Common Security Options

Common security options are used to implement some security features in Genesys software. These options are configured on supporting Application objects. In addition to the options described in this section, also see:

For information about the security features that use these options, refer to the Genesys Security Deployment Guide.

Filtering and/or Tagging Data in Logs

[log-filter] Section

The log-filter section contains configuration options used to define the default treatment of filtering data in log output. It defines the treatment of all KV pairs in the User Data, Extensions, and Reasons attributes of the log, and also defines the behavior of selected call handling (such as T-Servers) and reporting applications when processing call related data.

This section must be called log-filter.

default-filter-type

Default Value: copy Valid Values: One of the following:

`copy`	The keys and values of the KVList pairs in the User Data, Extensions, or Reasons attribute are copied to the log.
`hide`	The keys of the KVList pairs in the User Data, Extensions, or Reasons attribute are copied to the log; the values are replaced with asterisks.
`hide-first,<n>`	The keys of the KVList pairs in the User Data, Extensions, or Reasons attribute are copied to the log; the first <n> characters of the value are replaced with asterisks. If <n> exceeds the number of characters in the value, the number of asterisks will be equal to the number of characters in the value.
`hide-last,<n>`	The keys of the KVList pairs in the User Data, Extensions, or Reasons attribute are copied to the log; the last <n> characters of the value are replaced with asterisks. If <n> exceeds the number of characters in the value, the number of asterisks will be equal to the number of characters in the value.
`skip`	The KVList pairs in the User Data, Extensions, or Reasons attribute are not copied to the log.
`tag[(<tag-prefix>,<tag-postfix>)]`	The KVList pairs in the User Data, Extensions, or Reasons attribute are tagged with the prefix specified by <tag-prefix> and the postfix specified by <tag-postfix>. If the two parameters are not specified, the default tags <# and #> are used as prefix and postfix, respectively. To use the default tags, you can use any of the following values: `tag` `tag()` `tag(,)` To define your own tags, replace the two parameters in the value with your tags. Your own tag can be any string up to 16 characters in length; any string longer than that will be truncated. If the string includes a blank space or any of the characters , (comma), (, or ) as start and stop characters, they will not be counted as part of the length of the string.
`unhide-first,<n>`	The keys of the KVList pairs in the User Data, Extensions, or Reasons attribute are copied to the log; all but the first <n> characters of the value are replaced with asterisks. If <n> exceeds the number of characters in the value, the value of the key appears, with no asterisks.
`unhide-last,<n>`	The keys of the KVList pairs in the User Data, Extensions, or Reasons attribute are copied to the log; all but the last <n> characters of the value are replaced with asterisks. If <n> exceeds the number of characters in the key, the value of the key appears, with no asterisks.

Changes Take Effect: Immediately

Specifies the default way of presenting KVList information (including UserData, Extensions, and Reasons) in the log. This setting will be applied to all KVList pairs in the User Data, Extensions, or Reasons attribute except those that are explicitly defined in the log-filter-data section.

Refer to the Hide Selected Data in Logs section in the Genesys Security Deployment Guide for information about how to use this option.

filtering

Default Value: true
Valid Values: true, false
Changes Take Effect: Immediately, if application is subscribed to notifications that this option has been changed.

Enables (true) or disables (false) log filtering at the Application level.

hide-tlib-sensitive-data

Default Value: false
Valid Values: true, false
Changes Take Effect: After restart of Application

Specifies if an application using the TLibrary protocol must hide details of protocol messages from appearing in the log. Such information might include, for example, information about DTMF digits that are collected when handling customer calls. Refer to documentation for the specific application to confirm that this option is supported by the application, and to determine what data is hidden when the option is set to true.

This option does not affect the User Data, Extensions, and Reasons attributes of the log. Use the default-filter-type option to hide the values of these fields.

[log-filter-data] Section

The log-filter-data section defines the treatment of specific KV pairs in the User Data, Extensions, and Reasons attributes of the log. It overrides the general settings in the log-filter section.

This section must be called log-filter-data.

<key-name>

Default Value: No default value
Valid Values: One of the following:

`copy`	The key and value of the given KVList pair in the User Data, Extensions, or Reasons attribute is copied to the log.
`hide`	The key of the given KVList pair in the User Data, Extensions, or Reasons attribute is copied to the log; the value is replaced with a string of asterisks.
`hide-first,<n>`	The key of the given KVList pair in the User Data, Extensions, or Reasons attribute is copied to the log; the first <n> characters of the value are replaced with asterisks. If <n> exceeds the number of characters in the value, the number of asterisks will be equal to the number of characters in the value.
`hide-last,<n>`	The key of the given KVList pair in the User Data, Extensions, or Reasons attribute is copied to the log; the last <n> characters of the value are replaced with asterisks. If <n> exceeds the number of characters in the value, the number of asterisks will be equal to the number of characters in the value.
`skip`	The KVList pair in the User Data, Extensions, or Reasons attribute is not copied to the log.
`tag[(<tag-prefix>,<tag-postfix>)]`	The KVList pair in the User Data, Extensions, or Reasons attribute is tagged with the prefix specified by <tag-prefix> and the postfix specified by <tag-postfix>. If the two parameters are not specified, the default tags <# and #> are used as prefix and postfix, respectively. To use the default tags, you can use any of the following values: `tag` `tag()` `tag(,)` To define your own tags, replace the two parameters in the value with your tags. Your own tag can be any string up to 16 characters in length, and cannot include a blank space or any of the characters , (comma), (, or ). If the string is longer than 16 characters, it will be truncated.
`unhide-first,<n>`	The key of the given KVList pair in the User Data, Extensions, or Reasons attribute is copied to the log; all but the first <n> characters of the value are replaced with asterisks. If <n> exceeds the number of characters in the value, the value of the key appears, with no asterisks.
`unhide-last,<n>`	The key of the given KVList pair in the User Data, Extensions, or Reasons attribute is copied to the log; all but the last <n> characters of the value are replaced with asterisks. If <n> exceeds the number of characters in the value, the value of the key appears, with no asterisks.

Changes Take Effect: Immediately

Specifies the way of presenting the KVList pair defined by the key name in the log. This setting supersedes the default way of KVList presentation as defined in the log-filter section for the given KVList pair.

If no value is specified for this option, no additional processing of this data element is performed.

Important

For T-Server Application objects, if the T-Server common configuration option log-trace-flags is set to -udata, it will disable writing of user data to the log regardless of the settings of any options in the log-filter-data section. Refer to the documentation for your particular T-Server for information about the log-trace-flags option.

Refer to the Hide Selected Data in Logs section in the Genesys Security Deployment Guide for information about how to use this option.

TLS and Other Security-related Options

[security] Section

The security section contains configuration options used to specify security elements for your system. In addition to the options specified in this section, refer to TLS Configuration Options for information about TLS-specific configuration options in this section.

This section must be called security.

inactivity-timeout

Default Value: 0 Valid Values: Any non-negative integer Changes Take Effect: Immediately

Specifies the amount of time (in minutes) that a user who is logged in to a GUI Application can be inactive before application screens are minimized and the user forced to be re-authenticated. The default value 0 (zero) means that the feature is disabled. For more information about this option, refer to the Inactivity Timeout section of the Genesys Security Deployment Guide.

Tip

This option is configured in the options of the GUI Application object.

Secure User Authentication

[security-authentication-rules] Section

The security-authentication-rules section contains configuration options that relate to user accounts and user passwords. Refer to the chapter User Passwords in the Genesys Security Deployment Guide for full information about how to use these options.

This section must be called security-authentication-rules.

no-change-password-at-first-login

Default Value: false
Valid Values: false, true
Changes Take Effect: At the next attempt to log in to this application

Specifies whether this application supports password change when a user first logs in. If set to true, this application can override of the policy of changing passwords at first login. If set to false (the default), this application supports password change at first login.

This option does not apply if the force-password-reset option is set to true at the Tenant level, enforcing the current policy of changing passwords at first login.