User Properties, General Tab
The General tab of the user properties window displays general properties of the user record.
cminder12901
The General tab of the user properties window displays general properties of the user record.
The General tab contains the following fields in the General section:
- User NameDefines the name of the user, as entered by the user when logging in to the system.
- From Domain(Windows only) Opens a dialog that lets you select a domain that the user belongs to. CA Privileged Identity Manager Endpoint Console then prefixes the domain to the user name.
- EnvironmentSpecifies the environment that the accessor belongs to.Values: AC, native, or bothWhen you modify an accessor that the accessor is only defined in one environment, click Add to add the accessor to the other environment.
- Full NameDefines the full name that is associated with the accessor. CA Privileged Identity Manager uses the full name to identify the accessorin audit log messages, but not for authorization.Limit:47 alphanumeric characters
- DescriptionDefines information that you want to include in the record. CA Privileged Identity Manager does not use this information for authorization.Limit:255 characters
The General tab contains the following fields in the Access Control section:
- Password IntervalDefines the maximum time in days between password changes for the user.Limit:An integer from 1 through 65535This value in a user record overrides the value in a group record. Both override the user password policy.
- Minimum TimeDefines the minimum time in days that are permitted between password changes for the user.Limit:An integer from 1 through 65535.This value in a user record overrides the value in a group record. Both override the user password policy.
- Policy ModelDefines the PMDB that receives new passwords when you change user passwords.If this value is defined, CA Privileged Identity Manager fails to send passwords to the parent or password Policy Models defined in the configuration settings.
The General tab contains the following fields in the User Attributes section:
- OwnerDefines the owner of a record.
- ProfileDefines a profile group that a user is associated with.
- User TypesSpecifies the user global authorization attributes. Each global authorization attribute permits the user to perform certain types of functions. A user can have one or more of the following global authorization attributes:
- AdministratorSpecifies that the user can perform administrative functions, similar to a native superuser.
- AuditorSpecifies that the user can monitor the system, user can list information in the database, and user can set the audit mode for existing records.
- OperatorSpecifies that the user can list everything in the database and user can use the secons utility.
- Password ManagerSpecifies that the user can modify the password settings of other users. The user can also enable a user account that the serevu utility disables.
- ServerSpecifies that a process can ask the user for authorization and can issue the SEOSROUTE_VerifyCreate API call.
- Ignore HolidaySpecifies that the user can log in during any time that is defined in a holiday class record.
The General tab contains the following fields in the Account section:
- AccountDefines the date on which an accessor becomes invalid.This value in a user record overrides the value in a group record. Both override the user password policy.
- Suspend OnDefines the date on which a user account is suspended and so becomes invalid.If the suspend date for a record precedes its resume date, the user can work before the suspend date and after the resume date.
If a user has a resume date is earlier than the suspend date, then the record is also invalidbeforethe resume date. The user can work only between the resume and suspend dates.
This value in a user record overrides the value in a group record. Both override the user password policy.
- Resume OnDefines the date on which a suspended user account resumes (no longer suspended).
- Use original identitySpecifies that CA Privileged Identity Manager writes audit records and also make authorization decision depending on the user who checked out an account. But not the privileged account user name.
- Requires an account checkout prior to loginSpecifies that a user must use automatic login for logging in to the endpoint with this privileged account. The Automatic login feature allows a user to check out a password and automatically log in to an endpoint from CA Privileged Identity Manager Enterprise Console.
The General tab contains the following fields in the Login section:
- Grace LoginDefines the number of grace logins a user has after a password expires.When the number of grace logins exceeds, the user is denied access to the system. The user must contact the system administrator for a new password. If this value is 0, the user cannot log in.Limit:An integer from 1 through 255This value in a user record overrides the value in a group record. Both override the user password policy.
- Max LoginDefines the maximum number of concurrent logins that a user is allowed. A zero (0) value indicates that the user can have any number of concurrent logins.For a user to log in and administer the database (for example, using CA Privileged Identity Manager Endpoint Console), Max Login must be zero or greater than one. Because CA Privileged Identity Manager considers each task (login, selang, GUI, and so forth) to be a terminal session.Limit:An integer from 1 through 32767This value in a user record overrides the value in a group record. Both override the user password policy.
- Inactive DaysDefines the number of days of inactivity that must pass before the system changes the status of a user to inactive. If the account status is inactive, the user cannot log in.CA Privileged Identity Manager does not store the status; it calculates the status dynamically. Checks the Last Access Time for the user and compares with the Inactive Days value. ExampleExample:If a user is inactive for five days and the Inactive Days value is set to four days, the user is denied access.Limit:An integer from 1 through 32767This value in a user record overrides the value in a group record. Both override the user password policy.
The General tab contains the following fields in the Personal Information section:
- LocationDefines the location of the user. CA Privileged Identity Manager does not use this information for authorization.
- CountryDefines the country descriptor for a user. This string is part of the X.500 naming scheme. CA Privileged Identity Manager does not use this information for authorization.
- OrganizationDefines the organization in which the user works. This string is part of the X.500 naming scheme. CA Privileged Identity Manager does not use this information for authorization.
- Organization UnitDefines the organizational unit in which the user works. This string is part of the X.500 naming scheme. CA Privileged Identity Manager does not use this information for authorization.
- PhoneDefines the telephone number for the user. CA Privileged Identity Manager does not use this information for authorization.
- EmailDefines the email address of the user.Limit:128 characters
The General tab contains the following fields in the Session Group section:
- Session Group NameFor use by CA SSO