Previous Topic: 421—HOSTNP entry for User '*' in TCP service CACLNext Topic: 300—Undefined CA ControlMinder user


Authorization Stage Codes for Security Database Administration Events

Authorization stage codes for security database administration events describe at which stage CA ControlMinder decided what action to take for the security database administration event.

The following codes apply to this event type:

300—Undefined CA ControlMinder user

301—An attempt to delete last ADMIN user

302—An attempt to delete user root

303—User trying to change their own password

304—Nonauditor user trying to set audit mode

305—Command allowed for ADMIN user

306—Showuser (myself) , Showxusr allowed

307—User trying to set categories they do not have

308—User trying to set a security-label they do not have

309—User trying to set security-level greater than the user's own

310—NonADMIN user trying to set user-mode

311—Command allowed for object owner

312—Native file owner can define it to CA ControlMinder

313—Command allowed for a GROUP-ADMIN user

314—GROUP-ADMIN user can join/join- to group

315—GROUP-AUDITOR/ADMIN can list the group

316—An auditor can list any object

317—An OPERATOR can list any object

318—A GROUP-AUDITOR can list objects in group scope

319—A GROUP-OPERATOR can list objects in group scope

320—Command allowed for CLASS-ADMIN user

321—Command allowed for PWMANAGER/ADMIN with access

322—There is no rule allowing this operation

324—User changing their own password using sepass

326—User created 'Login Information' for themselves

327—Command allowed for GROUP-PWMANAGER

329—A PWMANAGER enabled a user

330—Command allowed for DOMAIN change

331—Command allowed for PWMANAGER

332—Changing native flags allowed for PWMANAGER

333—Changing 'must change password next logon' attribute is allowed for PWMANAGER

334—Command allowed for GROUP-PWMANAGER

335—Editing 'Login Information' is allowed for PWMANAGER

336—Command allowed for auditor user

337—Failed to reconcile command with database information

338—Creating a command from an implicit request

339—SEOS_syscall module unload readiness check

340—Command allowed for ADMIN group

341—Command allowed for AUDITOR group

342—Command allowed for OPERATOR group

343—Command allowed for PWMANAGER group

344—Command allowed for SERVER group

More information:

Security Database Administration Event