What's new?
-
We added some new management keys:
RevokeAfterTimeChangeExcludedUsersexcludes users from automatic privilege revocation after the system time changed (if enabled using theRevokePrivilegesAfterSystemTimeChangekey).RevokeOnScreenLockExcludedUsersexcludes users from automatic privilege revocation on screen lock (if enabled using theRevokePrivilegesOnScreenLockkey).AutomaticRevocationExcludedUsersexcludes users from any automatic revocation. This key is evaluated before the keysRevokeAtLoginExcludedUsers,RevokeAfterTimeChangeExcludedUsers,RevokeOnScreenLockExcludedUsers, and any other automatic revocation key that may be introduced in the future. If a user is listed in theAutomaticRevocationExcludedUserskey, the other keys are not evaluated. When used with a client management system that supports variables in configuration profiles, variables such as $USERNAME can be used here.
-
The PrivilegesDaemon now uses its own logging subsystem. If you want to access the log entries for privilege changes, you can do so by entering the following command:
log show --predicate 'subsystem == "corp.sap.privileges.daemon" AND category == "privchange"'. Additionally, the installer package ensures that these log entries are written to the persistent log store, making them available for a longer period than in previous versions of Privileges.