To give or deny access authority, you can use seven types of access control lists:
Standard access control list that contains the user names and group names authorized to access the resource and the level of access granted to each.
Negative access control list that contains the user names or group names that are not authorized to access the resource.
Program access control list that depends upon the accessing program. Each PACL contains the user names and group names, the level of access, and the name of the program or shell script the user must execute to access the particular resource.
Internet access control list.
Conditional access control list.
Calendar access control, a resource ACL that depends upon the Unicenter TNG calendar.
The authorization ACL; an ACL that allows access to a resource based on the resource description.
CA ControlMinder uses all relevant lists when it checks a user's authority to access a resource.
Note: You can maintain any single list with a single authorize command. To change more than one list you need to issue authorize again. You cannot define multiple access rights for multiple users and groups with one authorization rule. You must separate the rules.
The following table lists which access control lists you can use with each class. Classes that do not appear in the table have no access control lists and cannot be controlled by the authorize command.
Class |
ACL/ NACL |
CALACL |
PACL |
INET‑ACL |
CACL |
AZNACL |
---|---|---|---|---|---|---|
ADMIN |
X |
X |
X |
|
|
|
APPL |
X |
X |
|
|
|
X |
AUTHHOST |
X |
X |
|
|
|
X |
CONNECT |
X |
X |
X |
|
|
|
CONTAINER |
X |
X |
X |
|
|
|
DOMAIN |
X |
X |
X |
|
|
|
FILE |
X |
X |
X |
|
|
|
GAPPL |
X |
X |
|
|
|
X |
GAUTHHOST |
X |
X |
|
|
|
X |
GFILE |
X |
X |
X |
|
|
|
GHOST |
|
|
|
X |
|
|
GSUDO |
X |
X |
|
|
|
|
GTERMINAL |
X |
X |
|
|
|
|
HOLIDAY |
X |
X |
|
|
|
|
HOST |
|
|
|
X |
|
|
HOSTNET |
|
|
|
X |
|
|
HOSTNP |
|
|
|
X |
|
|
LOGINAPPL |
X |
X |
|
|
|
|
MFTERMINAL |
X |
X |
X |
|
|
|
PROCESS |
X |
X |
X |
|
|
|
PROGRAM |
X |
X |
|
|
|
|
REGKEY |
X |
X |
X |
|
|
|
REGVAL |
X |
X |
X |
|
|
|
SUDO |
X |
X |
X |
|
|
|
SURROGATE |
X |
X |
X |
|
|
|
TCP |
X |
X |
X |
|
X |
|
TERMINAL |
X |
X |
X |
|
|
|
UACC |
X |
X |
|
|
|
|
USER_DIR |
X |
|
|
|
|
X |
Copyright © 2013 CA Technologies.
All rights reserved.
|
|