Previous Topic: Managing Users and GroupsNext Topic: Where Information about Accessors Is Stored


Users and Groups

In CA ControlMinder, every action and access attempt is performed on behalf of a user, who is held responsible for submitting the request. Every process in the system is therefore associated with a certain user name. The user name identifies the user to CA ControlMinder.

A user is a person who can log on, or can be the owner of a batch or daemon program. In CA ControlMinder, every access attempt is performed by a user. CA ControlMinder can use user information from the CA ControlMinder database and from enterprise user stores. It stores user information in its database, in either a USER record or an XUSER record.

Note: An enterprise user store is a store in the operating system that stores users or groups, for example, /etc/passwd and /etc/groups on UNIX systems, or Active Directory on Windows.

A group is a collection of users. A group defines common access rules for users in the group. Groups can be nested (belong to other groups). CA ControlMinder can use group information from the CA ControlMinder database and from the enterprise user stores. Typically, you create groups and assign users to them, based on a role, for example, database_administrators.

The user records are the key accessor records. The main purpose for using groups in CA ControlMinder is to assign access authorities to all users in group at one time. Assigning access authorities at one time is easier and less error prone than assigning them separately to each user.