Note: Privacy Settings can be viewed and modified only by privileged administrators.
PAM360 provides enhanced security options to its users while generating canned reports and exporting files from PAM360 in the below two ways:
1. Privacy Controls
To enhance privacy within the product, PAM360 helps you customize and control the inclusion of personal data in canned reports' generation processes. Canned reports are preformatted reports generated by PAM360 that are available to users for visual analysis. You can decide whether each personal data input in PAM360 should go as masked entries in the reports or be completely removed from them.
To format the inclusion of personal data in the reports, follow the below steps.
- Navigate to Admin >> Settings >> Privacy Settings >> Privacy Controls.
- You'll find four categories with all their respective data listed under Personal Data column.
- Select the checkbox(es) under Enable Privacy column for all the data you want to be masked or redacted from the reports.
- If you select Redact adjacent to the selected data, PAM360 will omit the data completely from all canned reports. You can choose this option for the data you don't want to be generated in the reports.
- If you select Mask adjacent to the selected data, PAM360 will simply mask the data in the reports. The data will be denoted by asterisks in the reports generated. Note that masked data in the reports can be unmasked for view by clicking them while accessing the reports' online versions.
- Once you have made the necessary choices, click Save.
- You can generate a canned report and test the visibility of the selected personal data in it by navigating to Reports and generating a canned report of your choice.
- You'll notice that the data you chose to be redacted has not been generated in the report, and the data you chose to be masked has been denoted by asterisks. You can click on the masked data in order to view them. However, they'll remain masked when you export the report as a PDF or an XLS file.
Note: This feature is available only for generating canned reports and not for custom or query reports.
2. Encrypted Exports
In order to protect all the exported files across PAM360 with a password, you can either set a single password which will be uniformly used for all export operations or allow the users to set their own passwords for the files they export. In order to do so, please follow the steps below:
- Navigate to Admin >> Settings >> Privacy Settings >> Encrypted Exports.
- Select the checkbox for "Enable automatic encryption of all exports from Resources, Groups, Audit, and Reports." This will enable you to set a common password for all the exported files in two ways.
- Manually specify a passphrase: You can choose this option to manually enter a passphrase for encrypting your files.
- Use the password of an account stored in PAM360: You can choose this field to select the password of any account added in PAM360, by choosing the respective resource and the corresponding account from the drop-down menu. Using the password of a stored account will enable you to define password policies, effect regular resets, and also maintain password history for export operations.
- In addition, you can also allow the users to set their own passphrase for encrypting an exported file by choosing the checkbox for Allow users to supply their own passphrase.
- Click Save.
- Enabling encryption for exports will apply only to the following export operations:
- Resources and resource groups export to XLS file
- Audit export to PDF and CSV files
- Reports export to PDF and XLS files
The option to export resources and resources groups as an encrypted HTML file is excluded here since HTML file encryption is a default setting in PAM360, unlike the aforementioned export operations which are not password protected by default.
- Encrypted exports setting applies only for users' enterprise resources and not their personal data stored under the Personal tab. Files exported from the personal section in PAM360 will instead be protected with the passphrase that the user supplied earlier to be used as their exclusive encryption key.