|
|
|
When security level checking is enabled, CA Access Control performs security level checking in addition to its other authorization checking. A security level is a positive integer between 1 and 255 that can be assigned to users and resources. When a user requests access to a resource that has a security level assigned to it, CA Access Control compares the security level of the resource with the security level of the user. If the user's security level is equal to or greater than the security level of the resource, CA Access Control continues with other authorization checking; otherwise, the user is denied access to the resource.
If the SECLABEL class is active, CA Access Control uses the security level associated with the security labels of the resource and user; the security level that is explicitly set in the resource and user records is ignored.
To protect a resource with security level checking, assign a security level to the resource's record. The level parameter of the newres or chres command assigns a security level to a resource.
To allow a user access to resources protected by security level checking, assign a security level to the user's record. The level parameter of the newusr or chusr command assigns a security level to a user.
| Copyright © 2012 CA. All rights reserved. |
|