Security Basics › Command Groups (Optional) › How Command Groups Are Checked
How Command Groups Are Checked
Using command groups significantly reduces the calls necessary to determine which commands are authorized for the user.
CA SYSVIEW verifies the security of command groups as follows:
- Reviews the command groups during the initialization of a CA SYSVIEW user session to determine whether command groups are assigned to a user group.
- When command groups are assigned to a user group, then CA SYSVIEW initiates a call to the security exit. This call determines whether the command group is authorized. The call is made during the session initialization with a resource type of CMDGROUP and a resource value of the command group name.
Note: When internal security forbids a command group, the security exit cannot override this setting.
- Marks the command included in the command group as allowed or not allowed, depending on the group authorization.
- Verifies all the command groups.
- Reviews the remaining commands that were not included in a command group that is assigned to the user group as the user references each command.
Copyright © 2014 CA.
All rights reserved.
|
|