|
|
|
In CA Access Control, every action and access attempt is performed on behalf of a user, who is held responsible for submitting the request. Every process in the system is therefore associated with a certain user name. The user name identifies the user to CA Access Control.
A user is a person who can log on, or can be the owner of a batch or daemon program. In CA Access Control, every access attempt is performed by a user. CA Access Control can use user information from the CA Access Control database and from enterprise user stores. It stores user information in its database, in either a USER record or an XUSER record.
Note: An enterprise user store is a store in the operating system that stores users or groups, for example, /etc/passwd and /etc/groups on UNIX systems, or Active Directory on Windows.
A group is a collection of users. A group defines common access rules for users in the group. Groups can be nested (belong to other groups). CA Access Control can use group information from the CA Access Control database and from the enterprise user stores. Typically, you create groups and assign users to them, based on a role, for example, database_administrators.
The user records are the key accessor records. The main purpose for using groups in CA Access Control is to assign access authorities to all users in group at one time. Assigning access authorities at one time is easier and less error prone than assigning them separately to each user.
| Copyright © 2012 CA. All rights reserved. |
|