The USS servers can dynamically modify the security environment to match the authority of the command issuer. Activate this feature with the USSSECURITY parameter.
The security check runs in one of two modes, depending on the value of the USSSECURITY parameter:
In this case, the USS servers must have super user authority and have read access to the BPX.DAEMON resource (if defined) to dynamically modify the security environment to match the authority of the command issuer. The command issuer must have sufficient authority in the USS segment of their security profiles to perform the types of USS commands that automation applications require.
In this case, the USS servers execute all commands with the current authority of the server. AOF security rules are the only way to restrict the types of USS commands that a particular user issues. The USS servers must have sufficient authority in the USS segment of their security profiles to perform the types of USS commands that automation applications require. Otherwise, you may encounter failures due to a lack of execute authority for that command or because the directory that contains the command is inaccessible. The authority that is required may range from basic user to super user.
Note: For more information about the USSSECURITY parameter, see the Parameter Reference. Consult your security administrator before you attempt to activate the USS feature.
|
Copyright © 2014 CA Technologies.
All rights reserved.
|
|