Data Scoping rule evaluation can significantly degrade performance because of inclusion inheritance rules. For every object where access is evaluated, all ancestors of that object are also evaluated if no Data Scoping rules apply to that particular object.
The performance degradation is caused by the object-based rules defined in the class hierarchy. This is due to the fact that an object must be constructed by issuing SQL queries as the topology is traversed. Limiting object-based rules at a lower level in the class hierarchy can reduce this database overhead.
For example, if the following rule is defined on the class ManagedObject, and the managed objects are Windows computers, then the rule should be defined on the Workstation class.
Rule1: Deny delete for address=192.168.34.45 or address=192.168.34.46
|
Copyright © 2010 CA.
All rights reserved.
|
|