Seiji_Moriyama

CA Security Tuesday Tip: Privileged Identity Manager: Why your access was allowed/denied?

Discussion created by Seiji_Moriyama Employee on May 12, 2015

CA Privileged Identity Manager Tuesday Tip by Seiji Moriyama, Principal Support Engineer for 05/12/2015.

 

The reason for allowing/denying your access is recorded in the audit log as "stage code". For example:

 

C:\> seaudit -a |findstr 995

05 May 2015 05:05:05 D FILE         EXAMPLE\Administrator Read      995 10 C:\Program Files\CA\AccessControl\data\seosdb C:\Windows\system32\xcopy.exe EXAMPLE.ca.com EXAMPLE\Administrator

 

You can check the meaning of the stage code with "seaudit -t" as below:

 

C:\> seaudit -t |findstr 995              

995 Unauthorized access to internal resource

 

This example is on Windows. On UNIX/Linux, you can use "grep" command instead of "findstr".

Outcomes