You can set global policy defaults for Privilege Manager roles and restricted shell roles. When you set a global default for a property, it applies to all roles unless you have set a specific property in an individual role to override the global policy default. See Override Role Property Defaults for more information about specifying role-specific overrides for a specific property.
To manage role defaults
The Role Defaults dialog displays allowing you to specify the following settings:
|
Note: Not all variables can be set as global defaults using the Manage Defaults button on the GUI editor; however, you can set any variable as a global default using the text editor. See Role Property Variables for a list of variables. |
pf_enableprofile = true;
When you open a policy from a policy group that is configured to use a pmpolicy rather than a sudo policy type, the mangement console allows you to edit the policy files that pertain to that policy using either a GUI editor or a text editor, however there are certain variables that you can only modify by means of the text editor.
To modify policy files using the text editor
From the Policy tab, navigate to the PM Policy Editor view.
Click the Text Editor button in the top-right corner of the PM Policy Editor view.
From the Open menu, select either:
When you open a policy-based policy file in the text editor, the mangement console lists the policies in the policy group in the left navigation tree:
|
NoteS:
|
To open a specific policy in the text editor, either double-click the policy or right-click it and choose Open as text from the context menu.
When using the text editor:
For example, 'pf_enableprofile = false' is represented as an unchecked check box.
For example, 'pf_profiledescription= "Some Descriptive Text"' is represented as 'Description:[ template ]'.
For example, 'pf_authgroups = {"admins", "dbas"}; is represented as a text box where the user can enter multiple values.
Click the Add button in the Policy panel to add a new policy file.
The Add Policy File dialog opens.
Select the type of policy file you want to add.
Choose
Enter a name for the new policy file.
Note that the file type changes according to the type of policy file you selected.
Optionally, select the Use an existing file as a template option.
The list of files to choose changes according to the type of policy file you selected.
When you click OK on the Add Policy File dialog, it adds the new file to the left navigation tree.
Click the Save button to save the current policy file; click Save All to save all modified policy files.
Click the Close button in the Policy panel to close all modified policy files. If you have made changes, you are prompted to save them.
|
Note: You can also click the |
To delete a policy, click the Delete button in the Policy panel and confirm your request.
To discard you changes, right-click the policy name and choose the Revert option from the context menu. You are prompted to confirm your request to revert the changes to the selected file.
|
Note: See Edit Panel Commands for more information about editing the policy in the text editor. |
The Access & Privileges by User report identifies the hosts where the selected user can login, the commands that user can run on each host, as well as the "runas aliases" information for that user.
To create the Access & Privileges by User report
The report opens a new Access & Privileges by User tab on the Reporting view.
It launches a new browser or application page and displays the report in the selected format.
|
Note: When generating multiple reports simultaneously or generating a single report that contains a large amount of data, One Identity recommends that you increase the JVM memory. (See JVM Memory Tuning Suggestions for details.) |
The Access & Privileges by Host report identifies all users with logon access to a host and the commands users can run on the host. To run this report you must have an active policy group; you can only include hosts that are joined to a policy group in the report.
To create the Access & Privileges by Host report
The report opens a new Access & Privileges by Host tab on the Reporting view.
It launches a new browser or application page and displays the report in the selected format.
|
Note: When generating multiple reports simultaneously or generating a single report that contains a large amount of data, One Identity recommends that you increase the JVM memory. (See JVM Memory Tuning Suggestions for details.) |
© 2023 One Identity LLC. ALL RIGHTS RESERVED. Feedback Terms of Use Privacy