|
|
|
CA ControlMinder comes with predefined groups. Except for the _interactive and _network groups, you add users to these groups in the same way as you do for any other group.
If a user is in the _abspath group when logging in, that user must use absolute path names to invoke programs.
A user is a member of the _interactive group only for the purposes of an access attempt. Users are members of the _interactive group if they are logged into the same host as the resource they are trying to access. CA ControlMinder dynamically and automatically manages the membership of the _interactive group—you cannot change the membership.
This is the complementary group to _interactive. A user is a member of the _network group for the purposes of access only. Users are members of the _network group if they are trying to access a resource from a different host than the resource belongs to. CA ControlMinder dynamically and automatically manages the membership of the _network group—you cannot change the membership.
For users in the _restricted group, all files, and on Windows registry keys too, are protected by CA ControlMinder. If a file or a Windows registry key does not have an access rule explicitly defined, access permissions are covered by the _default record for that class (FILE or REGKEY).
Note: Users in the _restricted group may not have sufficient authorization to do their work. If you plan to add users to the _restricted group, consider using Warning mode initially.
When a user uses a member of the _surrogate group as a surrogate, CA ControlMinder writes a full trace in the audit trail of the surrogate's actions, tagged with the original user's name.
Example: Adding a User to the _restricted Group Using selang
The following selang command adds the enterprise user john_smith to the _restricted group:
joinx john_smith group(_restricted)
| Copyright © 2013 CA. All rights reserved. |
|