update. (Filterable)
  • Pass
    : Displays whether the password update was successful.
  • Account
    The corresponding expired account.
  • Target Application:
    The name of the target application. If "unknown", the account referenced application information that was not found. Contact Technical Support for assistance with resolving this issue.
  • Target Server:
    Displays the target server
  • Password Composition Policy:
    Displays the Password Composition Policy.
  • Password Updated:
    Displays whether the password is updated.
  • Max Password  Age:
    Displays the maximum password age, in days.
  • Password Expiry:
    Displays the date and time the password expires.
Cluster State
This report lists cluster state changes. This report returns the following information:
  • Date:
    Select a
    Quick Date
    (such as This Month) or
    Start
    and
    End Date
    of the update. (Filterable)
  • Hostname:
    The name of the cluster host.
  • Activity:
    Lists cluster activity, such as "application cluster started".
  • Members:
    The members of the cluster.
  • Origin Host Name:
    The name of the origin host. (Filterable)
Event Processing Status
This report lists event status for A2A request servers. This report returns the following information:
  • ID:
    The identification of the event, expressed as an integer.
  • Host:
    The name of the host
  • Delete:
    true or false
  • Type:
    Displays the type, such as master or client.
  • Status:
    Display the status, where 1 is successful.
  • Site:
    Displays the site, such as Primary, or the Site ID integer.
  • Oldest:
    Displays the oldest event.
  • Newest:
    Displays the newest event.
  • Last:
    Displays the most recent event
  • New:
    Displays the number of new events.
  • Success:
    Displays the number of successful events.
  • Failed
    Displays the number of failed events.
You cannot filter any parameters for this report.
Failed Password Updates
Lists failed attempts to change an account password. This report returns the following information:
  • Date:
    Select a
    Quick Date
    (such as This Month) or
    Start
    and
    End Date
    of the update. (Filterable)
  • Target Account Name:
    The name of the target account. (Filterable)
  • Changes By:
    The User who initiated the password update attempt. (Filterable)
  • Target Server Host Name:
    The name of the target server host. (Filterable)
  • Target Application Name:
    The name of the target application. (Filterable)
  • Account Access Type:
    The type of account access. (Filterable)
  • Password View Policy ID:
    Use the magnifying glass to filter by Password View Policy. (Filterable)
  • Error Code
    : The error code generated, if any.
  • Gen'd:
    Displays whether a password was automatically generated. This value displays TRUE if PAM auto-generated a new password for this password update attempt based on the Password Composition Policy associated with the target application. Otherwise, the column displays FALSE (for example, if a user manually updated the password for a target account, or a scheduled job runs with a manually configured password).
  • Duration:
      The duration of the password update attempt.
List all Target Accounts in a Target Group
Lists all target accounts in the target group specified in the
Target Group Name
field. This report returns the following information:
  • Hostname
    : The hostname of the target account.
  • Application
    : The name of the target application.
  • Account Name
    : The name of the account.
List all Target Applications in a Target Group
Lists all target applications in the target group specified in the
Target Group Name
field. This report returns the following information:
  • Hostname
    : The hostname of the target application.
  • Application Name
    : The name of the target application.
  • Application Type
    : The type of target application.
List all Target Servers in a Target Group
Lists all target servers in the target group specified in the
Target Group Name
field. This report returns the following information:
  • Hostname
    : The hostname of the target server.
  • IP Address
    : The IP address of the target server.
  • Device Name
    : The device name of the target server.
Orphaned Request Servers
Lists all A2A request servers with no activity for one year. This report returns the following information:
  • Request Server:
    The name of the request server
  • IP Address
    The IP address of the request server
  • Active:
    Indicates whether the request server is active (true) or not active (false).
  • Client Type:
    The type of client.
  • OS:
    The operating system of the request server.
  • Date Registered:
    The date of registration.
You cannot filter any parameters for this report.
Privileged Accounts
This report lists privileged accounts. This report returns the following information:
  • Server Hostname:
    Displays the server hostname or IP address.
  • Application:
    The name of the target application.
  • Account:
    Displays the account.
  • Access Type:
    Displays the access type.
  • Date Registered:
    Displays the date the registration.
You cannot filter any parameters for this report.
Requests for Invalid Aliases
This report lists requests for aliases.
  • Date:
    Select a
    Quick Date
    (such as This Month) or
    Start
    and
    End Date
    of the update. (Filterable)
  • Request Server:
    The name of the request server
  • Alias:
    The name of the invalid alias.
  • Script Name:
    The name of the script.
  • Execution:
    The user who executed this request
Scheduled Jobs
This report lists scheduled job results. This report returns the following information:
  • Date:
    Select a
    Quick Date
    (such as This Month) or
    Start
    and
    End Date
    of the update.
  • Job Name:
    The name of the job.
  • Successful:
    Whether the job was successful (true) or not successful (false).
  • Command
    Displays the command involved, such as scheduleReport
  • Repeats
    Displays the job count.
  • Error Message:
    Displays the error message, if any, such as "PAM-CMN-0680: E-mail server/account has not been set."
View Password Requests
This report lists view account password requests from the admin UI. This report returns the following information:
  • Date:
    Select a
    Quick Date
    (such as This Month) or
    Start
    and
    End Date
    of the update. (Filterable)
  • Hostname:
    Displays the hostname for the password request.
  • Application:
    The name of the target application.
  • Account:
    The account making the password requesting the password.
  • Reason:
    Generally displays the reason for the password view entered by the requesting user, if they are required to supply one (because the
    Reason Required for View
    option is set in the password view policy). When integrated with a service desk solution (for example, ServiceNow),
    shows a predefined reason for the password view request provided by the service desk solution.
  • Workflow
    (Returns Retrospective Approval, if selected.)
  • Details:
    Generally displays an additional description of the reason for a password view (optionally supplied by the requesting user if they are required to supply a reason for the password view),  "Not Required", or "Password Viewed".
    When integrated with a service desk solution, it shows details about why the target account is required.
  • Code:
    Generally displays the reason code for a password view (optionally supplied by the requesting user if they are required to supply a reason for the password view). When integrated with a service desk solution, it shows the service desk ticket number.
  • Requestor:
    User who executed this request.