RESOURCE_AUTHORIZATION
The event is generated when a Universal Agent component was denied access to a general resource protected by a Universal Agent component.
Conditions under which the event is generated include:
- A UCMD Manager was restarted and reattached to a UCMD Server in a pending, disconnected or orphaned communication state and the user ID specified by the restarted Manager is different than the user ID specified by the originating UCMD Manager.
- A UCTL STOP command specified a user ID that is not authorized to STOP the requested Server component.
RESOURCE_AUTHORIZATION Event Header
Field Name | Description |
---|---|
eventCategory | Security |
eventSeverity | Major |
eventTopic | Specific to the resource. |
eventType | 102 |
(Source Fields) | Universal Agent component denying access to the resource. |
(Reporter Fields) |
RESOURCE_AUTHORIZATION Event Body
Field Name | Notes | Description |
---|---|---|
clientCertIssuer | 1, 2 | Issuer field of the digital certificate provided by the client. |
clientCertSerialNo | 1, 2 | Serial number of the digital certificate provided by the client. |
clientCertSubject | 1, 2 | Subject field of the digital certificate provided by the client. |
clientIpAddr | 1 | IP address from which the client's socket connection was established. |
clientUserId | 1, 3, 4 | User identifier of the client. |
clientWorkId | 1 | Work identifier of the client. |
owner | User identifier that owns the resource. | |
securityResource | Name of the resource to which access was denied. | |
userId | 3 | User identifier that was denied access to the resource. |
Notes
- Client fields identify the client that requested access to the protected resource.
- Digital certificate information is only provided if the client provided a digital certificate.
- A case-dependent value.
- A case-dependent value, but for pre-3.2 clients, the value is always considered case sensitive.