Previous Topic: FILE ClassNext Topic: OU Class


GROUP Class

The GROUP class contains all group records defined to the Windows operating system. A record in the GROUP class represents every group of users.

The following definitions describe the properties contained in this class record. Most properties are modifiable and can be manipulated using selang or the administration interfaces. Non-modifiable properties are marked as informational and cannot be modified.

COMMENT

Additional information you want to include in the record. CA ControlMinder does not use this information for authorization.

Use the comment[-] parameter with the chgrp, editgrp, and newgrp commands to modify this property.

Limit: 255 characters.

FULL_NAME

The full name associated with a user. CA ControlMinder uses the full name to identify the user in audit log messages, but not for authorization.

Use the name parameter with the chusr, editusr, or newusr command to modify this property.

GID

(Informational). A value that contains the relative identifier of the group. The relative identifier is determined by the accounts database when the group is created. It uniquely identifies the group to the account manager within the domain.

GLOBAL

Indicates a global group. This property is only applicable to Windows groups. It replaces the ISGLOBAL property of earlier CA ControlMinder versions.

Use the global parameter with the newgrp (only) command to add this property.

USERLIST

The list of users and global groups (for local groups only ) that belong to the group. The list contained in this property may be different from the one in the CA ControlMinder database.

Use the username(groupname) parameter with the join[-] command to modify this property.

PRIVILEGES

The Windows rights assigned to the group.

Use the privileges parameter with the chgrp, editgrp, or newgrp command to modify this property.

More information:

chgrp Command—Modify Windows Groups

Windows Privileges