PAM Command risk


I am trying to block a set of commands on a database. I tried with Command Risk, but the user executes the command and after is blocked. It is possible to block the command before is executed? The connector is in Proxy mode.

  • Hi DanteOR,

    I am not sure actually whether what you are proposing could be implemented or not, but surely it is a better idea to block the command before being executed, not to block the user after his command has been executed, since there are some commands that can do a quick damage before the user being blocked (i.e. deleting a database table). So blocking after the damage has occurred does not make any sense.

    By the way would you share with me how you did block SQL commands ?

    It would be appreciated since I have recently been working on implementing some PAM features (video session recording, AppSSO), and I would like to add this feature as well.

    Thank you in advance.
  • Hello  MoeBarada,

    I blocked the SQL commands using the Command Risk feature(Eg. *DELETE*). But the problem is that the user is blocked after the damage has been done. I'm trying to find a way to block the user before the command is executed. I didn't find anything in the documentation. 

  • I also did not find a solution for that in the documentation, I suggest PAM technical team enhance this feature in future releases, since it is critical.

    It is the same thing regarding the video feature: you can start watching what the user is doing (using the video playback feature) only after 1 min (or 2 mins depending on your video length configuration), so one minute is a very long time to do bad things, thus you cannot disconnect the user immediately after noticing bad behavior. This feature should be enhanced to "live streaming" so you can do better control.

    Btw did you specify an integer for the command risk ? (i.e. 1 or 9).

    Thank you again.
  • Yes. 9 because in the documentation is the highest risk.


  • Alright DanteOR, thanks and good luck ...
  • can you help me for what details you fill in Remote connection details.