|
|
|
Each row or line in the endpoint CSV file, after the header row or line, represents a task to create, modify, or delete an endpoint in CA Access Control Enterprise Management.
Important! When you create the CSV file, verify that no other application uses the file and that the file can be renamed. The PUPM feeder processes only CSV files that can be renamed.
Follow these steps:
Note: We recommend that you create a copy of a sample endpoint CSV file. The sample files are located in the following directory, where ACServer is the directory in which you installed the Enterprise Management Server:
ACServer/IAM Suite/Access Control/tools/samples/feeder
The names of the endpoint attributes are as follows. Some endpoint attributes are valid only for certain endpoint types:
Specifies the type of the object to import.
Value: ENDPOINT
Specifies the type of action to perform
Value: CREATE, MODIFY, DELETE
Defines the name that you refer to this endpoint by in CA Access Control Enterprise Management.
Defines any information that you want to record for this endpoint.
Specifies the type of the endpoint.
Note: You can view the available endpoint types in CA Access Control Enterprise Management. Before you create endpoints of type CA Identity Manager Provisioning, create an Identity Manager Provisioning type Connector Server in CA Access Control Enterprise Management.
Defines the host name of the endpoint.
Defines the name of an administrative user of the endpoint. This attribute is not valid for any of the CA Identity Manager Provisioning endpoint types, but is valid for all other endpoint types.
For all valid endpoint types except SSH Device:
For SSH Device endpoints:
Defines the password of LOGIN_USER. This attribute is not valid for the CA Identity Manager Provisioning endpoint type, but is valid for all other endpoint types.
Defines the URL that CA Access Control Enterprise Management uses to connect to the endpoint. This attribute is valid for the MS SQL Server and Oracle Server endpoint types.
Format: (MS SQL Server) jdbc:sqlserver://servername:port
Format: (Oracle Server) jdbc:oracle:drivertype:@hostname:port:service
Specifies the name of the domain of which this endpoint is a member. This attribute is valid for the Access Control for PUPM and Windows Agentless endpoint types.
Specifies whether the user account is an Active Directory account. This attribute is valid for the Windows Agentless endpoint type only.
Limits: TRUE, FALSE
Specifies the name of the domain of which the LOGIN_USER is a member. This attribute is valid for the Windows Agentless endpoint type.
Specifies the name of the SSH Device XML configuration file that you are defining. This attribute is valid for the SSH Device endpoint type.
Note: If you do not specify a value for this attribute, CA Access Control Enterprise Management uses the default configuration file (ssh_connector_conf.xml).
(Optional) Defines the name of the operation administrator user of the endpoint. PUPM uses this account to perform administrative tasks on the endpoint, for example, discovering and changing the password of privileged accounts. This attribute is valid for the SSH Device endpoint type, as follows:
If you specify an operation administrator for an SSH endpoint that uses a Check Point firewall, specify the expert user. However, you cannot use PUPM to change the password for the expert account on the endpoint. This restriction means that the expert account must be a disconnected account in PUPM.
(Optional) Defines the password for the operation administrator user of the endpoint. This attribute is valid for the SSH Device endpoint type.
Defines the name of the endpoint, exactly as it is defined in CA Identity Manager Provisioning Server. This attribute is valid for the CA Identity Manager Provisioning endpoint type.
(Optional) Specifies whether you want to use a privileged administrative account to connect to the endpoint and to perform administrative tasks on the endpoint, for example, to discover accounts and change passwords. This attribute is valid for all endpoint types.
For all valid endpoint types except SSH Device, if you specify a privileged administrative account (IS_ADVANCE is TRUE), PUPM uses the privileged administrative account to connect to the endpoint and to perform administrative tasks on the endpoint.
For SSH Device endpoints:
Limits: TRUE, FALSE
Note: If you set the value of this attribute to TRUE, do not specify a value for LOGIN_USER. However, specify PROPERTY_ADMIN_ACCOUNT_ENDPOINT_TYPE, PROPERTY_ADMIN_ACCOUNT_ENDPOINT_NAME, PROPERTY_ADMIN_ACCOUNT_CONTAINER, and PROPERTY_ADMIN_ACCOUNT_NAME.
(Optional) Defines the type of endpoint on which the privileged administrative account is defined.
Note: To use a privileged administrative account, you must specify that IS_ADVANCE is TRUE.
(Optional) Defines the name of the endpoint on which the privileged administrative account is defined. The endpoint must exist in CA Access Control Enterprise Management.
Note: To use a privileged administrative account, you must specify that IS_ADVANCE is TRUE.
(Optional) Defines the container in which the privileged administrative account is defined. A container is a class whose instances are collections of other objects.
Values: (Windows Agentless and Oracle Server): Accounts
(SSH Device): SSH Accounts
(MS SQL Server): MS SQL Logins
Note: To use a privileged administrative account, you must specify that IS_ADVANCE is TRUE.
(Optional) Defines the name of the privileged administrative account that PUPM uses to perform administrative tasks on the endpoint, for example, to discover accounts and change passwords. The privileged account must exist in CA Access Control Enterprise Management.
Note: To use a privileged administrative account, you must specify that IS_ADVANCE is TRUE.
Specify the name of the login application to associate with the endpoint.
Specifies the name of the endpoint owner.
Specifies the name of the department.
Specifies up to five customer-specific attributes.
Specifies if the endpoint administrator account is disconnected.
Values: TRUE, FALSE
Default: TRUE
Specifies whether to disable the exclusive sessions option on this endpoint.
Values: TRUE, FALSE
Default: FALSE
Specifies whether to prevent access to exclusive accounts who are in operation using break glass.
Values: TRUE, FALSE
Default: FALSE
Each line represents a task to create or modify an endpoint, and must have the same attributes as the header. The attributes must be in the same order as the header. If a line does not have a value for an attribute, leave the field empty.
The endpoint CSV file is ready for processing by the PUPM feeder.
Note: The default polling folder is located as follows, where JBoss_home is the directory in which you installed JBoss:
JBoss_home/server/default/deploy/IdentityMinder.ear/custom/ppm/feeder/waitingToBeProcessed
Example: An Endpoint CSV File
The following is a sample endpoint CSV file. You can find more sample endpoint CSV files in the ACServer/IAM Suite/Access Control/tools/samples/feeder directory.
OBJECT_TYPE,%FRIENDLY_NAME%,DESCRIPTION,ENDPOINT_TYPE,HOST,LOGIN_USER, PASSWORD,URL,CONFIGURATION_FILE,DOMAIN,IS_ACTIVE_DIRECTORY,USER_DOMAIN,ENDPOINT ENDPOINT,Oracle1,oracle 10g,Oracle Server,TEST10, ORAADMIN1,ORAADMIN1,jdbc:oracle:thin:@TEST10:1521:RNDSRV,,,,, ENDPOINT,local MSSQL1,local SQL server,MS SQL Server, localhost,testAdmin,Password1@,jdbc:sqlserver://localhost:1433,,,,, ENDPOINT,SSH_Device2,unix machine,SSH Device,TEST84,root,Password1@,,,,,, ENDPOINT,IM_Access Control,Access Control via provisioning,Access Control,TEST1,,,,,,,,TEST1
| Copyright © 2012 CA. All rights reserved. |
|