|
|
|
CA Access Control starts immediately after the operating system finishes its initialization. CA Access Control places hooks in system services that must be protected. In this way, control is passed to CA Access Control before the service is performed. CA Access Control decides whether the service should be granted to the user.
For example, a user may attempt to access a resource protected by CA Access Control. This access request generates a system call to the kernel to open the resource. CA Access Control intercepts that system call and decides whether to grant access. If permission is granted, CA Access Control passes control to the regular system service; if CA Access Control denies permission, it returns the standard permission‑denied error code to the program that activated the system call, and the system call ends.
The decision is based on access rules and policies that are defined in the database. The database describes two types of objects: accessors and resources. Accessors are users and groups. Resources are objects to be protected, such as files and services. Each record in the database describes an accessor or a resource.
Each object belongs to a class-a collection of objects of the same type. For example, TERMINAL is a class containing objects that are terminals (workstations) protected by CA Access Control.
| Copyright © 2012 CA. All rights reserved. |
|