Processes (PROCESS) Properties

Use the Processes (PROCESS class) properties windows for creating, modifying, or viewing a record of this class. Each process defines a program - an executable file - that runs in its own address space. You protect the executable file from being killed. Major utilities and database servers are good candidates for such protection as these processes are the main targets for denial-of-service attacks.
cminderpim14
Use the Processes (PROCESS class) properties windows for creating, modifying, or viewing a record of this class. Each process defines a program - an executable file - that runs in its own address space. You protect the executable file from being killed. Major utilities and database servers are good candidates for such protection as these processes are the main targets for denial-of-service attacks.
When you define a process, we recommend that you also define a file for it. By doing so, you protect the executable by preventing someone from modifying (replacing or corrupting) the executable without authorization.
This window contains the following fields in the General tab:
  • Name
    Defines the name of the resource. Indicates the full pathname of the program the record protects.
  • Comment
    Defines extra information that you want to include in the record. CA Privileged Identity Manager does not use this information for authorization.
    Limit:
     255 alphanumeric characters
  • Owner
    Defines the owner of a record.
This window contains the following fields in the Default Access tab:
  • Permissions
    Defines the default access authority for the resource. The default access is granted to accessors who match either of the following criteria:
    • Are not defined to CA Privileged Identity Manager
    • Do not appear in the ACL of the resource.
This window contains the following fields in the Authorize tab:
  • Accessors
    Defines the access control list (ACL) for the resource. This list specifies accessors (users and groups) with a specified access authority, and the conditions for that access.
    Each element in the access control list contains the following information:
    • Accessor
      Defines an accessor.
    • Calendar
      Defines a calendar in Unicenter TNG that governs the access authority of the accessor.
    • Program
      Defines a record in the PROGRAM class, either specifically or by wildcard pattern matching. The program definition limits the access authority of the accessor to the resource to when the specified program makes the access request.
    • ACL
      Defines the access authority that the accessor has to the resource.
This window contains the following fields in the Audit tab:
  • Audit Modes
    Defines the types of access events that CA Privileged Identity Manager records in the audit log. You can select any combination of the following activities:
    • Audit Success
      Granted access requests
    • Audit Failure
      Denied access requests (default).
    • Warning Mode
      Specifies whether Warning mode is enabled. When Warning mode is enabled on a resource, all resource access requests are granted. If an access request violates an access rule, a record is written to the audit log.
This window contains the following fields in the Time Restrictions tab:
  • Calendar
    Represents a Unicenter TNG calendar object for user, group, and resource restrictions in CA Privileged Identity Manager. CA Privileged Identity Manager retrieves Unicenter TNG active calendars at specified time intervals.
  • Days Restriction
    Defines the native day restrictions that govern when an accessor can access the resource.
  • Restrictions
    Defines the native time restrictions that govern when an accessor can access the resource.
This window contains the following fields in the B1 Features tab:
  • Select B1 Features
    Specifies the available security categories and the ones that are selected for the resource.
  • B1 Labels
    Specifies the security label that is applied to the resource.
  • Security Level
    Specifies the security level that is applied to the resource.
    Limit:
     An integer from 1 through 255
This window contains the following fields in the Information tab:
  • Update Time
    Displays the date and time when the record was last modified.
  • Updated By
    Displays the administrator who performed the update.
  • Create Time
    Indicate the date and time when a record gets created.