Scoping of data asset types provides validation against Security Management policies based on the data specified for a keyword value. Using data scoping, access to CA asset types can be limited to the level of the value within a keyword. For example, access to update the CA‑CALENDAR object can be restricted for ID=base, but allowed for other calendars.
Data scoping rules are specified for asset types having a suffix of DT. For instance, use CA‑CALENDAR‑DT to apply a data scoping rule to the CA‑CALENDAR asset type.
When specifying the asset ID (type) for a CA data object (suffix DT), you must supply a setup character immediately preceding the operand (as the underscore is used with the node= operand in the previous example). This character is used by the rule evaluator to edit the definition, and is required to indicate to the evaluator that the next specification is a new operand. You can use one of the following characters:
Note: Scoping on data objects is not supported through the EmSec APIs.
|
Copyright © 2010 CA.
All rights reserved.
|
|