USER_ATTR Class

Each record in the USER_ATTR class defines the valid user attributes of a CA SSO user directory.
capamsc141
Each record in the USER_ATTR class defines the valid user attributes of a CA SSO user directory.
The following definitions describe the properties contained in this class record. Most properties are modifiable and can be manipulated using selang or the administration interfaces. Non-modifiable properties are marked
informational
.
  • ATTR_PREDEFS
    The list of allowed values for a specific attribute.
  • ATTRNAME
    (Informational). The name of the attribute.
  • COMMENT
    Defines additional information that you want to include in the record.
    PAM Server Control
    does not use this information for authorization.
    Limit:
    255 characters.
  • CREATE_TIME
    (Informational) Displays the date and time when the record was created.
  • DBFIELD
    The name of the field in the userdir database. Since different databases can contain different attributes, the attribute fields should be synchronized.
  • FIELDID
    (Informational). The ID of the DB field
  • OWNER
    Defines the user or group that owns the record.
  • PARAMETER_TYPE
    Indicates whether the user attribute is a string or numeric.
  • PRIORITY
    The priority of the user attribute: when setting an authorization rule to a PARAM_RULE object (such as APPL, URL) the rule is defined with the priority that the user attribute refers to.
  • RAUDIT
    Defines the types of access events that 
    PAM Server Control
    records in the audit log. RAUDIT derives its name from
    R
    esource
    AUDIT
    . Valid values are:
    • all
      All access requests.
    • success
      Granted access requests.
    • failure
      Denied access requests (default).
    • none
      No access requests.
    PAM Server Control
     records events on each attempted access to a resource, and does not record whether the access rules were applied directly to the resource, or were applied to a group or class that had the resource as a member.
    Use the audit parameter of the chres and chfile commands to modify the audit mode.
  • UPDATE_TIME
    (Informational) Displays the date and time when the record was last modified.
  • UPDATE_WHO
    (Informational) Displays the administrator who performed the update.
  • USER_DIR_PROP
    (Informational). The name of the user's directory.
  • USERATTR_FLAGS
    Contains information about the attribute. The flag can contain the following values:
    • aznchk-
      Indicates whether to use this attribute for authorization.
    • predef
      (predefined),
      freetex
      (free text), or
      userdir
      (user directory)-These three values specify the source of the user attributes.
    • user
      or
      group-
      These values indicate whether the attribute (accessor) is a user or a group.
  • WARNING
    Specifies whether Warning mode is enabled. When Warning mode is enabled on a resource, all access requests to the resource are granted, and if an access request violates an access rule, a record is written to the audit log.