Previous Topic: sechkey Utility—Change the Message Queue PasswordNext Topic: secompas Utility—Compare Passwords


seclassadm Utility—Administer CA ControlMinder Classes

The seclassadm utility manages CA ControlMinder classes. It adds new user-defined classes to the local database. Invoke it from the directory in which the database resides (or use the -p option), while CA ControlMinder is not running.

Note: Running seclassadm creates a file in the seosdb directory with the new class information. When you create a new database with dbmgr -c, user‑defined classes are created in the new database if the CreateNewClasses configuration setting is set to yes (the default).

This command has the following format:

seclassadm -add className [-a access] [{-|+}c] [-d access] \
[-f] [-g] [-o] [-p db_pathname] [-t]
seclassadm -del className
seclassadm -upd className {-|+}c [-p db_pathname]
‑add classname

Adds a new resource class to an existing database, where classname is the name of the new class.

CA ControlMinder reserves class names that are in uppercase characters. When adding a class, use at least one lowercase character. Class names can be up to 79 characters long.

After creating a new class, you must enable the class by using the selang setoptions command.

‑del classname

Deletes the specified resource class from the database.

-upd classname

Updates the specified resource class in the database.

‑a access

Specifies the access modes for the class. The string access represents the allowed accesses. Each access mode is represented by a single character code listed in any order. The string must not contain any blank or other non‑alphabetic characters. Valid access modes are:

Abbreviation

Description

C

control

D

delete

E

create

F

filescan

M

chmod

O

chown

R

read

S

security

T

utime

U

update

V

rename

W

write

X

execute

‑d access

Specifies the default access mode for the class. This is the access mode that CA ControlMinder assigns to a user when you execute the authorize command without specifying an access authority. This implicit access used by the authorize command is not the same as the default access assigned to a resource. The possible accesses modes are listed in the -a option.

‑f

Specifies that CA ControlMinder will accept a new class name, even if the name contains all upper case letters.

Note: By default, the seclassadm utility does not let you create a class name that is all uppercase. CA ControlMinder uppercase names are reserved for the predefined CA ControlMinder classes.

‑g

Specifies that the new class is a resource that groups members of an existing class. The relationship between the existing class and the new group class is the same as the relationship between any class and its group class in the database (for example, TERMINAL and GTERMINAL). A resource that groups members of an existing class must begin with the upper case letter G. That is, it has the same name as the existing class, but begins with the prefix G.

‑o

Creates a _default record for the new class and sets its default access.

‑p db_pathname

Specifies the full pathname of the local database.

By default, the utility works on the database in the current directory. Use this option to define a different directory where the database resides.

‑t

Specifies that this is a Unicenter TNG class.

Examples: Add a new class to the database

The following examples demonstrate how you can use the seclassadm utility to add a class to the database: