Privileged Access Management (PAM) became widely used in early 2000s to manage super user accounts like root on Unix and Linux and Administrator in Windows.
First generation PAM stores passwords in vault. The vaulted passwords are used through the PAM solution. The reason were compliance for data security by rotating passwords and limiting access rights of the users having earlier had unlimited access to data.
Second generation PAM were proxy servers using role based access control (RBAC) enabling automation in managing super user and admin accounts. These PAMs allow administrators to access high-value assets without knowledge of the password. The vault manages the super user access on behalf of the user whoo never sees the password. PAM records session data and supports network segmentation.
Administrative account separation was introduced by Microsoft.
All users have normal user accounts. Administrator and root accounts are used on-demand only to implement the least privilege principle. Microsoft promotes now Privileged Identity Management (PIM) which is adequate in small to medium environments. Large and critical systems need better access control. The difference is the same as between the lock at bank's from door and the entry control to the vault.
