I am familiar with the following objects:
Data for SURROGATE 'USER._default'
Data for SURROGATE 'GROUP._default'
however, I recently discovered a new version, and would like to know its purpose:
Data for SURROGATE '_default'
chres SURROGATE ('_default') audit(SUCCESS FAILURE) defaccess(READ) owner('etrust')
There is no server down here, but I will need to explain this object in an audit hearing soon.
Component : CA ControlMinder
Please see the following from the documentation. The last sentence is the important one for you, the rest is for context:
"A record in the SURROGATE class represents each user or group who has surrogate protection. Two special records-USER._default and GROUP._default-represent users and groups who do not have individual SURROGATE records. If there is no need to differentiate between the default for users and the default for groups, you may use the _default record for the SURROGATE class instead."