|
|
|
CA Access Control creates built-in variables in the CA Access Control database during the installation process. You cannot modify or delete built-in variables, but you can use built-in variables in policies. Built-in variables are dynamic and dependent on system settings on the CA Access Control endpoint. The value of a built-in variable changes when the corresponding system settings do.
Note: When you export a CA Access Control database, built-in variables are not included in the output. CA Access Control does not create built-in variables when you create a DMS or a PMDB.
CA Access Control supports the following built-in variables:
Identifies the fully qualified host name of the local computer.
Identifies the host IP address or addresses.
Identifies the CA Access Control installation path.
(Windows) Identifies the CA Access Control root registry key.
Identifies the administrator of the operating system on the local computer.
Identifies the domain name of the local computer.
Identifies the DNS domain name of the local computer.
Example: Use a Built-in Variable in a Policy
This example creates a network resource rule:
authorize TCP 8333 uid(*) host(<!HOSTNAME>) access(WRITE)
When you deploy the policy to the endpoint host1.example.com and the endpoint compiles the policy, it creates the following rule:
authorize TCP 8333 uid(*) host(host1.example.com) access(WRITE)
| Copyright © 2012 CA. All rights reserved. |
|