To implement Data Scoping, you must define a set of Data Scoping rules. Each set of Data Scoping rules governs data access only for the MDB for which they are defined. If more than one MDB exists on a computer, each MDB has its own set of autonomous rules. Further, if a user of a single computer connects to more than one MDB, each MDB has it own independent set of Data Scoping rules for that user.
Data Scoping rules can control the type of access that is used. You can govern all access to a particular data type, or you can give a specific user ID read access without giving that same user update, create, or delete capabilities.
You can activate and deactivate Data Scoping rules according to the current date at the time of access by defining a Data Scoping rule with an effective date or an expiration date. If Enterprise Management is installed, you can also activate and deactivate a Data Scoping rule by specifying that it use a particular calendar.
By default, users connected to MDB have full access to objects until Data Scoping rules are generated to deny particular types of access. You can define class-level rules or object-level rules. Class-level rules scope data objects by their data classification. Object-level rules let you explicitly filter data objects on an object-by-object basis using the object’s instance-level properties.
On Windows, Data Scoping rules are supported for local users, local groups, domain groups, and domain users.
On UNIX/Linux, only local users are supported. All references to MDB refer to the local database.
Note: Data Scoping rules do not affect the Discovery process. All discovered devices are added to MDB. If you do not want a particular user to see these discovered devices, you can create rules for those users that deny read access.
|
Copyright © 2010 CA.
All rights reserved.
|
|