Task Delegations (SUDO) Properties
Use the Task Delegations (SUDO class) properties windows for creating, modifying, or viewing a record of this class. Each task delegation identifies a command for which a user can borrow permissions from another user using the sesudo command.
cminder12901
Use the Task Delegations (SUDO class) properties windows for creating, modifying, or viewing a record of this class. Each task delegation identifies a command for which a user can borrow permissions from another user using the sesudo command.
This window contains the following fields in the General tab:
- NameDefines the name of the resource. This name is used instead of the command name when a user executes the commands in the SUDO record.
- DataThe command that sesudo executes. The string can contain the command and also permitted and prohibited parameters.Limit:255 alphanumeric characters
- OwnerDefines the owner of a record.
- Target UserIndicates the target uid. You borrow the permission of the user to execute commands. The default user is root.
- Interactive(Windows only) Specifies that the application you run using sesudo is an interactive Windows application (for example, notepad.exe or cmd.exe) and not a service application. An application that is not configured as interactive, runs in the background.Some Windows application fails to run in the foreground because of a Windows limitation.
This window contains the following fields in the Default Access tab:
- PermissionsDefines the default access authority for the resource. The default access is granted to accessors who match either of the following criteria:
- Are not defined to CA Privileged Identity Manager
- Do not appear in the ACL of the resource.
This window contains the following fields in the Authorize tab:
- AccessorsDefines the access control list (ACL) for the resource. This list specifies accessors (users and groups) with a specified access authority, and the conditions for that access.Each element in the access control list contains the following information:
- AccessorDefines an accessor.
- CalendarDefines a calendar in Unicenter TNG that governs the access authority of the accessor.
- ProgramDefines a record in the PROGRAM class, either specifically or by wildcard pattern matching. The program definition limits the access authority of the accessor to the resource to when the specified program makes the access request.
- ACLDefines the access authority that the accessor has to the resource.
This window contains the following fields in the Audit tab:
- Audit ModesDefines the types of access events that CA Privileged Identity Manager records in the audit log. You can select any combination of the following activities:
- Audit SuccessGranted access requests
- Audit FailureDenied access requests (default).
- Warning ModeSpecifies whether Warning mode is enabled. When Warning mode is enabled on a resource, all resource access requests are granted. If an access request violates an access rule, a record is written to the audit log.
This window contains the following fields in the Time Restrictions tab:
- CalendarRepresents a Unicenter TNG calendar object for user, group, and resource restrictions in CA Privileged Identity Manager. CA Privileged Identity Manager retrieves Unicenter TNG active calendars at specified time intervals.
- Days RestrictionDefines the native day restrictions that govern when an accessor can access the resource.
- RestrictionsDefines the native time restrictions that govern when an accessor can access the resource.
This window contains the following fields in the B1 Features tab:
- Select B1 FeaturesSpecifies the available security categories and the ones that are selected for the resource.
- B1 LabelsSpecifies the security label that is applied to the resource.
- Security LevelSpecifies the security level that is applied to the resource.Limit:An integer from 1 through 255
This window contains the following fields in the Information tab:
- Update TimeDisplays the date and time when the record was last modified.
- Updated ByDisplays the administrator who performed the update.
- Create TimeIndicate the date and time when a record gets created.