Other types of predefined groups in CA ControlMinder define the type of access that is allowed or prohibited to a particular resource. These groups include the following:
(Windows only) The _network group defines access from the network to a particular resource. All users are treated as if they are members of the group; no user has to be explicitly added to the group.
For example, you can specify that a particular resource can only be read from the network. Using selang, you define the new resource as follows:
newres FILE c:\temp\readonly defaccess(none)
Then specify the access allowed through the network:
authorize FILE c:\temp\readonly gid(_network) access(read)
You can also do this using CA ControlMinder Endpoint Management.
Now when accessing c:\temp\readonly from the network, users can read the file only from the network.
The _interactive group defines the access permitted to a particular resource from the computer on which the resource resides. For example, You can authorize READ access to a file from the computer on which it is defined, although no access is permitted to the resource from the network.
The following points are important:
Copyright © 2013 CA Technologies.
All rights reserved.
|
|