Recycled accounts are enterprise store users or groups that have been deleted and recreated. For example, a user resigns and you remove him from the user store, and later you create another account with the same name.
Recycled accounts are a security concern because you do not want new accessors to have the same access permissions as the old account with the same name. To solve this problem, CA ControlMinder authorization is based on the SID. When you create an accessor, it does not automatically receive the permissions of a deleted accessor with the same name.
Important! Recycled account accessors do not inherit the old access permissions. However, database access rules, which mention the accessor's name (not SID), make it seem like these rules still apply. Use the secons -checkSID command to resolve this issue.
|
Copyright © 2013 CA Technologies.
All rights reserved.
|
|