The CA Endevor/DB Security System allows an administrator to restrict the users that are allowed to sign on or make changes under a CCID. This is necessary to insure security integrity in the following situations:
To control which users are allowed to SIGNON to a given CCID or to make changes under that CCID, you must mark the CCID as PRIVATE and then establish preauthorizations between each entitled user and the following entity:
ENTITY NAME = ccid VERSION = 1 TYPE = CCID
Both of these actions can be performed with either the Online front end or the Batch front end. For example, the Batch commands would be:
MOD CCID EDB-SYSADMIN TYPE PRIVATE. ADD PREAUTHORIZATION ENTITY NAME EDB-SYSADMIN TYPE CCID VERSION 1 TO USER EDBADMIN.
To accomplish this with the Online front end:
CA-E/DB nn.n volser PRE-AUTHORIZATION FUNCTIONS mm/dd/yy NDVRU200 USER ===> EDBADMIN DICTNAME ===> SRCNDVR MODE ===> UPDATE OPTION ===> 2 1 - BROWSE PRE-AUTHORIZATIONS 2 - ADD PRE-AUTHORIZATIONS 3 - DELETE PRE-AUTHORIZATIONS 4 - MODIFY PRE-AUTHORIZATIONS ENTITY: (IF OPTIONS 1 - 4 ) NAME ===> EDB-SYSADMIN TYPE ===> CCID VERSION ===> 1 USER ===> EDBADMIN (IF OPTIONS 1 - 4 ) CCID ===> (IF OPTIONS 1 - 4 )
Press ENTER.
Since Full Preauthorization qualification information has been specified, the system bypasses the list screen and responds directly with a Pre-authorization Detail screen.
CA-E/DB nn.n volser PRE-AUTHORIZATION DETAIL mm/dd/yy NDVRM210 USER ===> EDBADMIN DICTNAME ===> SRCNDVR MODE ===> UPDATE ACTION ===> AUTHORIZE *********************** PRE-AUTHORIZATION INFORMATION *********************** DERIVE CCID ===> N SIGNED OUT ===> N PRE-AUTHORIZED ===> N EST. WORK COMPLETION ===> ACT. WORK COMPLETION ===> COMMENT ===> **************************** ENTITY INFORMATION **************************** NAME ===> EDB-SYSADMIN VERSION ===> 1 TYPE ===> CCID COMMENT ===> **************************** USER INFORMATION **************************** NAME ===> EDBADMIN LOCKED ===> N SECURITY CLS ===> NDVR-GLOBAL CURRENT CCID ===> COMMENT ===> **************************** CCID INFORMATION **************************** NAME ===> SECURITY CLASS ===> LOCKED ===> COMMENT ===>
Follow this same procedure for each user to whom you want to grant preauthorization for that CCID. The end result is a group of users that is now preauthorized to a specific CCID.
CA-E/DB nn.n volser MAIN FUNCTION MENU mm/dd/yy NDVRU000 USER ===> EDBADMIN DICTNAME ===> SRCNDVR MODE ===> UPDATE OPTION ===> 5 1 - SIGNIN/SIGNOUT FUNCTIONS 2 - AUTHORIZATION FUNCTIONS 3 - LOCK FUNCTIONS 4 - ENTITY AND ENTITY CHANGE HISTORY 5 - CCID AND CCID CHANGE HISTORY 6 - STATUS AND STATUS ASSOCIATIONS 7 - USER AND USER CHANGE HISTORY 8 - DICTIONARY AND DICTIONARY HISTORY 9 - MANAGEMENT GROUPS AND CCIDS 10 - ENDEVOR/DB CONTROL FUNCTIONS 11 - ENDEVOR/DB SIGNON FUNCTION 12 - RETURN TO IDMS/DC
Press ENTER.
The system responds with the CCID FUNCTIONS screen.
CA-E/DB nn.n volser CCID FUNCTIONS mm/dd/yy NDVRU500 USER ===> EDBADMIN DICTNAME ===> SRCNDVR MODE ===> UPDATE OPTION ===> 3 1 - BROWSE CCID DESCRIPTORS 2 - ADD A CCID DESCRIPTOR 3 - MODIFY CCID DESCRIPTORS 4 - DELETE CCID DESCRIPTORS 5 - BROWSE CCID/CHANGE ASSOCIATIONS 6 - ADD A CCID/CHANGE ASSOCIATION 7 - MODIFY CCID/CHANGE ASSOCIATIONS 8 - DELETE CCID/CHANGE ASSOCIATIONS 9 - BROWSE ENTITY STATUS FOR CCID CCID ===> EDB-SYSADMIN (IF OPTIONS 1 - 9 ) ENTITY: (IF OPTIONS 5 - 9 ) NAME ===> TYPE ===> VERSION ===> CHANGE-LOG SELECTION CRITERIA: (IF OPTIONS 5 - 8 ) START DATE ===> END DATE ===> 04/30/97 START TIME ===> END TIME ===> ACTION CODE ===>
Press ENTER.
The system responds with a CCID DETAIL screen, which shows the selected CCID.
CA-E/DB nn.n volser CCID DETAIL mm/dd/yy NDVRM510 USER ===> EDBADMIN DICTNAME ===> SRCNDVR MODE ===> UPDATE ACTION ===> MODIFY ****************************** CCID INFORMATION ***************************** NAME ===> EDB-SYSADMIN SEC. CLASS ===> NDVR-GLOBAL TYPE ===> PRIVATE COMMENT ===> EDB SYSTEM ADMINISTRATION LOCKED ===> N LOCK DATE ===> LOCK TIME ===>
Important! Use of that CCID is now restricted to only those users who are specifically preauthorized.
To remove preauthorization, select option 3 (DELETE PREAUTHORIZATION) on the Pre-authorization Functions screen.
|
Copyright © 2013 CA.
All rights reserved.
|
|