Question

PASM - Restrict managed account acces to API

Forum|Forum|1 month ago
May 11, 2026
4 replies
66 views

Forum|alt.badge.img

+1

mcapitanich
Apprentice

Hi community,

I have an integrated PASM environment deployed in Pathfinder. I have a group of dedicated admin accounts that I want to make available to a specific group of users.

I configured requester permissions for this user group over the dedicated admin account smart group. The access policy is configured for auto-approval.

I want to prevent users from requesting the password directly from the Password Safe user console, so they cannot access the servers without using PRA. To achieve this, I enabled the “API Only Access” option in the access policy, but the users are still able to request the accounts through Password Safe.

I verified that:

The users belong to only one user group.
The only smart group with configured permissions is the one described above.

Am I missing something, or is there another way to restrict managed account access?

Thank you.

Howard
BeyondTrust Employee
Forum|Forum|1 month ago
May 13, 2026

Check what features are enabled for this Group. It should only have the Password Safe Account Management.

Like

Forum|alt.badge.img

+1

mcapitanich
Author
Apprentice
Forum|Forum|1 month ago
May 15, 2026

Hi,

The only feature enable in the group is the Secret Safe one. I don’t think this is the reason why they have request access to the accounts.

Like

Forum|alt.badge.img

feralton
Trailblazer
Forum|Forum|26 days ago
May 21, 2026

Hi @mcapitanich .

There is an access policy that is allowed the user request by password. Could you send me a print of password submit request (like print below)?

Thank you.

Like

GloriaB
BeyondTrust Employee
Forum|Forum|25 days ago
May 22, 2026

How to restrict users from viewing passwords when Password Safe and PRA are integrated

Like