Previous Topic: Managing Policy ModelsNext Topic: PMDB Location on Disk


The Policy Model Database

Managing tens or hundreds of databases individually is not practical. CA ControlMinder supplies the Policy Model service, a component that lets you manage many databases from one central database. Using the Policy Model (PMD) service is optional, but it greatly simplifies administration at large sites.

Note: In Windows Task Manager, the Policy Model service appears as sepmdd.exe.

The Policy Model service, uses a Policy Model database (PMDB). Like other CA ControlMinder databases, the PMDB contains users, groups, protected resources, and rules governing access to the resources. In addition, the PMDB contains a list of subscriber databases. Each subscriber is a CA ControlMinder database that resides on a separate computer, or another PMDB that resides on the same or another computer. A PMDB that updates a subscriber is the subscriber's parent.

The PMDB is a useful tool for managing many databases that have similar authority restrictions and access rules.

Policy Model names are case-sensitive on Windows for compatibility with UNIX. When specifying PMDB names in commands, make sure you use the correct case. The first character for a PMDB name should consist of the alphanumeric characters '-' and '_'.

Note: You cannot use non-English characters in PMDB and host names.

Although PMDB names are case-sensitive, you cannot have two PMDBs on the same computer with only the letter case being different. CA ControlMinder uses the PMDB name as part of the file path but Windows is case-insensitive and so does not permit this. For example, myPMDB and MYpmdb are two different Policy Model databases but cannot live on the same system.

Note: For information about administrating a PMDB (sepmd utility), see the Reference Guide. For information about managing PMDBs remotely using selang, see the selang Reference Guide.