Privileged Session Recorder widgets
Use the Privileged Session Recorder widgets in the bundled AccessProfiles to add session recording support to your client application logon workflows.
Do not modify the widgets.
Each recorder widget has an entry state, a success exit state, and a failed exit state. Some of the recorder widgets might have more than two pinnable states. For more information about pinnable states and widgets, see the IBM Security Access Manager for Enterprise Single Sign-On AccessProfile Widgets Guide.
IBM® Security Privileged Identity Manager bundled AccessProfiles are integrated with the session recording widgets. The widgets start session recording when shared access identities are checked out.
Session recording stops when the target application is closed.
When you develop or customize an AccessProfile, add the appropriate recorder widget to the state.
- Widget_PSR_Init
- Generates the recording ID which will be used when the recording starts. Displays the message of consent dialog box.
- Widget_PSR_Start
- Starts a session recording. For example:
- Starts recording when a privileged identity is checked out.
- Starts recording when a secured application is started.
Note: Use the Widget_PSR_Start widget after the profile_checkout_widget widget. If you use the Widget_PSR_Start without a preceding check out widget, the recording interface will not have the shared credentials that it requires. The AccessProfile might not work as expected. - Widget_PSR_Pause
- Pauses a session recording. For example, you can pause recording when confidential information from a personal application is being displayed in the application. Pausing a recording avoids including the confidential details in the session recording.
- Widget_PSR_Resume
- Resumes a session recording that is paused. For example, you can resume recording after the confidential information is no longer shown.
- Widget_PSR_Stop
- Stops a session recording. For example, you can stop recording when a privileged identity is checked in.
- Recording starts when the shared access user ID is checked out,
and the user agrees to give consent for recording.
If the IBM Privileged Session Recorder Server connection is interrupted or the Privileged Session Recorder service is stopped on the client workstation, any mouse or key input for the client application might be blocked depending on the policies you configure in AccessAdmin.
For more information, see ../../reference/ref/policies_xml_pim.html.
- Recording automatically stops when the application is closed. For PuTTY, the bundled AccessProfile is designed to stop the recording when the session is inactive.