Idea Details

Adjust ASA to have separate Install and Config

Last activity 06-04-2019 11:57 AM
JoshPerlmutter's profile image
10-05-2015 04:13 PM

Currently this is done by one process.

this means that unlike the regular agents, the group and common user on linux has more access than is desirable.

by splitting the two in the normal agents there is more security.

we would like to see this additional security that owuld allow for user x to maintain libraries and configuration done by user y to be added to the ASA.

 

thank you in advance.


Comments

10-18-2018 10:11 AM

Thank you for your contribution of an enhancement idea to the CA Community. CA is continually working to improve its software and services to best meet the needs of its customers. Your input is vital to that effort. The CA Single Sign-On Product Management team has reviewed your suggested enhancement. Based on current roadmap priorities and/or the limited amount of community support for this idea over the last year (please see this document describing how we are reviewing ideas: https://communities.ca.com/docs/DOC-231170123), we are not accepting this idea into the product backlog. Therefore, it is being moved to a “Not Planned” status.   

06-24-2016 07:59 AM

After thinking over night about this, it probably doesn't make sense for me to vote.   I can always influence my personal opinions separately.  So I changed my downvote to an upvote to help your cause Josh.

06-23-2016 12:28 PM

looking at different means to the same ends.

 

ty

06-23-2016 11:19 AM

My reasoning is that installs in general are difficult.  Trying to copy something that was done for web agents (which I feel is not ideal) does not make sense.  Ideally, we need to make the product easier to install and upgrade.  I am working behind the scenes to help facilitate these conversations. 

 

Allowing the OPs folks to help push out new agents is really where we need to get to.  Of course this is all just my personal opinion and does not reflect what CA may or may not do.

06-17-2016 09:10 AM

banst03 downvoted? STEVE! what am i missing? what is your reasoning. im very interested as it is likely something big.

01-05-2016 07:24 AM

Thank you for your contribution of an enhancement idea to the CA Community. CA is continually working to improve its software and services to best meet the needs of its customers. Your input is vital to that effort. The CA Single Sign-On Product Management team has reviewed your enhancement suggestion and decided to maintain the idea for possible consideration in a future release. The Community will continue to be able to vote on this enhancement idea.

10-07-2015 02:59 PM

To clarify,

 

the basic agent can be installed as smuser and configured by another. Thus, by use of groups, those with access to smuser can then maintain the logs and binaries  of the agent, while the application team owns and maintains everything else, allowing for more  fine grain auditing and ensuring of separation of duties.

 

This is not the case with the Application Server Agents.

 

THe ability to  split ownership and increase auditing  is desirable for auditing and security perspectives alike.

 

i find it troubling that a security product would remove this ability. and am asking for this basic split to be carried over to the ASA