Previous Topic: Disable Security Level CheckingNext Topic: Enabling Security Category Checking


Security Categories

When security category checking is enabled, CA ControlMinder performs security category checking in addition to its other authorization checking. When a user requests access to a resource that has one or more security categories assigned to it, CA ControlMinder compares the list of security categories in the resource record with the category list in the user record. If every category assigned to the resource appears in the user's category list, CA ControlMinder continues with other authorization checking; otherwise, the user is denied access to the resource.

If the SECLABEL class is active, CA ControlMinder uses the list of security categories associated with the security labels of the resource and user; the lists of categories in the user and resource records are ignored.

To protect a resource by security category checking, assign one or more security categories to the resource's record. The category parameter of the newres or chres command assigns security categories to a resource.

To allow a user access to resources protected by security category checking, assign one or more security categories to the user's record. The category parameter of the newusr or chusr command assigns security categories to a user.