CSV File Data Attribute Fields
The following table describes the fields in the CSV output file.
| For this template field | The following information is displayed |
|---|---|
| Entity Type | Includes one of the following entity types: System Domain Database Account |
| Name | The name of the system, domain or database exported. You can have multiple lines with the same name. For example, if you exported more than one account for the same system, each account is listed as a separate line with the same system name. Applies to Systems, Domains, and Databases. |
| FQDN | Fully-qualified domain name or IP address of the System or Database you want to add. This field applies to Systems and Databases. |
| Description | Descriptive information added for the entity. This field applies to Systems, Domains, Databases, and Accounts. |
| ComputerClass | One of the following values for the type of system added: Windows Unix GenericSsh Cisco AsyncOS CiscoIOS CiscoNXOS JuniperJunos HPNonStopOS IBMi CheckPointGaia PaloAltoNetworksPANOS F5NetworksBIGIP VMwareVMkernel This field is required and applies to Systems. |
| ProxyUser | The name of the “proxy” user for a system. This field is optional and applies to Systems. For more information about the “proxy” user for Windows systems, see the following topic: Configuring a proxy user for password operations For more information about the “proxy” user for UNIX and Juniper systems, see the following topic: Specifying a proxy account for root |
| ProxyUserPassword | The password for the “proxy” user for a system. This field is optional and applies to Systems. For more information about the “proxy” user for Windows systems, see the following topic: Configuring a proxy user for password operations For more information about the “proxy” user for UNIX and Juniper systems, see the following topic: Specifying a proxy account for root |
| ProxyUserIsManaged | Whether the password for the “proxy” user is managed. This field is optional and applies to Systems. TRUE indicates the “proxy” account password is managed by Privileged Access Service. FALSE indicates the password is unmanaged. |
| ResourceDomain | The domain that the system is joined to. This field is optional and applies to Systems. |
| ResourceDomainOperationsEnabled | Specify whether you want to use the domain administrative account to enable zone role workflow. You specify TRUE if you want to use the domain administrative account to enable operations such as zone role workflow, or FALSE if you do not want to use the domain administrative account to enable domain operations. In order to enable domain operations for a system, the user must have grant rights over the domain or else the import will fail. This field applies to Systems. |
| ResourceSessionType | Indicates remote connection type: Ssh for secure shell or Rdp for remote desktop. This field is required and applies to Systems. |
| ResourceSessionTypePort | The port used for remote connections. The default port for SSH is 22 and for RDP it is 3389. This field applies to Systems. |
| ResourceWindowsManagementMode | One of the following management modes used to manage the Windows System. Unknown (this is equivalent to auto-detect in the Admin Portal) Smb WinRMOverHttp WinRMOverHttps RpcOverTcp Disabled This field applies to Systems. |
| ResourceWindowsManagementPort | The management port to be used for password management for Windows, F5 Networks BIG-IP, and Palo Alto Networks PAN-OS Systems. This field applies to Systems. |
| PasswordProfile | Customized password profile name to define the rules applied when managed passwords are generated for systems, domains, or databases. For more information about customized password profiles, see Configuring password profiles. This field is applies to Systems, Domains, and Databases. |
| SetName | Name for system, domain, database, or account sets. Sets are logical groups of a particular type (system, domain, database, or account) to simplify management activity and reporting for entities with attributes in common. For more than one set name for an entity, entries are separated by a |. For example, SystemSet1|SystemSet2|SystemSet3. This field applies to Systems, Domains, Databases, and Accounts. |
| DefaultCheckoutTime | The length of time (in minutes) that a checked out password is valid. The minimum checkout time is 15 minutes. If no value is specified, the default is 60 minutes. Also see, Setting systems specific policies. This field applies to Systems, Domains, Databases, and Accounts. |
| AllowRemote | TRUE (allows remote connections from a public network for a selected system) or FALSE (does not allow remote connections from a public network). This field is optional and applies to Systems. |
| ParentEntityTypeOfAccount | Entity type related to the account (System, Domain or Database). This field applies to Accounts. |
| ParentEntityNameOfAccount | Display name of the system, domain or database associated with the account. This field applies to Accounts. |
| User | User name for an account used with Systems, Domains, and Databases. This field applies to Accounts. |
| Password | The password for the account used with the system. This field is optional and applies to Accounts. |
| IsManaged | TRUE if Privileged Access Service manages the password for the account, or FALSE if the password is unmanaged. This field applies to Accounts. |
| AccountMode | Expert if an expert mode account exists for Checkpoint Gaia systems. This field applies to Systems. |
| UseProxy | TRUE if a “proxy” account is used for the system, or FALSE if a “proxy” account for the system is not used. For UNIX and Juniper systems, this field is used if your secure shell environment is configured to not allow the root user to access computers remotely using SSH. This field is also used for Windows systems if you use a proxy account for Windows Remote Management (WinRM) connections to a system. This field applies to Accounts. |
| DatabaseServiceType | One of the following database types: SQLServer Oracle SAP Adaptive Server Enterprise (ASE) This field applies to Databases. |
| OracleServiceName | The service name assigned to the Oracle database. Also see, Adding databases. This field applies to Databases. |
| SQLInstanceName | The instance name assigned to the SQL Server database. Also see, Adding databases. This field applies to Databases. |
| DatabasePort | The port number used to check the status of the database and when updating database passwords. This field applies to Databases. |
| ParentDomain | The name of the parent domain, if a child domain is configured. This field applies to Domains. |
| AdministrativeAccount | The administrative account in the format admin@childdomain, admin@mycompany.com or a local account . This field applies to Systems and Domains. |
| AllowAutomaticAccountMaintenance | TRUE (allows out-of-sync passwords to be reset and managed accounts to be unlocked during login or checkout), or FALSE (does not allow out-of-sync passwords to be reset and managed accounts to be unlocked during login or checkout). Requires an Administrative Account be defined for the domain. This field applies to Domains. |
| AllowManualAccountUnlock | TRUE (allows users with the Unlock Account permission to manually unlock accounts), or FALSE (does not allow accounts to be manually unlocked). Requires an Administrative Account be defined for the domain. This field is optional and applies to Domains. |
| AllowMultipleCheckouts | FALSE (only one user is allowed to check out the password at any given time) or TRUE (allows multiple users to have the account password checked out at the same time without waiting for the password to be checked in). Also see, Allow multiple password checkouts. This field applies to Systems, Domains, and Databases. |
| AllowPasswordRotation | TRUE (Privileged Access Service rotates managed passwords periodically) or FALSE (Privileged Access Service does not rotate managed passwords periodically). This field applies to Systems, Domains, and Databases. |
| PasswordRotateDuration | The interval at which managed passwords are automatically rotated. This field applies to Systems, Domains, and Databases. |
| MinimumPasswordAge | The minimum number of days before a password is rotated. This field applies to Systems, Domains, and Databases. |
| AllowPasswordHistoryCleanUp | TRUE (allows periodic password history cleanup), or FALSE (does not allow periodic password history cleanup). This field applies to Systems, Domains, and Databases. |
| PasswordHistoryCleanUpDuration | The number of days after which retired passwords matching the duration are deleted. This field applies to Systems, Domains, and Databases. |
Assigning PowerShell remote access
If you want to allow some of your users to be able to run PowerShell commands on remote computers by way of PowerShell remoting, be aware of the following requirements:
-
The target computer needs to have the Delinea Client for Windows installed with the Privileged Access Service enabled.
-
Assign the user to a role with the "PowerShell remote access is allowed" system right granted.
If you're using the Delinea Audit & Monitoring Service, when a user attempts to run PowerShell remotely on a computer, the system triggers an audit trail event. Delinea Audit & Monitoring Service is an optional service.
To assign PowerShell remote access to a user:
-
In the Access Manager console, open the zone that the Windows system to be managed belongs to (Access Manager is not necessarily installed on the machine with the Windows client).
-
Under Role Definitions, right-click a role that you'd like to assign PowerShell remote access permission to and select Properties.
-
Under System Rights > Windows rights, select PowerShell remote access is allowed.
-
Right-click Role > Assignment and select Assign Role.
-
Select the role as defined above and assign the Windows account to it.
