Built-in profile and request attributes

APIUSER_CIDR

Used to define a product administrator ’s allowed network addresses for remote API access.

It is not included in an attribute group by default.

ARCH_EXTEND_CHECKOUT_REASON

Used for Bravura Privilege check-out extension requests: Reason for the check-out extension.

It is included in the Check-out extension details group.

DESC_APP

Used to store the request description.

It is included in the App built-in attributes group.

EMAIL

Used to store users’ email addresses.

You can add EMAIL to an attribute group if you want requesters to define an email address for new users.

EMAIL_APP

Used to store users’ email addresses.

It is included in the App built-in attributes group.

FIRST_NAME

Used to store users’ first names.

It is included in the base attributes group.

LAST_NAME

Used to store users’ last names.

It is included in the base attributes group.

LUPD_AUTO_ASSOCIATE

When this boolean attribute is set to true, the account will be auto associated with other accounts. If the attribute is set to false, the account will not be subjected to the auto association process.

MAQCMD_SCOPE

Used to limit the commands that can be executed.

It is included in the Commands for account set access attribute group.

MAQ_COMMAND

Account set commands.

It is included in the Commands for account set access attribute group.

NOTES_APP

Used to store the requester notes.

It is included in the App built-in attributes group.

ORGCHART_MANAGER

Used to store or to change a user’s primary manager. This attribute loads OrgChart data when mapped to a manager account attributes. Users can also be allowed to update their primary manager directly.

It is not included in an attribute group by default.

OTHER_NAME

Used to store users’ middle names or initials.

It is included in the base attributes group.

PPM_VIEW_TIME_BEGIN

In Bravura Privilege password check-out requests, this is the beginning of the interval in which a user has permission to check out an administrative password.

It is included in the Privileged Access Manager request base attribute group.

PPM_VIEW_TIME_END

In Bravura Privilege password check-out requests, this is the end of the interval in which a user has permission to check out an administrative password.

It is included in the Privileged Access Manager request base attribute group.

PROFILE_PIC

Used to link a profile picture for each user.

It is included in the base attributes group.

RBACENFORCE

When this boolean attribute is set to true, the user is included in the role enforcement jurisdiction. When a new user is created, or an access change request is issued for an existing user, the default value is true.

It is included in the RBACENFORCEATTR group.

SEND_RECIPIENT_EMAIL

By default, recipients receive all emails addressed to them. When this boolean attribute is set to false, the recipient will no longer receive emails involving the request.

It is not included in an attribute group by default.

SEND_REQUESTER_EMAIL

By default, requesters receive all emails addressed to them. When this boolean attribute is set to false, the requester will no longer receive emails involving the request.

It is not included in an attribute group by default.

SM_BROWSER_VIEW_TIME_END

Used for requests to view recorded sessions. Allow the recipient to view sessions in a browser until this time.

It is included in the Recorded session meta data browser view limits group..

SM_BROWSER_VIEW_TIME_START

Used for requests to view recorded sessions: Allow the recipient to view sessions in a browser starting at this time.

It is included in the Recorded session meta data browser view limits group.

SM_EVENT_TYPE

Used for requests to download recorded sessions: Content types to include in package.

It is included in the Recorded session meta data view limits group.

SM_SEARCH_DEST_MANAGED_SYSTEM

Used for requests to search recorded sessions: Managed system.

It is included in the Recorded session meta data browse limits group.

SM_SEARCH_INITIATOR

Used for requests to search recorded sessions: Session initiator profile ID.

It is included in the Recorded session meta data browse limits group.

SM_SEARCH_MANAGED_ACCOUNT

Used for requests to search recorded sessions: Privileged access.

It is included in the Recorded session meta data browse limits group.

SM_SEARCH_SEARCH_TIME_END

Used for requests to search recorded sessions: Allow the recipient to search until this time.

It is included in the Recorded session meta data browse limits group.

SM_SEARCH_SEARCH_TIME_START

Used for requests to search recorded sessions: Allow the recipient to search starting at this time.

It is included in the Recorded session meta data browse limits group.

SM_SEARCH_SESS_TIME_END

Used for requests to search recorded sessions: Search for sessions active until this time.

It is included in the Recorded session meta data browse limits group.

SM_SEARCH_SESS_TIME_START

Used for requests to search recorded sessions: Search for sessions active starting at this time.

It is included in the Recorded session meta data browse limits group.

SM_SEARCH_SOURCE

Used for requests to search recorded sessions: User device ID.

It is included in the Recorded session meta data browse limits group.

SM_SEARCH_SOURCE_ACCOUNT

Used for requests to search recorded sessions: User login ID.

It is included in the Recorded session meta data browse limits group.

SM_VIEW_EXPIRY_TIME

Used for requests to download recorded sessions: How long the package should be retained once it is generated (in days).

It is included in the Recorded session meta data view limits group.

SSH_AUTH_KEY

In Bravura Privilege generic check-out requests, this is the SSH public key to add to the managed account.

It is included in the App SSH attributes group.

SSH_PUBLIC_KEYS

Used for storing users’ SSH public keys.

It is included in the SSH public key profile attributes group.

UPDATE_ONLY_CHANGED_ATTRS

This boolean attribute allows requesters to indicate whether to update all the account attributes, or only the changed ones. Its value is only used in context of the request, and is not saved with the user’s profile.

VIEWABLE_BY_RECIPIENT

This boolean attribute allows requesters to indicate whether a recipient is allowed to view a request in the Requests app. Its value is only used in context of the request, and is not saved with the user’s profile.

It is included in the request-only group.