Scope records limit a user's administrative authority over the CA ACF2 Logonid, Rule, and Infostorage databases. The SCPLIST field of the logonid record points to the name of the scope record. You can also see scope records as scope lists.
A scope record specifies a list of data set high‑level indexes, logonids, UIDs, or infostorage keys. When you assign a scope record for a logonid, you limit its access to the CA ACF2 databases. Scope records grant no special privileges to a user. They provide you with a means to delegate security administration to other logonids and limit the power of those logonids.
CA Chorus for Security and Compliance Management lets you review scope as it relates to the user identification (UID) string. The UID identifies the user and places each user in a CA ACF2-related structure. Whereas CA ACF2 uses the logonid record to verify a user's system access and privileges, CA ACF2 uses the UID to verify a user's access to data and resources. Furthermore, while the logonid identifies a unique user, the UID can identify a user or a group of users in CA ACF2 rules. The logonid record contains the fields that comprise the UID; however, the actual UID does not exist in the logonid record. The UID string is dynamically built at sign‑on time.
Example: Adding Scope to a User
Your company has lost a security administrator through retirement. You plan to have an existing employee take over their work. You have identified a strong performer who has the same privileges as the retiree. You would like to increase the existing employee's scope. Before doing so, confirm their present scope.
You can see their current scope and the changes you need to make to increase their scope. As previously noted, the retiree and the existing employee have the same privileges so no changes are necessary.
|
Copyright © 2013 CA Technologies.
All rights reserved.
|
|