Privileged Access Manager (PAM) helps you on your journey towards least privilege and helps mitigate risks tied to privileged access misuse or abuse. PAM allows you to shift from always-on standing privileges towards on-demand access with just-in-time, time-bound, and approval-based access elevations. PAM allows IAM administrators to create entitlements that can grant just-in-time, temporary access to any resource scope. Requesters can explore eligible entitlements and request the access needed for their task. Approvers are notified when approvals await their decision. Streamlined workflows facilitated by using PAM can support various use cases, including emergency access for incident responders, time-boxed access for developers for critical deployment or maintenance, temporary access for operators for data ingestion and audits, JIT access to service accounts for automated tasks, and more.
While this library isGA, please note that the Google Cloud C++ client libraries donotfollowSemantic Versioning.
Quickstart
The following shows the code that you'll run in thegoogle/cloud/privilegedaccessmanager/quickstart/directory, which should give you a taste of the Privileged Access Manager API C++ client library API.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-09-04 UTC."],[[["\u003cp\u003eThis webpage provides documentation for the Privileged Access Manager (PAM) API C++ client library, which enables developers to integrate PAM's on-demand, just-in-time access capabilities into their applications.\u003c/p\u003e\n"],["\u003cp\u003eThe PAM API allows for the creation of entitlements that grant temporary, time-bound access to resources, supporting various use cases like emergency access, time-boxed maintenance, and just-in-time access for service accounts.\u003c/p\u003e\n"],["\u003cp\u003eThe primary class for interacting with the API is \u003ccode\u003eprivilegedaccessmanager_v1::PrivilegedAccessManagerClient\u003c/code\u003e, and the documentation covers how to use this class and the available RPC methods.\u003c/p\u003e\n"],["\u003cp\u003eThe library is in GA status but does not adhere to Semantic Versioning.\u003c/p\u003e\n"],["\u003cp\u003eThe latest version of the reference documentation is for version 2.37.0-rc, and the page also provides links to reference documentation for several prior releases.\u003c/p\u003e\n"]]],[],null,["Version 2.33.0keyboard_arrow_down\n\n- [2.42.0-rc (latest)](/cpp/docs/reference/privilegedaccessmanager/latest)\n- [2.41.0](/cpp/docs/reference/privilegedaccessmanager/2.41.0)\n- [2.40.0](/cpp/docs/reference/privilegedaccessmanager/2.40.0)\n- [2.39.0](/cpp/docs/reference/privilegedaccessmanager/2.39.0)\n- [2.38.0](/cpp/docs/reference/privilegedaccessmanager/2.38.0)\n- [2.37.0](/cpp/docs/reference/privilegedaccessmanager/2.37.0)\n- [2.36.0](/cpp/docs/reference/privilegedaccessmanager/2.36.0)\n- [2.35.0](/cpp/docs/reference/privilegedaccessmanager/2.35.0)\n- [2.34.0](/cpp/docs/reference/privilegedaccessmanager/2.34.0)\n- [2.33.0](/cpp/docs/reference/privilegedaccessmanager/2.33.0)\n- [2.32.0](/cpp/docs/reference/privilegedaccessmanager/2.32.0)\n- [2.31.0](/cpp/docs/reference/privilegedaccessmanager/2.31.0)\n- [2.30.0](/cpp/docs/reference/privilegedaccessmanager/2.30.0)\n- [2.29.0](/cpp/docs/reference/privilegedaccessmanager/2.29.0)\n- [2.28.0](/cpp/docs/reference/privilegedaccessmanager/2.28.0)\n- [2.27.0](/cpp/docs/reference/privilegedaccessmanager/2.27.0) \n\nPrivileged Access Manager API C++ Client Library\n================================================\n\nAn idiomatic C++ client library for the [Privileged Access Manager API](https://cloud.google.com/iam/docs/pam-overview).\n\nPrivileged Access Manager (PAM) helps you on your journey towards least privilege and helps mitigate risks tied to privileged access misuse or abuse. PAM allows you to shift from always-on standing privileges towards on-demand access with just-in-time, time-bound, and approval-based access elevations. PAM allows IAM administrators to create entitlements that can grant just-in-time, temporary access to any resource scope. Requesters can explore eligible entitlements and request the access needed for their task. Approvers are notified when approvals await their decision. Streamlined workflows facilitated by using PAM can support various use cases, including emergency access for incident responders, time-boxed access for developers for critical deployment or maintenance, temporary access for operators for data ingestion and audits, JIT access to service accounts for automated tasks, and more.\n\nWhile this library is **GA** , please note that the Google Cloud C++ client libraries do **not** follow [Semantic Versioning](https://semver.org/).\n\n### Quickstart\n\nThe following shows the code that you'll run in the `google/cloud/privilegedaccessmanager/quickstart/` directory, which should give you a taste of the Privileged Access Manager API C++ client library API. \n\n #include \"google/cloud/privilegedaccessmanager/v1/privileged_access_manager_client.h\"\n #include \"google/cloud/location.h\"\n #include \u003ciostream\u003e\n\n int main(int argc, char* argv[]) try {\n if (argc != 2) {\n std::cerr \u003c\u003c \"Usage: \" \u003c\u003c argv[0] \u003c\u003c \" project-id\\n\";\n return 1;\n }\n\n auto const location = google::cloud::Location(argv[1], \"global\");\n\n namespace pam = ::google::cloud::privilegedaccessmanager_v1;\n auto client = pam::PrivilegedAccessManagerClient(\n pam::MakePrivilegedAccessManagerConnection());\n\n for (auto r : client.ListEntitlements(location.FullName())) {\n if (!r) throw std::move(r).status();\n std::cout \u003c\u003c r-\u003eDebugString() \u003c\u003c \"\\n\";\n }\n\n return 0;\n } catch (google::cloud::Status const& status) {\n std::cerr \u003c\u003c \"google::cloud::Status thrown: \" \u003c\u003c status \u003c\u003c \"\\n\";\n return 1;\n }\n\n### Main classes\n\nThe main class in this library is [`privilegedaccessmanager_v1::PrivilegedAccessManagerClient`](/cpp/docs/reference/privilegedaccessmanager/2.33.0/classgoogle_1_1cloud_1_1privilegedaccessmanager__v1_1_1PrivilegedAccessManagerClient). All RPCs are exposed as member functions of this class. Other classes provide helpers, configuration parameters, and infrastructure to mock [`privilegedaccessmanager_v1::PrivilegedAccessManagerClient`](/cpp/docs/reference/privilegedaccessmanager/2.33.0/classgoogle_1_1cloud_1_1privilegedaccessmanager__v1_1_1PrivilegedAccessManagerClient) when testing your application.\n\n### More Information\n\n- [Error Handling](https://cloud.google.com/cpp/docs/reference/common/latest/common-error-handling.html) - describes how the library reports errors.\n- [How to Override the Default Endpoint](/cpp/docs/reference/privilegedaccessmanager/2.33.0/privilegedaccessmanager-override-endpoint) - describes how to override the default endpoint.\n- [How to Override the Authentication Credentials](/cpp/docs/reference/privilegedaccessmanager/2.33.0/privilegedaccessmanager-override-authentication) - describes how to change the authentication credentials used by the library.\n- [Override Retry, Backoff, and Idempotency Policies](/cpp/docs/reference/privilegedaccessmanager/2.33.0/privilegedaccessmanager-override-retry) - describes how to change the default retry policies.\n- [Environment Variables](/cpp/docs/reference/privilegedaccessmanager/2.33.0/privilegedaccessmanager-env) - describes environment variables that can configure the behavior of the library."]]
