Implementation Guide › Preparing Your Endpoint Implementation › Implementation Tips › Resources › Resource Classes and Access Rules
Resource Classes and Access Rules
When installed, CA ControlMinder immediately begins intercepting system events and checking for users' authority to access resources. Until you tell CA ControlMinder how to restrict access to your system's resources and which resources to restrict, the result of all authorization checks is to permit access.
The properties of a protected resource are stored in a resource record, and resource records are grouped into classes. The most important information contained in a resource record is its access rules. An access rule governs the permission of one or more accessors to work with one or more resources. Several ways to define access rules are:
- An access control list (a specific list of the accessors authorized to access the resource and the exact access they can have), also called an ACL
- A negative access control list (a specific list of the accessors for which access should be denied), also called NACL
- A default access for the resource, which specifies access rules for accessors not specifically listed in an ACL
- A universal access (the _default record for a class), which specifies access for resources that do not yet have specific resource records in that class
- A program ACL, which defines access for a specific accessor through a specific program
- A conditional ACL, which makes access dependent on some condition. For example, in a TCP record, you can define access to a specific remote host through a specific accessor
- An Inet ACL, which defines access for inbound network activity through specific ports
Copyright © 2013 CA Technologies.
All rights reserved.
|
|