IT Process Automation

  • Private Community

  • 1.  file trigger - best practice

    Posted Aug 20, 2018 04:47 AM

    It there any best practice how to configure a user account and its permission to be able to use this account in the filetrigger xml file to run PAM process?  I would like to use the lowest necessary permission for such an account.

     

    I'm also wondering if there is the way how to use a hash of the password value in the filetrigger xml file instead of the real password. I tried to use for this purpose the PasswordEncryption.bat but the filetrigger refused to run the PAM process with the error: The specified user ID, password, or token is invalid.

     

    Thank you.

    Milan



  • 2.  Re: file trigger - best practice

    Broadcom Employee
    Posted Aug 20, 2018 11:05 AM

    We do not have a defined set of permissions for file triggers. 

    You will need at least read rights to the file and depending on you security design and where the file is located, and you may need a higher level of permissions if you are attempting to reach across a network share.

     

    Unfortunately this will likely be a bit of trial and error on your end to determine the permissions required.

     

     

    Can you clarify the second question?  Are you reading a file and using those values in a Process run?   I would think it would be more secure to store password information in a dataset.  Otherwise I would expect youll have to read the hash into Process Automation and use javascript to decode the password within the process.



  • 3.  Re: file trigger - best practice

    Posted Aug 20, 2018 05:55 PM

    Hello Michael,

    Thank you for your answer. I will try to explain what I'm trying to achieve.

    The XML files for filetrigger contains username and password.

    That credential is used by filetrigger for login into PAM and run the process specified in flow name tag.

    Everyone who has access to the XML file can use the specified credential for login into PAM console.

    I would like to know if setting the strict Windows file-level permission is the only way how to protect the credential in the XML file.

    My goal is to add another level of security for this credential in XML file:

    1)  to use the encrypted value of password in the XML file

    OR

    2) to use the credential that can be used by filetrigger but not for login to PAM console

     

    Regards,

    Milan



  • 4.  Re: file trigger - best practice

    Broadcom Employee
    Posted Aug 21, 2018 11:48 AM

    I am looking into this, but do not believe it is possible to encode or encrypt the password in a trigger feed file. 



  • 5.  Re: file trigger - best practice
    Best Answer

    Broadcom Employee
    Posted Sep 02, 2018 04:38 AM

    Sorry for the delay.  I have not been able to find a way to encode or encrypt the password in a trigger file.  Please open a community idea request on this topic.  Thank you.



  • 6.  Re: file trigger - best practice

    Posted Sep 04, 2018 03:28 AM

    Hello Scott, thank you for your effort.