The accumulative group rights option (ACCGRR) affects how CA ControlMinder checks a resource's ACL. If ACCGRR is enabled, CA ControlMinder checks the ACL for the authorities granted from all the groups to which the user belongs. If ACCGRR is disabled, CA ControlMinder checks the ACL to see if any of the applicable entries contain the value none. If so, access is denied. Otherwise CA ControlMinder ignores all group entries except the first applicable one in the access control list. By default the option is enabled.
To enable the ACCGRR option, you can use the following selang command:
setoptions accgrr
To disable the ACCGRR option, you can use the following selang command:
setoptions accgrr‑
|
Copyright © 2013 CA Technologies.
All rights reserved.
|
|