The access type specified in a definition determines whether the user will be allowed to access an asset. When defining access permissions, you can use the following access types to meet your specific control or audit needs:
Allows access. The standard control is “Allow this user to access this asset.”
Allows access and logs the event. LOG is used in those cases where you want to maintain an audit trail of access to a critical asset. For example, you may want to record all updates to the CA NSM calendar BASE. Do this by using two access types—a PERMIT for READ and a LOG for WRITE. READ authority is allowed normally, while a WRITE request generates a record of the access to the Event Console Log. The end user will not be notified that this access has been logged.
Denies access and logs the event. DENY is useful for creating exceptions to normal permission sets.
Whenever an asset is referenced (either explicitly or generically) as the subject of a PERMIT or DENY rule, it becomes “protected.” This protection means that when you permit a user to access an asset, such as CA-CALENDAR, any other users who have not been granted permission to access this file (those in FAIL mode) will be denied access when the security option USE_PAT is set to YES. On Windows, such protection is referred to as implicit DENY. USE_PAT and Implicit DENY are disabled by default.
Important! Security Management considers the access mode when evaluating a rule. For example, if the access mode (READ, WRITE, and so on) of a permission does not match the requested access type, the permission is not used. For more information, see Access Modes.
|
Copyright © 2010 CA.
All rights reserved.
|
|