|
|
|
Part of the role of the security administrator is to tell the system users what they need to know to work without disruption when CA Access Control is installed.
The amount of detailed information each user needs to know about CA Access Control depends on the functions you authorize the person to use. Examples of information required by various types of system users include the following:
How to check out and check in privileged account passwords and understand when to request access to privileged accounts and when to break glass.
Be familiar with migration considerations and with the steps required to install or reinstall CA Access Control. Users who maintain the database must be familiar with the database utilities.
Users with the AUDITOR attribute should be familiar with the auditing tools (CA Access Control Endpoint Management and the seaudit utility).
Note: For more information about the seaudit utility, see the Reference Guide.
Programmers can use the CA Access Control* function library in their applications to request security‑related services, including controlling access to protected resources (by using the SEOSROUTE_RequestAuth function). Your installation can create installation‑defined resource classes. If your installation creates records in those classes, an application can issue a SEOSROUTE_RequestAuth command to check whether a user has sufficient authority to complete an action. The level of authority required for a particular user action is determined by the way the application invokes the SEOSROUTE_RequestAuth function.
Note: For more information about the CA Access Control API, see the SDK Guide.
Programmers writing authorized applications (programs that run with the SERVER attribute) can use the CA Access Control* function library to request security‑related services, including:
| Copyright © 2012 CA. All rights reserved. |
|