Special Program (SPECIALPGM) Properties

Use the Special Program (SPECIALPGM class) properties windows for creating, modifying, or viewing a record of this class. Each record has one of two functions:
cminderpim14
Use the Special Program (SPECIALPGM class) properties windows for creating, modifying, or viewing a record of this class. Each record has one of two functions:
  • Registering backup, DCM, PBF, PBN, STOP, SURROGATE, REGISTRY, and KILL programs in Windows or registering xdm, backup, mail, DCM, PBF, PBN, stop, and surrogate programs in UNIX.
  • Associating an application that needs special CA Access Control authorization protection with a logical user ID. You set access permissions according to what is being done rather than who is doing it.
This window contains the following fields in the General tab:
  • Name
    Defines the name of the resource. Indicates a pathname to the special program, or to a range or pattern of special programs.
  • Comment
    Defines extra information that you want to include in the record. CA Privileged Identity Manager does not use this information for authorization.
    Limit:
     255 alphanumeric characters
  • Owner
    Defines the owner of a record.
  • Logical User
    Defines the surrogate logical user authorized to run this special program. This logical user must be defined in the CA Privileged Identity Manager database with a user record.
  • Native User
    Defines the user invoking the program or process. Use * to specify all CA Privileged Identity Manager users.
  • Bypass Type
    Determines the types of access checks that CA Privileged Identity Manager bypasses when granting access.
    • Stop Checking
      Bypasses database checks for the STOP feature.
    • Full Bypass
      Fully bypasses all CA Privileged Identity Manager authorization and database checks.
    • Do Not Call Me (DCM)
      (Windows) Bypasses all security checks for all kernel events.
      (UNIX) Bypasses database checks for program execution events.
    • Registry Checking
      (Windows only) Bypasses database checks for programs that manipulate the Windows registry.
    • Files Checking
      Bypasses database checks for the file handling events.
    • Networking Checking
      Bypasses database checks for network-related events.
    • Backup Program
      Bypasses READ, CHDIR, and UTIME access.
      You can follow any of the two ways to run a successful backup. If a user other than root executes the backup program, then you define this user as an Operator. If a root user executes the backup program, it is enough to register the backup program as special program of type Backup Program.
    • User Impersonation
      Bypasses database checks for identity changing events in the kernel. You cannot trace if you use the surrogate bypass.
    • Propagate Bypass
      (UNIX only) Propagates its own security privileges to any programs that a program with this bypass type calls. If you do not specify this, special program privileges only affect the parent program.
This window contains the following fields in the Information tab:
  • Update Time
    Displays the date and time when the record was last modified.
  • Updated By
    Displays the administrator who performed the update.
  • Create Time
    Indicate the date and time when a record gets created.