Return
-
Title
Error: "There are not enough individuals authorized to approve Password request for system / account. Privileged Access can not bypass this condition" -
Description
Error when attempting to request a password using the PAC (Privileged Access) permission: "There are not enough individuals authorized to approve Password request for system / account. Privileged Access can not bypass this condition. Please contact an administrator for assistance."
-
Cause
Change in 2.5.920 behaviour, for proper request notification processing, even though a user with PAC permissions does not require approvals there must still be enough approvers available based on the current settings for the account or file being requested.
From the 2.5.920 release notes
"10053
PAC (Privileged Access) users allowed to request and access password, even if the number of required approvers for the account are not assigned. "
From the Administrator Guide:"With a PAC permission type, the user must go through the request process for passwords, files, and sessions but after they submit the request it is automatically approved, regardless of the number of approvers required.Even though a user with PAC permissions does not require approvals, there must still be enough approvers configured to approve the request, based on the required approvals settings for the account." -
Resolution
Ensure that the amount of Approvers assigned on the account is greater or equal to the "Approvals Required" set on the account. Note the number of approvers may also be enforced at the Access Policy level via the "Min. Approvers" value.Use batch update permissions to assign an approver to these accounts (to meet the minimum number of approvers and avoid the warning message regarding minimum number of approvers). A dummy approver contact could be assigned if you do not need a real person to be notified.