|
|
|
Recycled accounts are enterprise store users or groups that have been deleted and then recreated (using the same name). This is likely to happen when you remove a user from the user store (for example, when the user resigns) and then create a new account for a new user that has the same name as the old removed user.
Recycled accounts are a security concern because you do not necessarily want new accessors to have the same access permissions as those that were granted to the old account with the same name. To solve this problem, CA Access Control authorization is based on the SID. This means that when you create a new accessor, with the same name as a deleted accessor with existing access permissions, the new accessor does not automatically receive the old permissions of the old accessor.
Important! Recycled account accessors do not inherit the old access permissions. However, database access rules, which mention the accessor's name (not SID), may make it seem like these rules still apply. Use the secons -checkSID command to resolve this.
| Copyright © 2012 CA. All rights reserved. |
|