Skip to main content
Question

BeyondTrust Report Capability

  • February 27, 2026
  • 1 reply
  • 40 views
S

Out shop is using BeyondTrust 25.2 and soon upgraded to 25.3  I find the current reporting and analysis is quite limited in terms of functionality.  I would like to see if you faced the same or any other circumventions.  I regarded my requirements quite elementary however, it turns out to my very big despair.

 

In fact, my intention is to produce a holistic entitlement report for review purpose.  Our interest is to export an excel like format with 

 

user id                            list of managed accounts                                       role (requestor/auditor/approver)

 

 

Now, I try to use smart rule details of password safe.   However, the structure of this is totally unacceptable as if you want to download.   100 Smart rules will need to download 200 times which is very time consuming

 

other next, is to associate by table join to group entitlement report as I don’t want reviewers to know which groups and in particular smart groups which are no meaning to them as well as they are not supposed to know what smart groups are for.

 

Your ideas are welcomed.  

 

 

      1 reply

      J
      BeyondTrust Employee
      • jchandler
      • BeyondTrust Employee
      • March 9, 2026

      Hello ​@Stephen_Lee_Sino  

      There is a report (Reports | Password Safe | Entitlement by User)
      This report does list each user and their role and the managed accounts they can access.
      If you filter by all Assets and All Groups you will have a list of all users in PasswordSafe. 

      If you want to export and do additional processing you can export to Excel or CSV. 
      It will export these fields (UserName,RoleName,AccountName,SystemName,Application,UserGroup,SmartRule,AccessPolicy,DedicatedInfo)

      Also we have an entitlements API endpoint if you prefer to automate the process. 

      https://docs.beyondtrust.com/bips/reference/get-api-public-v3-entitlements

      Here is a sample of one of the entitlements from the API call.

      GroupID                            : 5
      Name                               : PAM_Users
      SmartRuleId                        : 2001
      Title                              : All Managed Accounts
      SmartRuleType                      : Account
      AccessLevel                        : Read-Only
      RoleId                             : 1
      RoleName                           : Requestor
      DedicatedAccountPermissionOverride : Request Override
      DedicatedToAppUserID               : 3
      DedicatedToAppUserName             : user3
      IsAdministratorGroup               : 0
      UserID                             : 57
      UserName                           : user1@btsupport.int
      ManagedAccountId                   : 548
      AccountName                        : BTSupport.int\user3-admin
      RationalizedSystemName             : Integration (linked)
      ApplicationName                    : 
      AccessPolicyName                   : Default Auto-Approve Access Policy
      ManagedSystemID                    : 264
      ApplicationID 

      If you have any questions please let me know. 

       

      Regards,

      John

        Badge Earners

        • BCA: Password Safe
          amendezhas earned the badge BCA: Password Safe
        • BCA: Password Safe
          Hashan_Nethhas earned the badge BCA: Password Safe
        • BCA: Remote Support
          JLiedtkehas earned the badge BCA: Remote Support
        • BCA: Endpoint Privilege Management - Windows
          RinusNhas earned the badge BCA: Endpoint Privilege Management - Windows
        • BCA: Password Safe
          Sureshhas earned the badge BCA: Password Safe
        Show all badges
        Terms & ConditionsCookie settingsAccessibility statement