CA ControlMinder can restrict TERMINAL access, SURROGATE requests, and user‑defined resources:
You can specify day‑of‑week and time‑of‑day restrictions for resource access. You can protect against substitution requests to highly authorized users outside work hours. You can implement restrictions for any protected resource, including user‑defined abstract classes that are used for implementing in‑house applications.
Example: day and time restrictions
The following rule completely disables the terminal ws3 on weekends and outside the 08:00‑19:00 time period every day:
chres TERMINAL ws3 restrictions(days(weekdays) time(0800:1900))
No login request from that station is accepted outside these periods.
Example: restrict substitution requests
User AcctMgr is the Accounting Manager, who is allowed to perform financial transactions. You restrict AcctMgr login to work hours and weekdays only. Intruders or unauthorized personnel may try to access the account of AcctMgr by invoking the command su AcctMgr. The following command makes it impossible to substitute the user name to AcctMgr outside the specified period:
chres SURROGATE USER.AcctMgr restrictions(days(weekdays) time(0800:1900))
Copyright © 2013 CA Technologies.
All rights reserved.
|
|