Global Settings
Settings in the global category are used for controlling the general behavior of the Key Manager system. Global settings include features for controlling internal-job behavior, and for defining general application details.
After how many days to automatically purge audit events (without exporting to offline storage)
The number of days for which records about audit events are retained. Specified in number of days (minimum 90, by default disabled with value 0).
This setting purges the events without exporting to offline storage. To export, please create a manual audit purge request.
After how many days to purge finished and failed jobs
The number of days for which records about completed jobs are retained. Specified in number of days (minimum 1).
After how many hours to purge listing jobs
The number of hours for which listing jobs and their result data are retained. Specified in number of hours (minimum 1).
After how many days to purge reporting data results from database
The number of days after which the reportingThe number of days after which the reporting data objects are purged from the database (minimum 1). Note that stored reporting data may require significant database space.
After how many days to purge resolved or dismissed alerts
The number of days for which data about resolved and dismissed alerts are retained. Specified in number of days (minimum 1).
Approval policy for direct key actions
The required number of admin approvals for actions. Can be different for each request type. By default, no approvals are required.
For example, to require 2 administrator approvals for key-removal requests, and to require 1 administrator approval for every other type of request, set Remove keys to 2, and set Any to 1.
This setting affects the following action types:
-
Adding authorizations.
-
Blacklisting, removing, renewing, and restoring user keys.
-
Modifying authorized-key options.
-
Modifying private-key passphrases.
This setting only applies to key-action requests created in Key Manager (via the Key Manager GUI, command-line client, or API). Approval policies for requests made via User Portal are changed via application settings instead. For more information about setting approval policies for applications, see the PrivX Key Manager User Portal Guides.
Approval policy for requests not affiliated with applications
The number of required admin approvals for requests on keys that do not belong to any application. Can be different for each request type.
For example, to require 2 administrator approvals for key-removal requests, and to require 1 administrator approval for every other type of request, set Remove keys to 2, and set Any to 1.
The supported request types (excluding "any") are the same as those used in the add-request
command-line client command (described in add-request).
Default approval policy for new applications
Default approval policy for newly created applications. The approval policy of newly-created applications is set according to this setting.
For example, to require 2 application-owner approvals and 1 administrator approval for key-removal requests, and to require 1 application-owner approval and 1 administrator approval for every other type of request, set Admin: 1, Owner: 2 for Remove keys, and set Admin: 1, Owner: 1 for Any.
The supported request types (excluding "any") are the same as those used in the add-request command-line client command (described in add-request).
Graph analysis parameters
JSON encoded dictionary. Used to define how to present graph analysis results.
user_list_cutoff: how many users to print out in each category in the job log
graph_cutoff: maximum size of a subgraph to plot.
graph_style: Three possible options:
-
spring_layout: tries to arrange users so that the connections are as clear as possible. (default)
-
shell_layout: arranges source, destination and transitive users divided into three concentric circles
-
lines_layout: arranges source, destination, and transitive users using three vertical lines
node_coloring: applications or classifications
How often to calculate general statistics
The interval at which general statistics are calculated. Specified as a time interval, a periodic window, a fixed time window, or a custom value.
This setting is a calendar-based setting. For more information about configuring calendar-based settings, see Configuring Calendar-Based Settings.
How often to calculate reporting data
The interval at which full reporting data is calculated. Specified as a time interval, a periodic window, a fixed time window, or a custom value.
This setting is a calendar-based setting. For more information about configuring calendar-based settings, see Configuring Calendar-Based Settings.
To ensure that automatically emailed reports contain up to date information, schedule this job to run a little time before email reports are scheduled to be delivered.
How often to notify users with expiring tokens
The interval at which users are notified of token expirations. User accounts must have a valid email set in order to receive these notifications. For more information about setting calendar-based settings, see Configuring Calendar-Based Settings.
How often to perform graph analysis
The interval at which graph analysis of trusts is performed. Specified as a time interval, a periodic window, a fixed time window, or a custom value.
This setting is a calendar-based setting. For more information about configuring calendar-based settings, see Configuring Calendar-Based Settings.
How often to remove expired authorizations
The interval at which removal jobs for expired authorizations are launched. Specified as a time interval, a periodic window, a fixed time window, or a custom value. For more information on temporary authorizations via access request workflow refer to PrivX Key Manager User Portal Manual.
This setting is a calendar-based setting. For more information about configuring calendar-based settings, see Configuring Calendar-Based Settings.
How often to reverse map key activity IPs
The interval at which external-host IP addresses are resolved to FQDNs. Specified as a time interval, a periodic window, a fixed time window, or a custom value.
This setting is a calendar-based setting. For more information about configuring calendar-based settings, see Configuring Calendar-Based Settings.
How often to update application associations
The interval at which account-to-application associations are updated based on application rules.
This setting is a calendar-based setting. For more information about configuring calendar-based settings, see Configuring Calendar-Based Settings.
How often to validate environment against policy
The interval at which the managed environment is validated according to the configured policy rules and the set of flagged violations updated accordingly. Specified as a time interval, a periodic window, a fixed time window, or a custom value.
This setting is a calendar-based setting. For more information about configuring calendar-based settings, see Configuring Calendar-Based Settings.
List of allowed application-owner roles
Allowed application-owner roles (comma-separated values).
List of allowed classifications
Allowed classifications (comma-separated values).
OS based syslog paths
A pattern based mapping FROM operating system release information to syslog directories/ syslogfiles/syslog_prefilter values that are to overwrite the corresponding default settings.The regular expression is matched against a string constructed by catenating '/' . If expression matches, the values for defined settings are used.
Public key algorithm, minimum size and default size policy
In this setting you specify how Key Manager handles the public key algorithms using JSON format. You can use this to set the public key minimum, and default key sizes, as well as which algorithms are enabled/disabled, and which algorithm is the default. The setting is formatted as follows, with algorithms separated by commas:
{"algorithm-name":{"is_default":true|false,"is_enabled":true|false,\
"min_size":bitsize,"default_size":bitsize}}
A usage example of this setting:
{"ssh-rsa":{"is_default":true,"is_enabled":true,"min_size":2048,\
"default_size":3084},"ssh-dss":{"is_enabled":false,"min_size":1024,\
"default_size":1024},"ecdsa":{"is_enabled":true,"min_size":256,\
"default_size":384},"ssh-ed25519":{"is_enabled":true,"default_size":256,\
"min_size":256}}