Previous Topic: Profile Groups

Next Topic: Accessor Management

Endpoint Administration Guide for UNIXManaging Users and GroupsDatabase AccessorsHow CA Access Control Uses Profile Groups to Determine User Properties

How CA Access Control Uses Profile Groups to Determine User Properties

The following process describes how CA Access Control uses profile groups to determine user properties:

  1. CA Access Control checks if the user's record in the USER or XUSER class has a value for the property.

    If the user's record has a value for the property, CA Access Control uses that value.

  2. CA Access Control checks if the user is assigned to a profile group.

    If the user is assigned to a profile group, the process continues. If the user is not assigned to a profile group, CA Access Control assigns the default property value to the user.

  3. CA Access Control checks if the profile group has a value for that property.

    If the profile group has a value for the property, CA Access Control assigns that value to the user. If the profile group does not have a value for the property, CA Access Control assigns the default property value to the user.

    Note: If the audit property of a user or profile group is not set, the audit property of a group can affect the audit property of a user.

More information:

How CA Access Control Determines the Audit Mode for a User