Special Program (SPECIALPGM) Properties
Use the Special Program (SPECIALPGM class) properties windows for creating, modifying, or viewing a record of this class. Each record has one of two functions:
cminderpim14
Use the Special Program (SPECIALPGM class) properties windows for creating, modifying, or viewing a record of this class. Each record has one of two functions:
- Registering backup, DCM, PBF, PBN, STOP, SURROGATE, REGISTRY, and KILL programs in Windows or registering xdm, backup, mail, DCM, PBF, PBN, stop, and surrogate programs in UNIX.
- Associating an application that needs special CA Access Control authorization protection with a logical user ID. You set access permissions according to what is being done rather than who is doing it.
This window contains the following fields in the General tab:
- NameDefines the name of the resource. Indicates a pathname to the special program, or to a range or pattern of special programs.
- CommentDefines extra information that you want to include in the record. CA Privileged Identity Manager does not use this information for authorization.Limit:255 alphanumeric characters
- OwnerDefines the owner of a record.
- Logical UserDefines the surrogate logical user authorized to run this special program. This logical user must be defined in the CA Privileged Identity Manager database with a user record.
- Native UserDefines the user invoking the program or process. Use * to specify all CA Privileged Identity Manager users.
- Bypass TypeDetermines the types of access checks that CA Privileged Identity Manager bypasses when granting access.
- Stop CheckingBypasses database checks for the STOP feature.
- Full BypassFully bypasses all CA Privileged Identity Manager authorization and database checks.
- Do Not Call Me (DCM)(Windows) Bypasses all security checks for all kernel events.(UNIX) Bypasses database checks for program execution events.
- Registry Checking(Windows only) Bypasses database checks for programs that manipulate the Windows registry.
- Files CheckingBypasses database checks for the file handling events.
- Networking CheckingBypasses database checks for network-related events.
- Backup ProgramBypasses READ, CHDIR, and UTIME access.You can follow any of the two ways to run a successful backup. If a user other than root executes the backup program, then you define this user as an Operator. If a root user executes the backup program, it is enough to register the backup program as special program of type Backup Program.
- User ImpersonationBypasses database checks for identity changing events in the kernel. You cannot trace if you use the surrogate bypass.
- Propagate Bypass(UNIX only) Propagates its own security privileges to any programs that a program with this bypass type calls. If you do not specify this, special program privileges only affect the parent program.
This window contains the following fields in the Information tab:
- Update TimeDisplays the date and time when the record was last modified.
- Updated ByDisplays the administrator who performed the update.
- Create TimeIndicate the date and time when a record gets created.