Privacy Settings

PAM360 provides robust security features to safeguard sensitive information when generating canned reports and exporting files. With built-in options for privacy control and encrypted exports, PAM360 allows users to control how personal information is handled in reports and ensures that all exported files are securely protected. These features are designed to meet the varying needs of organizations by offering flexibility in managing data privacy and export security. By leveraging these features, administrators can maintain high standards of data protection while generating and sharing critical information. The following topics are covered in detail in this help document:

1. Privacy Controls
2. Encrypted Exports

1. Privacy Controls

PAM360 allows you to enhance privacy by customizing how personal data is handled during the generation of canned reports. These pre-formatted reports are available for users to analyze data visually. You have the option to either mask personal data (display it as asterisks) or redact it entirely from the reports.

Follow the steps detailed below to configure the privacy settings for canned reports:

1. Navigate to Admin >> Server Hardening >> Privacy Settings >> Privacy Controls. On the Privacy controls section under the Personal Data column, you will find various data categories such as Users, Resources, SSH Keys, and SSL Certificates as different tabs.
2. Under the Enable Privacy column, enable the checkbox beside the desired data you wish to modify, then choose Redact or Mask based on your preference.
1. Redact - Choosing Redact will completely omit the selected data from all canned reports. You can choose this option for the data you do not want to be included in the reports.
2. Mask - Choosing Mask will mark the selected data in asterisks in the canned reports. While accessing the reports online, you can view the masked data by clicking on it. However, it will remain masked in exported PDFs and XLS files.
3. After making the necessary changes, click Save to save the configured settings.
   

You can test the visibility of the selected personal data by generating a canned report.

Navigate to Reports and create a canned report of your choice. You will see that the data you chose to redact will not appear in the report, while the data you opted to mask will be shown as asterisks. You can click on the masked data to view it online, but it will remain masked in exported PDFs and XLS files.

2. Encrypted Exports

To protect all exported files from PAM360 with a password, you can either set a single password for all export operations or allow users to set their own passwords for the files they export. Follow the steps given below to configure encryption for exports:

1. Navigate to Admin >> Server Hardening >> Privacy Settings >> Encrypted Exports.
2. Tick the checkbox "Enable automatic encryption of all exports from Resources, Groups, Audit, and Reports" to set a global password for all the files exported from PAM360. You can set the global encryption password in two ways:
1. Manually specify a passphrase - Enter a passphrase manually to encrypt your files.
   
2. Use the password of an account stored in PAM360 - Select this option to use a password stored in PAM360. From the Resource Name and Account Name fields, choose the corresponding resource and account containing the desired password. This option allows you to use a password defined by the existing password policies, effect periodic password resets, and maintain a password history.
   
3. Additionally, you can  allow users to supply their own passwords during exports by enabling the "Allow users to supply their own passphrase" checkbox.
4. Click Save to save the configured settings.