Implementation Guide › Preparing Your Endpoint Implementation › Implementation Tips › Resources › Using defaccess and _default
Using defaccess and _default
When access to a resource is requested, the database is searched in the following order to determine how the request should be treated, and CA ControlMinder uses the first access rule that is found. Notice the distinction between default access (defaccess) and _default.
- If the resource has a record in the database, and the record has a rule governing the accessor, then CA ControlMinder uses that rule.
- If the record exists but does not have a rule governing the accessor, that record's default access rule—its defaccess value—is applied to the accessor.
- If the record does not exist, but in the resource class the _default record has a rule governing the accessor, then CA ControlMinder uses that rule.
- If the record does not exist, and in the resource class the _default record does not have a rule governing the accessor, then the _default record's default access rule-its defaccess value-is applied to the accessor. For files and registry keys, this applies only to _restricted users.
Note: For more information about resource classes and access rules see the selang Reference Guide.
Copyright © 2013 CA Technologies.
All rights reserved.
|
|