Programs (PROGRAM) Properties
Use the Programs (PROGRAM class) properties windows for creating, modifying, or viewing a record of this class. Each program defines a program that is considered part of the trusted computing base. Watchdog monitors the Programs in this class and ensures that they are not modified. When a trusted program gets altered, CA Privileged Identity Manager automatically marks the program as untrusted and the program is prevented from getting executed. Optionally, you can also allow or prevent the execution of untrusted programs using the Blockrun property.
cminderpim14
Use the Programs (PROGRAM class) properties windows for creating, modifying, or viewing a record of this class. Each program defines a program that is considered part of the trusted computing base. Watchdog monitors the Programs in this class and ensures that they are not modified. When a trusted program gets altered, CA Privileged Identity Manager automatically marks the program as untrusted and the program is prevented from getting executed. Optionally, you can also allow or prevent the execution of untrusted programs using the
Blockrun
property.This window contains the following fields in the General tab:
- NameDefines the name of the resource. Indicates the full pathname to the file the record protects.
- CommentDefines extra information that you want to include in the record. CA Privileged Identity Manager does not use this information for authorization.Limit:255 alphanumeric characters
- OwnerDefines the owner of a record.
- BlockrunSpecifies whether to check if the program is trusted, and block execution of any untrusted programs. An untrusted program is blocked regardless the fact that the program is a setuid or a regular program.
- FlagsDefines the program information CA Privileged Identity Manager generates automatically.The Watchdog automatically verifies the information that is stored in this property. If it is changed, CA Privileged Identity Manager defines the program as untrusted.You can select any of the following flags toexcludethe associated information from this verification process:
- SHA1The SHA1 signature. Secure Hash Algorithm is a Digital signature method that is applied to a program or sensitive files.
- SizeThe size of the program file.
- CRCThe cyclic redundancy check and MD5 signature.
- MTimeThe time the program file was last modified.
- CTime(UNIX only) The time of the last file status change.
- INodeOn UNIX, the file system address of the program file.On Windows, has no importance.
- DeviceOn UNIX, the logical disk that the file resides on.On Windows, the drive number of the disk containing the file.
- ModeThe associated security protection mode for the program file.
- OwnerThe user who owns the program file.
- GroupThe group that owns the program file.
This window contains the following fields in the Default Access tab:
- PermissionsDefines the default access authority for the resource. The default access is granted to accessors who match either of the following criteria:
- Are not defined to CA Privileged Identity Manager
- Do not appear in the ACL of the resource.
This window contains the following fields in the Authorize tab:
- AccessorsDefines the access control list (ACL) for the resource. This list specifies accessors (users and groups) with a specified access authority, and the conditions for that access.Each element in the access control list contains the following information:
- AccessorDefines an accessor.
- ProgramDefines a record in the PROGRAM class, either specifically or by wildcard pattern matching. The program definition limits the access authority of the accessor to the resource to when the specified program makes the access request.
- ACLDefines the access authority that the accessor has to the resource.
This window contains the following fields in the Audit tab:
- Audit ModesDefines the types of access events that CA Privileged Identity Manager records in the audit log. You can select any combination of the following activities:
- Audit SuccessGranted access requests.
- Audit FailureDenied access requests (default).
- Warning ModeSpecifies whether Warning mode is enabled. When Warning mode is enabled on a resource, all resource access requests are granted. If an access request violates an access rule, a record is written to the audit log.
- TrustDefines whether the resource is trusted. If you do not specify this option, accessors cannot use the resource. Otherwise, the other properties that are listed in the database for the resource are used to determine access authority of an accessor. If a trusted resource is changed in any way, CA Privileged Identity Manager automatically clears this option.
This window contains the following fields in the Time Restrictions tab:
- Days RestrictionDefines the native day restrictions that govern when an accessor can access the resource.
- RestrictionsDefines the native time restrictions that govern when an accessor can access the resource.
This window contains the following fields in the B1 Features tab:
- Select B1 FeaturesSpecifies the available security categories and the ones that are selected for the resource.
- B1 LabelsSpecifies the security label that is applied to the resource.
- Security LevelSpecifies the security level that is applied to the resource.Limit:An integer from 1 through 255
This window contains the following fields in the Information tab:
- Update TimeDisplays the date and time when the record was last modified.
- Updated ByDisplays the administrator who performed the update.
- Create TimeIndicate the date and time when a record gets created.