Securing CA NSM › Data Scoping › User IDs Required for Data Scoping Rule Evaluations › Data Scoping Rule Evaluation Using Windows Domain Groups (Microsoft SQL Server Databases)
Data Scoping Rule Evaluation Using Windows Domain Groups (Microsoft SQL Server Databases)
Microsoft SQL Server supports Windows domain accounts for authentication.
Data Scoping rules are enforced for domain groups in which the particular user is a member. You can create rules for multiple domains on one MDB using the DataScope Rule Editor. You can create rules when logged into different domains by using the DataScope Rule Editor locally or remotely. Only the rules created for the domain that is used to authenticate Windows to the MDB are applied.
You can then create Data Scoping rules for domain group accounts defined on the domain that is currently logged in. Rules are applied in the following ways:
- If a rule exists for a domain group account and the domain user who is authenticated is a member of that domain group, the rule applies to that user.
- If rules are defined for multiple domain groups and the domain user who is authenticated is a member of those domain groups, then all rules apply.
- If the domain user is a member of a domain group or local group for which a rule exists, or if the domain user is a member of a domain group that is a member of a local group and a rule for the local group exists, the rule applies.
Data Scoping rule evaluation takes place as described for a local computer.
Copyright © 2010 CA.
All rights reserved.
|
|