Each record in the SECLABEL class associates a security level with security categories. A security label overrides the specific security level and security category assignments in the USER record if the SECLABEL class is active. Assigning a security label is equivalent to explicitly assigning the security level and security categories of the security label to the user.
When a USER record includes a security label, the user is granted access to a resource only if the following conditions are met:
Note: On Windows, each security label defined to CA ControlMinder must have a record in the SECLABEL class.
The key of the SECLABEL class record is the name of the security label. This name is used to identify the security label when assigning it to a user or resource.
The following definitions describe the properties contained in this class record. Most properties are modifiable and can be manipulated using selang or the administration interfaces. Non-modifiable properties are marked informational.
Defines one or more security categories assigned to a user or a resource.
Defines additional information that you want to include in the record. CA ControlMinder does not use this information for authorization.
Limit: 255 characters.
(Informational) Displays the date and time when the record was created.
Defines the user or group that owns the record.
Defines the security level of an accessor or resource.
Note: This property corresponds to the level[-] parameter of the ch[x]usr and chres commands.
(Informational) Displays the date and time when the record was last modified.
(Informational) Displays the administrator who performed the update.
Copyright © 2013 CA Technologies.
All rights reserved.
|
|