User Properties, General Tab

The General tab of the user properties window displays general properties of the user record.
cminder12901
The General tab of the user properties window displays general properties of the user record.
The General tab contains the following fields in the General section:
  • User Name
    Defines the name of the user, as entered by the user when logging in to the system.
  • From Domain
    (Windows only) Opens a dialog that lets you select a domain that the user belongs to. CA Privileged Identity Manager Endpoint Console then prefixes the domain to the user name.
  • Environment
    Specifies the environment that the accessor belongs to. 
    Values: AC, native, or both
    When you modify an accessor that the accessor is only defined in one environment, click Add to add the accessor to the other environment.
  • Full Name
    Defines the full name that is associated with the accessor. CA Privileged Identity Manager uses the full name to identify the accessor
     
    in audit log messages, but not for authorization.
    Limit:
     47 alphanumeric characters
  • Description
    Defines information that you want to include in the record. CA Privileged Identity Manager does not use this information for authorization.
    Limit:
     255 characters
The General tab contains the following fields in the Access Control section:
  • Password Interval
    Defines the maximum time in days between password changes for the user.
    Limit:
     An integer from 1 through 65535
    This value in a user record overrides the value in a group record. Both override the user password policy.
  • Minimum Time
    Defines the minimum time in days that are permitted between password changes for the user.
    Limit:
     An integer from 1 through 65535.
    This value in a user record overrides the value in a group record. Both override the user password policy.
  • Policy Model
    Defines the PMDB that receives new passwords when you change user passwords.
    If this value is defined, CA Privileged Identity Manager fails to send passwords to the parent or password Policy Models defined in the configuration settings.
The General tab contains the following fields in the User Attributes section:
  • Owner
    Defines the owner of a record.
  • Profile
    Defines a profile group that a user is associated with.
  • User Types
    Specifies the user global authorization attributes. Each global authorization attribute permits the user to perform certain types of functions. A user can have one or more of the following global authorization attributes:
    • Administrator
      Specifies that the user can perform administrative functions, similar to a native superuser.
    • Auditor
      Specifies that the user can monitor the system, user can list information in the database, and user can set the audit mode for existing records.
    • Operator
      Specifies that the user can list everything in the database and user can use the secons utility.
    • Password Manager
      Specifies that the user can modify the password settings of other users. The user can also enable a user account that the serevu utility disables.
    • Server
      Specifies that a process can ask the user for authorization and can issue the SEOSROUTE_VerifyCreate API call.
    • Ignore Holiday
      Specifies that the user can log in during any time that is defined in a holiday class record.
The General tab contains the following fields in the Account section:
  • Account
    Defines the date on which an accessor becomes invalid.
    This value in a user record overrides the value in a group record. Both override the user password policy.
  • Suspend On
    Defines the date on which a user account is suspended and so becomes invalid.
    If the suspend date for a record precedes its resume date, the user can work before the suspend date and after the resume date.
    Image1.JPG
    If a user has a resume date is earlier than the suspend date, then the record is also invalid
     before
     the resume date. The user can work only between the resume and suspend dates.
    Image2.JPG
    This value in a user record overrides the value in a group record. Both override the user password policy.
  • Resume On
    Defines the date on which a suspended user account resumes (no longer suspended).
  • Use original identity
    Specifies that CA Privileged Identity Manager writes audit records and also make authorization decision depending on the user who checked out an account. But not the privileged account user name.
  • Requires an account checkout prior to login
    Specifies that a user must use automatic login for logging in to the endpoint with this privileged account. The Automatic login feature allows a user to check out a password and automatically log in to an endpoint from CA Privileged Identity Manager Enterprise Console.
The General tab contains the following fields in the Login section:
  • Grace Login
    Defines the number of grace logins a user has after a password expires.
     
    When the number of grace logins exceeds, the user is denied access to the system. The user must contact the system administrator for a new password. If this value is 0, the user cannot log in.
    Limit:
     An integer from 1 through 255
    This value in a user record overrides the value in a group record. Both override the user password policy.
  • Max Login
    Defines the maximum number of concurrent logins that a user is allowed. A zero (0) value indicates that the user can have any number of concurrent logins.
    For a user to log in and administer the database (for example, using CA Privileged Identity Manager Endpoint Console), Max Login must be zero or greater than one. Because CA Privileged Identity Manager considers each task (login, selang, GUI, and so forth) to be a terminal session.
    Limit:
     An integer from 1 through 32767
    This value in a user record overrides the value in a group record. Both override the user password policy.
  • Inactive Days
    Defines the number of days of inactivity that must pass before the system changes the status of a user to inactive. If the account status is inactive, the user cannot log in.
    CA Privileged Identity Manager does not store the status; it calculates the status dynamically. Checks the Last Access Time for the user and compares with the Inactive Days value. Example
    Example:
     If a user is inactive for five days and the Inactive Days value is set to four days, the user is denied access. 
    Limit:
     An integer from 1 through 32767
    This value in a user record overrides the value in a group record. Both override the user password policy.
The General tab contains the following fields in the Personal Information section:
  • Location
    Defines the location of the user. CA Privileged Identity Manager does not use this information for authorization.
  • Country
    Defines the country descriptor for a user. This string is part of the X.500 naming scheme. CA Privileged Identity Manager does not use this information for authorization.
  • Organization
    Defines the organization in which the user works. This string is part of the X.500 naming scheme. CA Privileged Identity Manager does not use this information for authorization.
  • Organization Unit
    Defines the organizational unit in which the user works. This string is part of the X.500 naming scheme. CA Privileged Identity Manager does not use this information for authorization.
  • Phone
    Defines the telephone number for the user. CA Privileged Identity Manager does not use this information for authorization.
  • Email
    Defines the email address of the user.
    Limit:
     128 characters
The General tab contains the following fields in the Session Group section:
  • Session Group Name
    For use by CA SSO