selang surrogate object question


Article ID: 194499


Updated On:


CA Virtual Privilege Manager CA Privileged Identity Management Endpoint (PIM)


I am familiar with the following objects:

Data for SURROGATE 'USER._default'

Data for SURROGATE 'GROUP._default'

however, I recently discovered a new version, and would like to know its purpose:

Data for SURROGATE '_default'

chres  SURROGATE ('_default') audit(SUCCESS FAILURE) defaccess(READ) owner('etrust')

There is no server down here, but I will need to explain this object in an audit hearing soon.


Release :

Component : CA ControlMinder


Please see the following from the documentation. The last sentence is the important one for you, the rest is for context:

"A record in the SURROGATE class represents each user or group who has surrogate protection. Two special records-USER._default and GROUP._default-represent users and groups who do not have individual SURROGATE records. If there is no need to differentiate between the default for users and the default for groups, you may use the _default record for the SURROGATE class instead."