Valid access values depend on the class the resource belongs to. The following table lists valid access values by class in the AC environment.
Class |
Valid Access Values |
Lets Accessors... |
---|---|---|
All classes |
all |
Perform all valid operations for the class. |
|
none |
Perform no valid operations for the class. |
ADMIN |
create |
Create records in this class. |
|
delete |
Delete records in this class. |
|
join |
Add a group to a USER record and to complete the linking of a user to a group. Note: The accessor must also have modify access. |
|
modify |
Modify existing records. Note: To link a user to a group (add user names to GROUP records) the accessor must also have join access. |
|
password |
Change the passwords of other users. Note: This access type affects only the USER class. |
|
read |
List records in this classes |
AUTHHOST |
read |
Login from an authenticated host. |
CONNECT |
read |
Connect to the remote host. |
CONTAINER |
inherited |
Note: Valid access values for this class are the valid values for the class of the contained objects. |
DOMAIN |
chmod |
Create and delete trust relationships between one domain and another. Note: Both domains must have this access type. |
|
execute |
Add or delete members from the domain. |
|
read |
List domain members. |
FILE, GFILE |
chdir |
Access the directory with the equivalent of read and execute permissions. |
|
chmod |
Change file system modes. Note: Only applicable on UNIX hosts. |
|
chown |
Change the owner of the record. |
|
control |
Perform all valid operations except delete and rename. |
|
create |
Create records in this class. |
|
delete |
Delete records in this class. |
|
execute |
Execute a program. Note: The accessor must also have read access. |
|
read |
Use a file or directory without changing it. Note: On UNIX, if you want read privileges to control whether users can perform operations that obtain information about the file (such as ls -l), set the STAT_intercept configuration setting to 1. For more information, see the Reference Guide. |
|
rename |
Rename to a record in this class. |
|
sec |
Change the ACL of records in this class. |
|
update |
Perform the combined operations of read, write, and execute. |
|
utime |
Change the modification time of a file. Note: Only applicable on UNIX hosts. |
|
write |
Change the file or directory. |
HNODE |
read |
List records in the class. |
|
write |
Edit the details of the record. |
HOLIDAY |
read |
Log in during the specified holiday. |
KMODULE |
load |
Load a kernel module. |
|
unload |
Unload a kernel module. |
MFTERMINAL |
read |
Log in from the Mainframe terminal. |
|
write |
Administer from the Mainframe terminal. |
POLICY |
delete |
Delete the policy. |
|
execute |
Deploy the policy. |
|
read |
View policy details. |
|
write |
Edit the details of the record. |
|
undeploy |
Perform the combined operations of delete and execute. |
PROCESS |
read |
Kill the process. |
PROGRAM, SUDO, GSUDO |
execute |
Execute a program. |
REGKEY |
delete |
Delete a Windows registry key. |
|
read |
List the contents of the Windows registry key. |
|
write |
Change the Windows registry key. |
REGVAL |
delete |
Delete a Windows registry value. |
|
read |
Read a Windows registry value. |
|
write |
Change a Windows registry value. |
RULESET |
read |
View the details of the record. |
|
write |
Edit the details of the record. |
SURROGATE |
execute |
Surrogate to the user. |
TCP |
read |
Access TCP services from remote hosts or host groups. |
TERMINAL, GTERMINAL |
read |
Log in to the terminal. |
|
write |
Administer the terminal. |
UACC |
inherited |
Note: Valid access values for this class are the valid values for the class it is defining. |
WINSERVICE |
read |
View the properties of the Windows service. |
|
start |
Start the Windows service. |
|
modify |
Change the properties of the Windows service. |
|
resume |
Resume a paused Windows service. |
|
stop |
Stop a Windows service. |
|
pause |
Pause a Windows service. |
Note: The values none and all are applicable to all classes. The value all represents the entire group of access values, other than none, for a particular class. For more information about access authority, see the Endpoint Administration Guide for your OS.
Copyright © 2013 CA Technologies.
All rights reserved.
|
|