Managing Configuration Items › Configuration Audit and Control Facility (CACF) › CACF Administration and Policy Definition › How Configuration Audit and Control Facility Works › Transaction Filter
Transaction Filter
Policies filter transactions based on the source of the transaction, including the attribute name, MDR name, MDR class, and role of the user that performs the update.
Note: If you want to filter users logged on through the web interface only, specify the keyword Web Client for the MDR class. The userid of the contact specifies the MDR name. This method of identifying users applies only to verification policies, and does not appear in any other part of the product.
Example: Transaction Filters
The following example policies specify Transaction Filters:
- Policy name(root_access) filters ci(*) attribute(All Managed Attributes) role(Administrator) action(Allow Attribute Update)
- Policy name (cohesion_not_authorized) filters ci(*) attribute(IP Address) MDRclass(Cohesion) action(Keep Old Attribute Value)
- Policy name(john) filters ci(user1*) attribute(All Managed Attributes) MDRName(user1) MDRClass(Web Client) action(Allow Attribute Update)
These examples provide the following functionality:
- Policy(root_access) lets any user with Administrator access update any value. We recommend this type of policy to have a low sequence number.
- Policy(cohesion_not_authorized) prevents any MDR of MDR class(Cohesion) from updating the IP Address of the filtered CI. This example shows how to prevent an unauthorized MDR from updating data.
- Policy(user1) lets user1 update the CIs that the contact owns, but only when using the web client. This example shows how to provide specific users full control over their data.