The predefined classes can be categorized into the following types:
Class Type |
Purpose |
---|---|
Accessor |
Defines objects that access resources, such as users and groups |
Definition |
Defines objects that define security entities, such as security labels and categories |
Installation |
Defines objects that control the behavior of CA ControlMinder |
Resource |
Defines objects that are protected by access rules |
The following table contains a list of all predefined classes.
Class |
Class Type |
Description |
---|---|---|
ADMIN |
Definition |
Lets you delegate administrative responsibilities to users who do not have the ADMIN attribute. You give these users global authorization attributes and limit their administration authority scope. |
AGENT |
Resource |
Not applicable to CA ControlMinder |
AGENT_TYPE |
Resource |
Not applicable to CA ControlMinder |
APPL |
Resource |
Not applicable to CA ControlMinder |
AUTHHOST |
Accessor |
Not applicable to CA ControlMinder |
CALENDAR |
Resource |
Lets you define a Unicenter TNG calendar object for user, group, and resource enforced time restrictions. |
CATEGORY |
Definition |
Lets you define a security category. |
CONNECT |
Resource |
Lets you protect outgoing connections. The records in this class define which users can access which Internet hosts. Before you activate the CONNECT class, be sure that the streams module is active. |
CONTAINER |
Resource |
Lets you define a group of objects from other resource classes, thus simplifying the job of defining access rules when a rule applies to several different classes of objects. |
FILE |
Resource |
Lets you protect a file, a directory, or a file name mask. |
GAPPL |
Resource |
Not applicable to CA ControlMinder |
GAUTHHOST |
Definition |
Not applicable to CA ControlMinder |
GFILE |
Resource |
Each record in this class defines a group of files or directories. Grouping is accomplished by explicitly connecting files or directories (resources of the FILE class) to the GFILE resource in the same way users are connected to groups. |
GHOST |
Resource |
Each record in this class defines a group of hosts. Grouping is accomplished by explicitly connecting hosts (resources of the HOST class) to the GHOST resource in the same way users are connected to groups. |
GROUP |
Accessor |
Each record in this class defines an internal group. |
GSUDO |
Resource |
Each record in this class defines a group of commands that one user can execute as if another user were executing it. The sesudo command uses this class. |
GTERMINAL |
Resource |
Each record in this class defines a group of terminals. |
HNODE |
Definition |
The HNODE class contains information about the organization's CA ControlMinder hosts. Each record in the class represents a node in the enterprise. |
HOLIDAY |
Definition |
Each record in this class defines one or more periods when users need extra permission to log in. |
HOST |
Resource |
Each record in this class defines a host. The host is identified by either its name or its IP address. The object contains access rules that determine whether the local host can receive services from this host. Before you activate the HOST class, be sure that the streams module is active. |
HOSTNET |
Resource |
Each record in this class is identified by an IP address mask and contains access rules. |
HOSTNP |
Resource |
Each record in this class defines a group of hosts, where the hosts belonging to the group all have the same name pattern. Each HOSTNP object's name contains a wildcard. |
LOGINAPPL |
Definition |
Each record in the LOGINAPPL class defines a login application, identifies who can use the program to log in, and controls the way the login program is used. |
MFTERMINAL |
Definition |
Each record in the MFTERMINAL class defines a Mainframe CA ControlMinder administration computer. |
POLICY |
Resource |
Each record in the POLICY class defines the information required to deploy and remove a policy. It includes a link to the RULESET objects that contain a list of the selang commands for deploying and removing the policy. |
PROCESS |
Resource |
Each record in this class defines an executable file. |
PROGRAM |
Resource |
Each record in this class defines a trusted program that can be used with conditional access rules. Trusted programs are setuid/setgid programs that are monitored by the Watchdog to ensure they are not tampered with. |
PWPOLICY |
Definition |
Each record in the PWPOLICY class defines a password policy. |
RESOURCE_DESC |
Definition |
Not applicable to CA ControlMinder |
RESPONSE_TAB |
Definition |
Not applicable to CA ControlMinder |
RULESET |
Resource |
Each record in the RULESET class represents a set of rules which define a policy. |
SECFILE |
Definition |
Each record in this class defines a file that must not be altered. |
SECLABEL |
Definition |
Each record in this class defines a security label. |
SEOS |
Installation |
The one record in this class specifies your active classes and password rules. |
SPECIALPGM |
Installation |
Each record in the SPECIALPGM class registers backup, DCM, PBF and PBN functions in Windows or xdm, backup, mail, DCM, PBF, and PBN programs in UNIX or associates an application that needs special authorization protection with a logical user ID. This allows you to set access permissions according to what is being done rather than who is doing it. |
SUDO |
Resource |
This class, used by the sesudo command, defines commands that one user (such as a regular user) can execute as if another user (such as root) were executing them. |
SURROGATE |
Resource |
Each record in this class contains access rules for an accessor that define who can use that accessor as a surrogate. |
TCP |
Resource |
Each record in this class defines a TCP/IP service, for example, mail or http or ftp. |
TERMINAL |
Resource |
Each record in this class defines a terminal-a device from which a user can log in. |
UACC |
Resource |
Defines default access rules for each resource class. |
USER |
Accessor |
Each record in this class defines an internal user. |
USER_ATTR |
Definition |
Not applicable to CA ControlMinder |
USER_DIR |
Resource |
Not applicable to CA ControlMinder |
XGROUP |
Resource |
Each record in this class defines an enterprise group to CA ControlMinder. |
XUSER |
Resource |
Each record in this class defines an enterprise user to CA ControlMinder. |
Note: CA ControlMinder database classes TCP and SURROGATE are not active by default.
If you upgrade from an earlier release where the TCP class is active but you do not have any TCP records and have not changed the _default TCP resource, CA ControlMinder deactivates the class during upgrade. The same is true for the SURROGATE class.
If you upgrade from an earlier release where the SURROGATE class is active and you have defined SURROGATE records or have changed the value of any SURROGATE record from its default, CA ControlMinder retains the SURROGATE class configuration after the upgrade. The class remains active and kernel mode interception remains enabled.
Note: For more information about CA ControlMinder classes, see the selang Reference Guide.
Copyright © 2013 CA Technologies.
All rights reserved.
|
|