How to View Policy Information on a PIM or PAMSC Endpoint
search cancel

How to View Policy Information on a PIM or PAMSC Endpoint

book

Article ID: 245827

calendar_today

Updated On:

Products

CA Privileged Identity Management Endpoint (PIM) CA Privileged Access Manager - Server Control (PAMSC) CA Virtual Privilege Manager

Issue/Introduction

On a PIM or PAMSC endpoint, is it possible to view details about a policy to verify the details about what is applied?

Environment

Privileged Identity Manager, 12.8
PAM Server Control, 14.0, 14.1

Resolution

First connect to selang in order to run the commands needed to view policy information.

To view the list of policies currently on the endpoint, run the command below.

PAMSC> list gpolicy
(localhost)
LS Policy
Training Policy

From there, choose the desired policy and run an sr gpolicy on the resource. This will show how many versions of the policy there is and which is the version that is currently deployed.

PAMSC> sr gpolicy ('Training Policy')
(localhost)
Data for GPOLICY 'Training Policy'
 -----------------------------------------------------------
Defaccess         : None
Members           : 
    Training Policy#01(POLICY ) 
Audit mode        : Failure
Owner             : +policyfetcher(USER   ) 
Create time       : 15-Jun-2022 12:32
Update time       : 15-Jun-2022 12:32
Updated by        : root          (USER   ) 
Latest Policy     : Training Policy#01
Effective UID     : ac_entm_pers

To get information about a specific version of the policy, run sr policy against that version.

PAMSC> sr policy ('Training Policy#01')
(localhost)
Data for POLICY 'Training Policy#01'
 -----------------------------------------------------------
Defaccess         : None
Audit mode        : Failure
Groups            : 
    Training Policy(GPOLICY) 
Owner             : +policyfetcher(USER   ) 
Create time       : 15-Jun-2022 12:32
Update time       : 15-Jun-2022 12:32
Updated by        : root          (USER   ) 
Finalized         : Yes
Nodes             : 
    __local__
Effective UID     : ac_entm_pers
Name              : Training Policy
Version           : 1
RULESETS          : 
    Training Policy#01

The rules contained in the policy are listed within the associated ruleset resource. If it is needed to see these rules, run sr ruleset on the resource.

PAMSC> sr ruleset ('Training Policy#01')
(localhost)
Data for RULESET 'Training Policy#01'
 -----------------------------------------------------------
Defaccess         : None
Audit mode        : Failure
Owner             : +policyfetcher(USER   ) 
Create time       : 15-Jun-2022 12:32
Update time       : 15-Jun-2022 12:32
Updated by        : root          (USER   ) 
Rule Set Commands : 
    (1) eu training owner(nobody)
Rule Set Undo Commands : 
    (1) ru training
Policies          : 
    Training Policy#01
Finalized         : Yes

Powered by Wolken Software