Row level security (RLS), prior to V12.5, ensures that reviewers (or any search user) cannot see events associated with users outside of their management groups when searching the CMS database for events. From V12.5 onwards it is also possible to apply RLS based on certain policies that the reviewer can see or it is possible to have a combination of both types of RLS (this is known as a hybrid model). RLS is primarily applied to events, users and groups for management group RLS with the underlying tables (Wgn3Event, Wgn3User and WgnGroup) inaccessible directly to search users. For policy based RLS this also applies to triggers (Wgn3Trigger). In order to access these underlying tables and to ensure that RLS is not bypassed, several views have been created, and you should use these views when writing reports.
Within the CA DataMinder infrastructure each user of the system has a username and an associated set of administrative privileges that give permissions to certain features of the software. These privileges are set to either on or off. When a user requires a connection to the database the infrastructure checks the CA DataMinder user privileges. One privilege is 'Admin: Disable Security Model Filtering' and this determines whether or not RLS is applied to a user. By default, it is disabled for all CA DataMinder users except administrators, but can be enabled if a particular user or group of users requires access to all events, thus bypassing RLS.
|
Copyright © 2014 CA.
All rights reserved.
|
|