Credential Manager Roles and Privileges for Running Reports

You require a Credential Manager role with sufficient privileges to run Credential Manager Reports. The preconfigured Credential Manager ViewReports role has the following default privileges:
capam32
You require a Credential Manager role with sufficient privileges to run Credential Manager Reports. The preconfigured Credential Manager ViewReports role has the following default privileges:
  • Event Processing Status
  • Generate Report
  • List Reports
  • Schedule Report
A user with the preconfigured ViewReports role can run the following set of Credential Manager reports:
  • Accounts
  • Accounts with Expired Passwords
  • Accounts with Incorrect Passwords
  • Authorization Mappings
  • Automatically Updated Expired Passwords
  • Event Processing Status
  • Orphaned Request Servers
  • Privileged Accounts
  • Request for Invalid Aliases
  • Scheduled Jobs
  • View Password Requests
To run the other reports, a user requires a role with the default ViewReports privileges
and
the following permissions, as applicable:
Report Name
Required Additional Privileges
Account Passwords Update Attempts
  • Search Target Account
  • Search Target Server
  • Search Target Application
  • Search Password View Policy
Account Requests
  • List Target Aliases
  • List A2A Clients
Administrative Activities
  • Search Role
Cluster State
  • Search Target Server
Failed Passwords Updates
  • Search Target Account
  • Search Target Server
  • Search Target Application
  • Search Password View Policy
List all target accounts in a target group
  • List Target Groups
List all target applications in a target group
  • List Target Groups
List all target servers in a target group
  • List Target Groups
To configure a role with additional privileges, create a role (or roles) with the default ViewReports privileges
and
the new privileges. For details on how to add a new role, see Add or Modify Credential Manager Roles.
For example, the following screenshot shows a new custom "ViewAllReports" role that has privileges to run all reports.
image2019-3-12_16-19-24.png
If you also want a user with this role to be able to view passwords on the
Access
screen, also add the following privileges:
  • Get Password View Policy
  • View Account Password
  • Get Target Account