Previous Topic: selang Command AuthorizationNext Topic: Access Authority by Class


Access Control List Support

To give or deny access authority, you can use seven types of access control lists:

ACL

Standard access control list that contains the user names and group names authorized to access the resource and the level of access granted to each.

NACL

Negative access control list that contains the user names or group names that are not authorized to access the resource.

PACL

Program access control list that depends upon the accessing program. Each PACL contains the user names and group names, the level of access, and the name of the program or shell script the user must execute to access the particular resource.

INET-ACL

Internet access control list.

CACL

Conditional access control list.

CALACL

Calendar access control, a resource ACL that depends upon the Unicenter TNG calendar.

AZNACL

The authorization ACL; an ACL that allows access to a resource based on the resource description.

CA ControlMinder uses all relevant lists when it checks a user's authority to access a resource.

Note: You can maintain any single list with a single authorize command. To change more than one list you need to issue authorize again. You cannot define multiple access rights for multiple users and groups with one authorization rule. You must separate the rules.

The following table lists which access control lists you can use with each class. Classes that do not appear in the table have no access control lists and cannot be controlled by the authorize command.

Class

ACL/ NACL

CALACL

PACL

INET‑ACL

CACL

AZNACL

ADMIN

X

X

X

 

 

 

APPL

X

X

 

 

 

X

AUTHHOST

X

X

 

 

 

X

CONNECT

X

X

X

 

 

 

CONTAINER

X

X

X

 

 

 

DOMAIN

X

X

X

 

 

 

FILE

X

X

X

 

 

 

GAPPL

X

X

 

 

 

X

GAUTHHOST

X

X

 

 

 

X

GFILE

X

X

X

 

 

 

GHOST

 

 

 

X

 

 

GSUDO

X

X

 

 

 

 

GTERMINAL

X

X

 

 

 

 

HOLIDAY

X

X

 

 

 

 

HOST

 

 

 

X

 

 

HOSTNET

 

 

 

X

 

 

HOSTNP

 

 

 

X

 

 

LOGINAPPL

X

X

 

 

 

 

MFTERMINAL

X

X

X

 

 

 

PROCESS

X

X

X

 

 

 

PROGRAM

X

X

 

 

 

 

REGKEY

X

X

X

 

 

 

REGVAL

X

X

X

 

 

 

SUDO

X

X

X

 

 

 

SURROGATE

X

X

X

 

 

 

TCP

X

X

X

 

X

 

TERMINAL

X

X

X

 

 

 

UACC

X

X

 

 

 

 

USER_DIR

X

 

 

 

 

X