selang surrogate object question

book

Article ID: 194499

calendar_today

Updated On:

Products

CA Virtual Privilege Manager CA Privileged Identity Management Endpoint (PIM)

Issue/Introduction

I am familiar with the following objects:

Data for SURROGATE 'USER._default'

Data for SURROGATE 'GROUP._default'

however, I recently discovered a new version, and would like to know its purpose:

Data for SURROGATE '_default'

chres  SURROGATE ('_default') audit(SUCCESS FAILURE) defaccess(READ) owner('etrust')

There is no server down here, but I will need to explain this object in an audit hearing soon.

Environment

Release :

Component : CA ControlMinder

Resolution

Please see the following from the documentation. The last sentence is the important one for you, the rest is for context:

"A record in the SURROGATE class represents each user or group who has surrogate protection. Two special records-USER._default and GROUP._default-represent users and groups who do not have individual SURROGATE records. If there is no need to differentiate between the default for users and the default for groups, you may use the _default record for the SURROGATE class instead."

https://techdocs.broadcom.com/content/broadcom/techdocs/us/en/ca-enterprise-software/it-operations-management/ca-controlminder/12-8-01/reference/selang-reference-guide/classes-in-the-ac-environment/surrogate-class.html