Search Query Options

Privileged Access Management (PAM) can quickly find records that match PAM search criteria. By default, PAM search query finds records by record name, description and a host name on a record.

However, PAM also uses special conventions to look for special record parameters such as permissions, record types or connection method.

This article discusses different queries that could be executed using the PAM search bar located on the record list screen.

The preset PAM search query options are available in drop-down list.

To make user's search more unique, PAM additional multiple search is available there user can add more than one search field or option.

Search-Record-Query.png

Records Visibility

Note that PAM will only display records a currently logged in user has permission to view. However, some of the records a user can view might come from folders the current user has no access to browse. In this case, the user might see records they cannot browse through regular folder hierarchy. For quick access to such records user might use the Search option again.

Alternatively, users can “favorite” these records to access them through Favorites link in the application menu. Yet another way to access visible records located in invisible folders is to use the Shared with Me link to review items shared with the current user from other users.

PAM Manual Search Criteria Options

  1. Search by record name, description or host name.

    Type a search criteria in the PAM search bar, click Search button to find records that contain the search criteria in record name, description or a host name.

  2. Clear search.

    Remove search criteria from PAM search box, click Search button to return to the folder hierarchy browser.

  3. Access Search.

    Type one of the search queries below to the PAM Search bar and then click Search button to find all records the provided USER can view:

    • acl:USER
    • a:USER
    • permissions:USER
  4. Find items with unique permissions.

    Type one of the search queries below to the PAM Search bar and then click Search button to find all folder and records with unique permissions:

    • acl:unique
    • a:unique
    • permissions:unique

    Note that when folder or record has unique permissions changing permissions of the parent of this record does not affect permissions of this item. It is much easier to manage items that inherit permissions from their parents because permissions could be managed in fewer places. Design the permission architecture so that items will naturally fall into the folder hierarchy with few uniquely permissioned folders.

  5. Find records with unique formula.

    Type one of the search queries below to the PAM Search bar and then click Search button to find all records with unique password formula:

    • formula:unique
    • fm:unique

    By default, the record type defines the password formula for all records of this type. However, making a password formula unique for a record to define record-specific formula complexity is possible. When the inheritance of the password formula from the record type is broken, the change of the password formula on the record type level does not affect the complexity formula of the record with a unique password formula. This query is a quick way to find records with unique password formulas to understand the reason behind this uniqueness.

    When many records have similar unique password formulas, it might be easier to create a special record type for the records with a specific password formula to manage formulas in a single place for multiple records.

  6. Find records with unique task set.

    Type one of the search queries below to the PAM Search bar and then click Search button to find all records with unique set of tasks:

    • tasks:unique
    • tm:unique

    By default, record type defines task set for all records of this type. However, it is possible to make a task set unique for a record to define record specific tasks with the scripts and event based execution policy. When inheritance of the task set from the record type is broken the change of the tasks on the record type level does not affect the tasks of the record with unique tasks. This query is a quick way to find records with unique task set to understand the reason behind this uniqueness.

    In the situations when many records have similar unique tasks (including scripts and execution schedule), it might be easier to create a special record type for the records with specific tasks to manage tasks in a single place for multiple records.

  7. Find records by connection type.

    • Type one of the search queries below to the PAM Search bar and then click Search button to find all records with specific connection type such as RDP, SSH or RemoteApp:
    • session:TYPE
    • sm:TYPE
    • Below are some examples of such query:

    • Query sm:RDP will find all RDP records while sm:RemoteApp will find all RemoteApp records.
  8. Find records by record type.

    Type one of the search queries below to the PAM Search bar and then click Search button to find all records with selected record type:

    • type:TYPE
    • t:TYPE
  9. All PAM records are of a certain record type. This query helps to identify all records of a specified record type.

    Below are some examples of such query:

    • Query type:Windows Host will find all Windows Host records while t:Unix Host will find all Unix Host records.
  10. Find archived records.
  11. Type the search query below to the PAM Search bar and then click Search button to find all archived records:

    • arch:
  12. Find folders.

    Type one of the search queries below to the PAM Search bar and then click Search button to find all folders visible to the current user by folder name and description criteria:

    • folder:query
    • folders:query

    Below are some examples of such query:

    • Query folders:auto will find all folders with name or description containing the substring auto.
  13. Find referencing records.

    Type one of the search queries below to the PAM Search bar and then click Search button to find all records visible to the current user by referencing a record found by provided name, description, host and indexed metadata criteria:

    • reference:query
    • ref:query

    Below are some examples of such query:

    • Query ref:Domain Admin will find all records referencing records found by Domain Admin criteria.
  14. Find records using specified record as a shadow account.

    Type one of the search queries below to the PAM Search bar and then click Search button to find all records visible to the current user using a record found by provided name, description, host and indexed metadata criteria as a shadow account for their task execution or password reset scripts:

    • shadow:query
  15. Precise search option to locate exact record match.

    Exact search option to only find records that match the entered search criteria precisely without an automatic assumption of wildcard-based search. This way, the search initiated for 10.0.0.1 will not display 10.0.0.12 or 110.0.0.1 records. To initiate such a search, use enclosing double quotes around search criteria.

    • “10.0.0.1”

    Precise search allows wildcard % specification in the certain position of the criteria. For example, the following criteria will search for all records that start with the provided string:

    • “10.0.0.1%”
  16. Find recently created records.

    Type one of the search queries below to the PAM Search bar and then click Search button to find all recently created records (note that search criteria new: without qualified will default to records created during last hour):

    • new:hour
    • new:day
    • new:week
    • new:month
    • new:
  17. Find records with associated anonymous links.

    Type the search query below to the PAM Search bar and then click Search button to find all records that have associated anonymous links. you can use Audit Log report to review historical data about sharing records using anonymous links including link authors, terms and viewers but the search query below will list records with the currently associated links.

  18. Compound Query Search.

    With Search Type selected as Query the system accepts compound queries including different criteria connected with the predicate AND.

    For example, use the following query to find archived Unix Host records.

    • type:Unix Host AND archived:

    Another example is to find all Windows Host records that contain pass in the name, description or indexed field with permissions granted to UserA.

    • type:Windows Host AND pass AND a:userA
  19. Find records by record ID.

    Type the search query ID:Record-ID to find exact record with the specified ID. The search query will find records by either long and short record IDs.

    • id:RECORD-ID

Multiple Search Criteria Options

Combine two or more search criteria options into a single query for advanced search scenarios.

Compound queries can be entered manually or graphically using the Search Center.

Choose the Query selector and then enter your first search option.

There are drop-down search selectors:

  • Query - find records by query: record name, description or host name.

  • Record- find records by record.

  • Server - find records by used server.

  • Folder - find records by used Folders.

  • Favorites - find records added to Favorites.

  • Permissions - find records by Permissions.

  • Formula - find records by Formula.

  • Tasks - find records with unique task set.

  • Protocol - find records by used protocol.

  • Record Type - find records by record type.

  • Reference Record - find referencing records.

  • Shadow Record - find records using specified record as a shadow account.

  • New - find recently created records.

  • Anonymous Links - find records with associated anonymous links.

  • Orphaned Objects - find orphaned records.

  • Archived Records - find archived records.

  • ID - find records by record ID.

To manually enter a compound search, choose the Query selector and then enter your first search option.

Between this first search and your next, separate them with the predicate AND, OR (in capital letters) if you want to add the parameter of search.

For example, if you want to create a compound query to search for all Windows Host records that contain the value pass in the Name, Description or indexed field with permissions granted to the user jwilliams, enter this into the Query:

type:Windows Host AND pass AND a:jwilliams

XTAM-Multiple-Search-Criteria-Options1.png

And, for example, if you want to create a compound query to search for all Unix Host records that contain the value pass in the Name, Description or indexed field with permissions granted to the user pamadmin, enter this into the Query:

type:Unix Host OR a:pamadmin

To create the same compound search using the graphical Search Center you enter your first Search, then click the plus (+) sign to add the second and finally the plus sign again to add your third. Use (-) button to remote extra condition.

As a last step once your compound search has been created, click the Search button to find your results.

XTAM-Multiple-Search-Criteria-Options2.png