The following RBAC related terms are used in their commonly accepted way. Except for the practical distinction between local and global (for example, users), these terms are not specific to CA 3Tera AppLogic role based access control, but are rather understood in the ordinary context of user authorization and authentication. More complete descriptions may be found in any number of online references including Wikipedia.
ACL: an access control list (ACL) is a list of permissions attached to an object. In CA 3Tera AppLogic, an ACL is comprised of an owner and a list of entries. The owner is a principal (user or group) and has the implicit right to modify the ACL. Each entry is comprised of a principal and a corresponding access level which governs how that principal is authorized to perform actions on the object.
Access Level: An access level is a named collection of operation permissions. For example, the grid object has an access level named grid_administrator and one of the permissions included in this access level is the permission to log in to the grid.
Authentication: User authentication is the process of confirming a user’s identity for the purpose of accessing a grid.
Authorization: User authorization is the process of determining whether a user is permitted to perform a particular action on a particular object (for example, destroy an application). The main function of RBAC is to provide for user authorization.
Directory Service: A directory service is a software system which stores and provides access to information by mapping named entries to values. Directory services are commonly used to provide user authentication and group membership information.
Global Directory Service: An optional external directory service such as Active Directory used to manage users and groups outside of any particular grid.
Global Group: A group maintained in a global directory service.
Global User: A grid user maintained in a global directory service.
Group: A group is a named collection of users or other groups. The users or groups which belong to a group are referred to as members. Groups are useful when assigning access level rights to objects.
Local Directory Service: A directory service used to manage users and groups specific to a grid. A local directory service is included with each grid and can be used alone or together with a global directory service.
Local Group: A group maintained in a local directory service. Such a group is specific to a single CA 3Tera AppLogic grid.
Local User: A user maintained in a local directory service. Such a user is specific to a single CA 3Tera AppLogic grid.
Principal: A local or global user or group.
Principal ID: A unique identifier for a principal. For example, a local user unique identifier is a UUID (Universally Unique Identifier) such as b2ab8de0-bd1c-4826-b22f-d070066eafe2.
User: A grid user.
|
Copyright © 2012 CA.
All rights reserved.
|
|