Endpoint Administration Guide for UNIX › General Security Features › B1 Security Level Certification › Security Levels

Security Levels

When security level checking is enabled, CA ControlMinder performs security level checking in addition to its other authorization checking. A security level is a positive integer between 1 and 255 that can be assigned to users and resources. When a user requests access to a resource that has a security level assigned to it, CA ControlMinder compares the security level of the resource with the security level of the user. If the user's security level is equal to or greater than the security level of the resource, CA ControlMinder continues with other authorization checking; otherwise, the user is denied access to the resource.

If the SECLABEL class is active, CA ControlMinder uses the security level associated with the security labels of the resource and user; the security level that is explicitly set in the resource and user records is ignored.

• To protect a resource with security level checking, assign a security level to the resource's record. The level parameter of the newres or chres command assigns a security level to a resource.
• To allow a user access to resources protected by security level checking, assign a security level to the user's record. The level parameter of the newusr or chusr command assigns a security level to a user.