When a user attempts to use CA‑PanAPT, a check is performed to see if the user has been registered to CA‑PanAPT.
If the user has been registered to CA‑PanAPT, a check is performed to determine what authority, groups, and approval categories have been assigned to that user. This information is on the CA‑PanAPT Control File.
If the user has not been registered to CA‑PanAPT, the user is assigned the authority of the default user (defined as User ID *DEFAULT). The default user is authorized to perform specific CA‑PanAPT activities, can belong to specified groups, and have specific approval categories.
The default user can be specified during or after CA‑PanAPT implementation. You specify the default user using the Control File functions.
To prevent a user from accessing CA‑PanAPT, you can disallow use of his or her Signon ID as part of User ID Maintenance.
To prevent users not specifically registered to CA‑PanAPT from accessing the system, you can disallow use of the *DEFAULT Signon ID.
To prevent users from adding members to a Move Request or approving a Move Request through an in-house Security package, you can implement a user-written Security Exit Program (see the CA‑PanAPT Administrator Guide, Appendix B, "User Exits").
|
Copyright © 2004 CA.
All rights reserved.
|
|