Sample of an AC policy which would allow you to be able to surrogate
search cancel

Sample of an AC policy which would allow you to be able to surrogate

book

Article ID: 263134

calendar_today

Updated On:

Products

CA Privileged Access Manager (PAM)

Issue/Introduction

Implementation question regarding surrogate policies

Here we explain a sample on how to use surrogate policies in a pamsc case

 

 

Environment

Release : 4.1.x

PAMSC 14.1.x

Cause

Guidance on setting up a surrogate policy

This is the official documentation

Resolution

 

As a sample, this can be implemented using following policy :

er PROGRAM /opt/CA/PAMSC/bin/sesu owner(nobody) defaccess(N) trust

auth PROGRAM /opt/CA/PAMSC/bin/sesu xgid(******) acc(A)

er SURROGATE USER._default defaccess(n)

er SURROGATE USER.root defacc(n)

auth SURROGATE USER.root xgid(*******) acc(A)

er SURROGATE USER.ans defacc(n)

auth SURROGATE USER.ans xuid(*****) acc(a)