You can explicitly grant or deny access authorities to a user, and also to groups to which the user belongs. Sometimes these can conflict. The following example shows what results if conflicting access authorities are assigned to the same resource when a user is a member of two groups (Group 1 and Group 2).
It assumes that the accumulative group rights option is set (the default setting).
Access Authority for User |
Access Authority for Group 1 |
Access Authority for Group 2 |
Resulting Access Authority |
---|---|---|---|
Access denied |
(Any) |
(Any) |
Access denied |
Access granted |
(Any) |
(Any) |
Access granted |
(Not defined) |
Access granted |
(Not defined) |
Access granted |
(Not defined) |
(Not defined) |
Access granted |
Access granted |
(Not defined) |
Access granted |
Access granted |
Access granted |
(Not defined) |
Access denied |
(Any) |
Access denied |
(Not defined) |
(Any) |
Access denied |
Access denied |
Where an entry is shown as (Not defined), this means that no entry for the user or group is defined.
Where an entry is shown as (Any), this means that the access authority does not matter, because CA ControlMinder does not check it.
Copyright © 2013 CA Technologies.
All rights reserved.
|
|