Privileged Account Management (PAM) Initiative

What is PAM?

Within IT systems, “privileged” accounts are those that have the ability to perform elevated functions such as system control/administration, system monitoring, and elevated data access.  Privileged accounts are considered highly sensitive due to the inherent risk of their misuse, with potential consequent exposure to sensitive data. PAM is all about the management and protection of these privileged accounts.


PAM is considered a specialized use case of Identity and Access Management (IAM).  PAM is typically performed across a set of technologies that span the following functionalities:

  • Shared Account Password Management (SAPM), for managing shared administrative accounts for operating systems, databases, etc. (e.g. the root account in Linux/Unix, the administrator account in Windows).
  • Superuser Privilege Management (SUPM), for managing elevated access and permissions for named super users (e.g. IT system administrators who perform elevated commands using their personal named accounts).
  • Application-to-Application Password Management (AAPM), for managing passwords of application-to-application or application-to-database service accounts.
  • Monitoring and auditing the activity/usage of privileged accounts, including real time session recording.

Initiative Information

Implementation of the Hitachi ID Privileged Access Manager solution represents a parallel step in the University’s ongoing IAM initiative.  Hitachi was selected via campus RFP in 2015.   Go-live timeframe is tentatively slated for Fall 2016.

Please view the PAM Roadmap (PDF) for more information about how PAM works and for initiative timelines/information.

PAMroadmap