About Users
Defining users in the CA IDMS user catalog is essential if the security option for one or more resources is internal, even if signon processing is controlled externally. A security check on an internally secured resource fails if the executing user is not defined in the user catalog.
Until you secure the user resource, any user can define users in the user catalog.
How to Secure Users
To secure users internally, include an entry in the SRTT:
#SECRTT TYPE=ENTRY,
RESTYPE=USER, X
SECBY=INTERNAL X
To secure users externally, include an entry in the SRTT:
#SECRTT TYPE=ENTRY,
RESTYPE=USER, X
SECBY=EXTERNAL, X
Additional parameters required
Note: For more information, see #SECRTT.
How to Define Users
You define a user with a CREATE USER statement. For example, this statement creates user RKN:
create user rkn group mis name 'Randall K. Nelken' password ranken profile misprof;
Note: For more information, see CREATE USER.
Maintaining User Definitions
You can alter the definition of a user with an ALTER USER statement. You can drop the definition of a user with a DROP USER statement.
Note: For more information, see the following sections:
Granting Definition Privileges on Users
You can delegate the authority to define and maintain users by granting definition privileges on users. You can specify any combination of CREATE, ALTER, DROP, and DISPLAY privileges, or you can specify all definition privileges (DEFINE). You can specify WITH GRANT OPTION when you grant these privileges to allow the user to grant the same privileges to another user.
In this example, user mis1 is given the privilege to create or alter the definition of users whose user IDs begin with 'mis':
grant alter, create on user mis* to mis1;
Note: For more information, see GRANT Definition Privileges.
|
Copyright © 2014 CA.
All rights reserved.
|
|