Assigned
Status Update
No update yet.
Comments
ba...@google.com
ka...@google.com
Hello,
Thank you for reaching out. I'm going to create an internal feature request. Please keep in mind that this feature request has to be analyzed and considered by the product team and I can't provide you ETA for it to be delivered. However, you can keep track of the status by following this thread.
Description
Privileged Access Manager should be aware of open sessions (SSH, kubectl exec etc.) and end them once the grant ends or is revoked.
How this might work:
1. Create a set of entitlements that are granted for a limited time.
2. For example, a principal requests and is granted the Kubernetes Cluster Admin role.
The principal uses kubectl exec command to log into a Pod.
3. The grant ends.
4. If the principal tries to execute a command, they get the appropriate permission denied.
5. But the session to the Pod is still open.
6. PAM should close such sessions.