Asset definitions can contain an associated node value. Similarly, within any definition that accepts an asset specification, there can be a node specification associated with that asset. Upon completion of the initial Security Management installation, all node values are blank, which means that all definitions are global.
Asset definitions can be qualified by node. Asset definitions are associated with user, user group, and asset group definitions. When you include a node value in an asset definition, Security Management applies the policy only to that specific node. In the absence of a node value, the policy is global and applies to all nodes supported by the MDB.
When you commit Security Management policies to your system, Security Management looks for rules that are applicable to your system. It retrieves all rules that have a node value equal to the system identification on which you execute the commit process; it then retrieves rules that are global (have no associated node value). The Security Management evaluators use this set of rules to enforce the Security policy.
|
Copyright © 2010 CA.
All rights reserved.
|
|