Programs (PROGRAM) Properties

Use the Programs (PROGRAM class) properties windows for creating, modifying, or viewing a record of this class. Each program defines a program that is considered part of the trusted computing base. Watchdog monitors the Programs in this class and ensures that they are not modified. When a trusted program gets altered, CA Privileged Identity Manager automatically marks the program as untrusted and the program is prevented from getting executed. Optionally, you can also allow or prevent the execution of untrusted programs using the Blockrun property.
cminderpim14
Use the Programs (PROGRAM class) properties windows for creating, modifying, or viewing a record of this class. Each program defines a program that is considered part of the trusted computing base. Watchdog monitors the Programs in this class and ensures that they are not modified. When a trusted program gets altered, CA Privileged Identity Manager automatically marks the program as untrusted and the program is prevented from getting executed. Optionally, you can also allow or prevent the execution of untrusted programs using the 
Blockrun
 property.
This window contains the following fields in the General tab:
  • Name
    Defines the name of the resource. Indicates the full pathname to the file the record protects.
  • Comment
    Defines extra information that you want to include in the record. CA Privileged Identity Manager does not use this information for authorization.
    Limit:
     255 alphanumeric characters
  • Owner
    Defines the owner of a record.
  • Blockrun
    Specifies whether to check if the program is trusted, and block execution of any untrusted programs. An untrusted program is blocked regardless the fact that the program is a setuid or a regular program.
  • Flags
    Defines the program information CA Privileged Identity Manager generates automatically.
    The Watchdog automatically verifies the information that is stored in this property. If it is changed, CA Privileged Identity Manager defines the program as untrusted.
    You can select any of the following flags to 
    exclude
     the associated information from this verification process:
    • SHA1
      The SHA1 signature. Secure Hash Algorithm is a Digital signature method that is applied to a program or sensitive files.
    • Size
      The size of the program file.
    • CRC
      The cyclic redundancy check and MD5 signature.
    • MTime
      The time the program file was last modified.
    • CTime
      (UNIX only) The time of the last file status change.
    • INode
      On UNIX, the file system address of the program file. 
      On Windows, has no importance.
    • Device
      On UNIX, the logical disk that the file resides on. 
      On Windows, the drive number of the disk containing the file.
    • Mode
      The associated security protection mode for the program file.
    • Owner
      The user who owns the program file.
    • Group
      The group that owns the program file.
This window contains the following fields in the Default Access tab:
  • Permissions
    Defines the default access authority for the resource. The default access is granted to accessors who match either of the following criteria:
    • Are not defined to CA Privileged Identity Manager
    • Do not appear in the ACL of the resource.
This window contains the following fields in the Authorize tab:
  • Accessors
    Defines the access control list (ACL) for the resource. This list specifies accessors (users and groups) with a specified access authority, and the conditions for that access.
    Each element in the access control list contains the following information:
    • Accessor
      Defines an accessor.
    • Program
      Defines a record in the PROGRAM class, either specifically or by wildcard pattern matching. The program definition limits the access authority of the accessor to the resource to when the specified program makes the access request.
    • ACL
      Defines the access authority that the accessor has to the resource.
This window contains the following fields in the Audit tab:
  • Audit Modes
    Defines the types of access events that CA Privileged Identity Manager records in the audit log. You can select any combination of the following activities:
    • Audit Success
      Granted access requests.
    • Audit Failure
      Denied access requests (default).
    • Warning Mode
      Specifies whether Warning mode is enabled. When Warning mode is enabled on a resource, all resource access requests are granted. If an access request violates an access rule, a record is written to the audit log.
    • Trust
      Defines whether the resource is trusted. If you do not specify this option, accessors cannot use the resource. Otherwise, the other properties that are listed in the database for the resource are used to determine access authority of an accessor. If a trusted resource is changed in any way, CA Privileged Identity Manager automatically clears this option.
This window contains the following fields in the Time Restrictions tab:
  • Days Restriction
    Defines the native day restrictions that govern when an accessor can access the resource.
  • Restrictions
    Defines the native time restrictions that govern when an accessor can access the resource.
This window contains the following fields in the B1 Features tab:
  • Select B1 Features
    Specifies the available security categories and the ones that are selected for the resource.
  • B1 Labels
    Specifies the security label that is applied to the resource.
  • Security Level
    Specifies the security level that is applied to the resource.
    Limit:
     An integer from 1 through 255
This window contains the following fields in the Information tab:
  • Update Time
    Displays the date and time when the record was last modified.
  • Updated By
    Displays the administrator who performed the update.
  • Create Time
    Indicate the date and time when a record gets created.