Saviynt unveils its cutting-edge Intelligence Suite products to revolutionize Identity Security!
Click HERE to see how Saviynt Intelligence is transforming the industry.
Saviynt Copilot Icon

Customer property not propagating to Windows accounts

jdfranco
New Contributor III
New Contributor III

Windows and Linux accounts are getting pam-enabled, but we have added the accountVisibilityConfig to customproperty55 for a particular account.

The customproperty55 is being updated to the Linux accounts but not the Windows accounts.

Can anyone check and confirm is the approach is right?

Below are the on-prem connection details:

{
    "Connection": "On-Premise",
    "encryptionMechanism": "ENCRYPTED",
    "EVQuery": "ev.customproperty40='PAM_BOOTSTRAP'",
    "WINDOWS": {
        "defaultCredentialConnection": {
            "connectionName": "Windows_Master_Connection",
            "changeConnectionCredentials": false,
            "MSConnectorVersion": "WINDOWS/1.0"
        },
        "defaultSecuritySystemDetails": {
            "securitySystemName": "new",
            "workflow": "Privilege Access Auto Approved",
            "passwordPolicy": "REMOVED"
        },
        "shareableAccounts": {
            "IDQueryCredentials": "acc.name in ('REMOVED')",
            "IDQueryCredentialless": "acc.name in ('REMVOED')",
            "IDQueryDomainCredentialless": "acc.name in ('REMOVED','REMOVED')",
            "IDQueryDomainCredentials": "acc.name in ('')"
        },
        "processADAccount": "true",
        "sAMAccountNameColumnMapping": "name",
        "reconciledAccountAction": "NONE",
        "domainConnections": "Active Directory Accounts",
        "maxCredSessionRequestTime": "14400",
        "maxCredlessSessionRequestTime": "14400",
        "maxIDRequestableTime": "604800",
        "skipOpenPorts": "true",
        "endpointAttributeMappings": [{
                "column": "accessquery",
                "value": "where users.USERNAME is not null",
                "feature": "endpointAccessQuery"
            },
            {
                "column": "allowChangePassword_sqlquery",
                "value": "AC.ACCOUNTTYPE != 'REMOVED'",
                "feature": "allowChangepasswordquery"
            },
            {
                "column": "customproperty43",
                "value": "PAMDefaultUserAccountAccessControl",
                "feature": "accountVisibilityControl"
            }
        ],
        "endpointPamConfig": {
            "maxInActiveTimeInSec": "181",
            "maxReqExpWarnPeriodInSec": "901",
            "maxSessionLimitInSec": "28801",
            "maxInActiveWarnPeriodInSec": "61",
            "maxConcurrentSession": "10",
            "maxSessionWarnPeriodInSec": "1801"
        },
        "accountVisibilityConfig": {
            "accountCustomProperty": "customproperty55",
            "accountMappingConfig": [{
                    "accountPattern": "REMOVED",
                    "mappingData": "roletest1",
                    "override": "false"
                },
                {
                    "accountPattern": "cpamuser1,cpamuser2",
                    "mappingData": "roletest2",
                    "override": "false"
                }
            ]
        }
    },
    "UNIX": {
        "defaultCredentialConnection": {
            "changeConnectionCredentials": false,
            "connectionName": "LinuxMaster"
        },
        "defaultSecuritySystemDetails": {
            "securitySystemName": "new",
            "workflow": "Privilege Access Auto Approved",
            "passwordPolicy": "REMOVED"
        },
        "actions": {
            "restricted": "yum,sudo,visudo,apt,install,iptables,rm,mkfs,alias,ssh,telnet,scp,kill,shutdown,passwd,cron,traceroute",
            "risky": {
                "high": "file,wget,scp,curl,df,chmod,chown,echo,exit,uname,netstat",
                "medium": "cat,vi,touch,find,history,awk,grep"
            }
       },
        "shareableAccounts": {
            "IDQueryCredentialless": "acc.name in ('REMOVED')",
            "IDQueryCredentials": "acc.name in ('REMOVED')"
        },
        "maxCredSessionRequestTime": "14400",
        "maxCredlessSessionRequestTime": "14000",
        "maxIDRequestableTime": "604800",
        "skipOpenPorts": "true",
        "skipPushKeys": "false",
        "endpointAttributeMappings": [{
                "column": "accessquery",
                "value": "where users.USERNAME is not null",
                "feature": "endpointAccessQuery"
            },
            {
                "column": "allowChangePassword_sqlquery",
                "value": "AC.ACCOUNTTYPE != 'REMOVED'",
                "feature": "allowChangepasswordquery"
            },
            {
                "column": "customproperty43",
                "value": "PAMDefaultUserAccountAccessControl",
                "feature": "accountVisibilityControl"
            }
        ],
        "endpointPamConfig": {
            "maxConcurrentSession": "100"
        },
        "accountVisibilityConfig": {
            "accountCustomProperty": "customproperty55",
            "accountMappingConfig": [{
                    "accountPattern": "cpam_credentials",
                    "mappingData": "roletest1",
                    "override": "false"
                },
                {
                    "accountPattern": "cpamuser1,cpamuser2",
                    "mappingData": "roletest2",
                    "override": "false"
                }
            ]
        }
    }

}

 

1 REPLY 1

RMJ
New Contributor III
New Contributor III

it seems like this bug fixed in Release Notes v23.7 (saviyntcloud.com)