Data Scoping is designed to be a complete solution. Since the MDB can be accessed with tools that are not part of CA NSM, the possibility of a security breach exists that Data Scoping cannot defend against on its own. However, you can take steps to ensure security no matter how the MDB is accessed. The following steps describe how you, as a MDB administrator, can implement end-to-end Data Scoping in CA NSM:
The user ID is then not able to write any dynamic Ingres or Microsoft SQL Server applications that access the MDB database and cannot access MDB through external tools such as Ingres SQL Microsoft SQL Query Analyzer. The only way to write an application to access the MDB is by using the WorldView Application Programming Interface (API). Since all CA NSM applications access the MDB through the WorldView API, they are assured complete access to the MDB. If Data Scoping is deactivated, this user ID should have full database privileges restored.
When the rules are saved in the MDB for which access needs to be restricted, Data Scoping enforcement is complete for all CA NSM applications. Applications that are not using CA NSM are denied complete access to the MDB because of the precautions you set up when you created the database user ID.
Data Scoping security is an ongoing process. You can update and delete rules. You can remove DataScope classes to completely deactivate Data Scoping.
On Windows platforms, when you update Data Scoping rules, they are enforced immediately, except for the conditions noted in Data Scoping in the 2D Map (Windows).
On UNIX/Linux platforms, when you update Data Scoping rules, they are enforced immediately.
|
Copyright © 2010 CA.
All rights reserved.
|
|