USER_ATTR Class
Each record in the USER_ATTR class defines the valid user attributes of a CA SSO user directory.
capamsc141
Each record in the USER_ATTR class defines the valid user attributes of a CA SSO user directory.
The following definitions describe the properties contained in this class record. Most properties are modifiable and can be manipulated using selang or the administration interfaces. Non-modifiable properties are marked
informational
.- ATTR_PREDEFSThe list of allowed values for a specific attribute.
- ATTRNAME(Informational). The name of the attribute.
- COMMENTDefines additional information that you want to include in the record.Privileged Access Managerdoes not use this information for authorization.Limit:255 characters.
- CREATE_TIME(Informational) Displays the date and time when the record was created.
- DBFIELDThe name of the field in the userdir database. Since different databases can contain different attributes, the attribute fields should be synchronized.
- FIELDID(Informational). The ID of the DB field
- OWNERDefines the user or group that owns the record.
- PARAMETER_TYPEIndicates whether the user attribute is a string or numeric.
- PRIORITYThe priority of the user attribute: when setting an authorization rule to a PARAM_RULE object (such as APPL, URL) the rule is defined with the priority that the user attribute refers to.
- RAUDITDefines the types of access events thatPrivileged Access Managerrecords in the audit log. RAUDIT derives its name fromResourceAUDIT. Valid values are:
- allAll access requests.
- successGranted access requests.
- failureDenied access requests (default).
- noneNo access requests.
Privileged Access Managerrecords events on each attempted access to a resource, and does not record whether the access rules were applied directly to the resource, or were applied to a group or class that had the resource as a member.Use the audit parameter of the chres and chfile commands to modify the audit mode. - UPDATE_TIME(Informational) Displays the date and time when the record was last modified.
- UPDATE_WHO(Informational) Displays the administrator who performed the update.
- USER_DIR_PROP(Informational). The name of the user's directory.
- USERATTR_FLAGSContains information about the attribute. The flag can contain the following values:
- aznchk-Indicates whether to use this attribute for authorization.
- predef(predefined),freetex(free text), oruserdir(user directory)-These three values specify the source of the user attributes.
- userorgroup-These values indicate whether the attribute (accessor) is a user or a group.
- WARNINGSpecifies whether Warning mode is enabled. When Warning mode is enabled on a resource, all access requests to the resource are granted, and if an access request violates an access rule, a record is written to the audit log.