Each record in the USER_ATTR class defines the valid user attributes of a eTrust SSO user directory.
The following definitions describe the properties contained in this class record. Most properties are modifiable and can be manipulated using selang or the administration interfaces. Non-modifiable properties are marked informational.
The list of allowed values for a specific attribute.
(Informational). The name of the attribute.
Defines additional information that you want to include in the record. CA ControlMinder does not use this information for authorization.
Limit: 255 characters.
(Informational) Displays the date and time when the record was created.
The name of the field in the userdir database. Since different databases can contain different attributes, the attribute fields should be synchronized.
(Informational). The ID of the DB field
Defines the user or group that owns the record.
Indicates whether the user attribute is a string or numeric.
The priority of the user attribute: when setting an authorization rule to a PARAM_RULE object (such as APPL, URL) the rule is defined with the priority that the user attribute refers to.
Defines the types of access events that CA ControlMinder records in the audit log. RAUDIT derives its name from Resource AUDIT. Valid values are:
All access requests.
Granted access requests.
Denied access requests (default).
No access requests.
CA ControlMinder records events on each attempted access to a resource, and does not record whether the access rules were applied directly to the resource, or were applied to a group or class that had the resource as a member.
Use the audit parameter of the chres and chfile commands to modify the audit mode.
(Informational) Displays the date and time when the record was last modified.
(Informational) Displays the administrator who performed the update.
(Informational). The name of the user's directory.
Contains information about the attribute. The flag can contain the following values:
Specifies whether Warning mode is enabled. When Warning mode is enabled on a resource, all access requests to the resource are granted, and if an access request violates an access rule, a record is written to the audit log.
Copyright © 2013 CA Technologies.
All rights reserved.
|
|