Endpoint Administration Guide for UNIX › Scope of Administration Authority › Environmental Considerations

Environmental Considerations

One of the factors governing whether you can update information in your database is the position you occupy in the environment.

Remote Administration Restrictions

You may access a remote station over a network and update the database on the remote station. To update the database on the remote station, both you and your terminal need permission.

• You must be explicitly defined as a user in the database of the remote station. For whatever commands you want to execute, the appropriate attribute must be set in your user record in the database of the remote station.
• You must explicitly mention your local terminal's needs in a rule granting it WRITE permission for accessing the remote station; otherwise, you cannot perform CA ControlMinder administration there.

  With WRITE permission through a default access field (_default), or through the UACC class, you can enter the selang command shell at the remote station. However, you cannot execute any selang commands or otherwise access to the remote database. With READ permission, you can log in to the remote station but you cannot perform CA ControlMinder administration there.

  Here is an example of this distinction between WRITE and READ permission:

  1. To specify a new terminal with READ as default access, where administrators can log in from the terminal but cannot manipulate the database from it, issue the following command:

     newres TERMINAL tty13 defacc(read)
     

  2. To grant user ADMIN1 permission to manipulate the database from the new terminal (that is, grant WRITE permission as well as READ permission), issue the following command:

     authorize TERMINAL tty13 uid(ADMIN1) access(r,w)