Administration Guide › Action Alerts › Preparing to Use Alerts with Keyed Lists › Customize Keyed Values for Privileged_Groups

Customize Keyed Values for Privileged_Groups

You can use a predefined query to create an alert when group memberships are added or removed by a member of a privileged group. You can use the default keyed list only or you can supplement it with your own values. Predefined values include dba, mail, ORA_DBA, sshd, uucp, and wheel.

To customize the list, you identify other accounts as values in the key-value list for Privileged_Groups.

The queries that use the values you supply include:

• Group Membership Addition by Privileged Group in the last 24 hours
• Group Membership Removals by Privileged Group in the last 24 hours

If you create a custom query that uses this key, define the filter as follows:

To customize keyed values for Privileged_Groups

1. Click the Administration tab and the Services subtab.
2. Click Report Server.

   A list of keys to which you add user-defined values is displayed at the bottom of the main pane.

3. Select the key, Privileged_Groups.
4. Take one of the following actions to update this list:
   • Update the list manually:
     • Click Add Value and enter a new value to include in the keyed list.
     • Select a value and click Remove Value to delete the value from the list.
     • Select a value, click Edit Value, modify the value and click OK.
   • Click Export Values to export the current list, edit the list to add other values, save the file. Then, click Import Values to import your edited list.
   • If the values for this key are dynamically generated by the configured CA IT PAM process, click Import Dynamic Values List.
5. Click Save.

   If you have already scheduled an action alert with one of the queries that uses the Privileged_Groups keyed list, that alert will be generated based on the evaluation of values in your modified keyed list.

More information:

Approaches to Maintaining Keyed Lists