Security Basics › Command Groups (Optional) › How Command Groups Are Checked
How Command Groups Are Checked
Using command groups significantly reduces the calls necessary to determine which commands are authorized for the user.
CA SYSVIEW verifies the security of command groups as follows:
- Reviews the command groups during initialization of a CA SYSVIEW user session to determine whether command groups are assigned to a user group.
- If command groups are assigned to a user group, initiates a call to the security exit to determine whether the command group is authorized. The call is made during session initialization with a resource type of CMDGROUP and a resource value of the command group name.
Note: When internal security forbids a command group, the security exit cannot override this setting.
- Marks the command included in the command group as allowed or not allowed, depending on the group authorization.
- Verifies all the command groups.
- Reviews the remaining commands that were not included in a command group assigned to the user group as the user references each command.
Copyright © 2013 CA.
All rights reserved.
|
|