|
|
|
Warning Mode is a property that you can apply to a resource, and an option that you can apply to a class. If Warning mode is applied to a resource or a class and an access violates an access rule, CA Access Control writes an audit log entry with the return code W, but permits the access to the resource. If a class is in Warning mode, all the resources in that class are in Warning mode.
Warning Mode only has an effect if CA Access Control is in Full Enforcement mode.
Note: Full Enforcement mode is the only mode CA Access Control for UNIX supports. CA Access Control for Windows also supports Audit Only mode.
You can use Warning mode when you introduce or modify an access policy. If you do this, you can examine the audit log to preview the results of your intended policy before you put that policy into effect. You can display the audit log by using the seaudit command.
If a class has the property warning, you can put the class into Warning mode. If a resource group or class is in Warning mode, when an access rule is violated, CA Access Control allows the access and writes an entry in the audit log that references the resource (not the resource group or class).
The Warning mode settings on a resource and on a class are independent: if you put a resource into Warning mode, it remains in Warning mode, even if it belongs to a class and you remove Warning mode from that class.
Note: You can only put resources or classes into Warning mode if they have the property warning; not all resources or classes have this property.
| Copyright © 2012 CA. All rights reserved. |
|