What Is Privileged Access Management?
Privileged Access Management (PAM) is the discipline and toolset for securing, controlling, and monitoring access for privileged accounts: the domain admins, root credentials, database superusers, and service accounts that can make sweeping changes across an environment. A PAM platform stores those credentials in an encrypted vault, rotates them on a schedule or after use, and brokers access so a human or process never has to know the underlying secret directly.
PAM programs typically add session recording (a full record of what happened during a privileged session), just-in-time elevation (granting privilege only for the duration a task requires, then revoking it), and approval workflows for high-risk actions. The goal is to shrink the window during which a privileged credential is usable, exposed, or unmonitored.
PAM protects the accounts it has been told to protect. Onboarding a new account into the vault is a deliberate step, typically triggered by a security review, an audit finding, or a change ticket, which means coverage grows only as fast as an organization identifies and nominates new privileged accounts for vaulting.