Security System Overview › Security Implementation › Entity Type Monitoring › Security Classifications
Security Classifications
The security administrator's next consideration is whether to establish security by USER, security by CCID, global security, or no security at all.
- No security is the easiest to implement. Simply change the name of the default user Security Class (in the Dictionary Descriptor) to the global privileges Security Class.
- Global security is only slightly more difficult. Change the name of the default user Security Class to the global security class, and then disable (in that Security Class) those features, which no user is to be able to perform.
To establish security by USER or CCID, you must divide your user population into classes, based upon which actions users in a given class are to be allowed to perform. You then set up a Security Class Descriptor for each class. Choose one of these as the default class, and specify it as the default user Security Class in the Dictionary Descriptor. In order to guarantee that a user signs on under the proper USER or CCID, set the NO-PASS flag in the Dictionary Descriptor to N (thus forcing all users to specify a password when they sign on).
- To establish security by USER, modify each USER Descriptor to specify the name of the appropriate Security Class. CCIDs may be left optional but, if defined, would have the same Security Class as the Dictionary.
- To establish security by CCID, modify each USER Descriptor to specify the same Security Class as the Dictionary, set the appropriate Security Class in each CCID Descriptor, mark every CCID (that has special privileges) as PRIVATE, and establish the preauthorizations that determine which users are allowed to operate under each CCID.
Copyright © 2013 CA.
All rights reserved.
|
|