Previous Topic: USER ClassNext Topic: USER_DIR Class


USER_ATTR Class

Each record in the USER_ATTR class defines the valid user attributes of a eTrust SSO user directory.

The following definitions describe the properties contained in this class record. Most properties are modifiable and can be manipulated using selang or the administration interfaces. Non-modifiable properties are marked informational.

ATTR_PREDEFS

The list of allowed values for a specific attribute.

ATTRNAME

(Informational). The name of the attribute.

COMMENT

Defines additional information that you want to include in the record. CA ControlMinder does not use this information for authorization.

Limit: 255 characters.

CREATE_TIME

(Informational) Displays the date and time when the record was created.

DBFIELD

The name of the field in the userdir database. Since different databases can contain different attributes, the attribute fields should be synchronized.

FIELDID

(Informational). The ID of the DB field

OWNER

Defines the user or group that owns the record.

PARAMETER_TYPE

Indicates whether the user attribute is a string or numeric.

PRIORITY

The priority of the user attribute: when setting an authorization rule to a PARAM_RULE object (such as APPL, URL) the rule is defined with the priority that the user attribute refers to.

RAUDIT

Defines the types of access events that CA ControlMinder records in the audit log. RAUDIT derives its name from Resource AUDIT. Valid values are:

all

All access requests.

success

Granted access requests.

failure

Denied access requests (default).

none

No access requests.

CA ControlMinder records events on each attempted access to a resource, and does not record whether the access rules were applied directly to the resource, or were applied to a group or class that had the resource as a member.

Use the audit parameter of the chres and chfile commands to modify the audit mode.

UPDATE_TIME

(Informational) Displays the date and time when the record was last modified.

UPDATE_WHO

(Informational) Displays the administrator who performed the update.

USER_DIR_PROP

(Informational). The name of the user's directory.

USERATTR_FLAGS

Contains information about the attribute. The flag can contain the following values:

WARNING

Specifies whether Warning mode is enabled. When Warning mode is enabled on a resource, all access requests to the resource are granted, and if an access request violates an access rule, a record is written to the audit log.