Superuser Granularity support lets you avoid giving users superuser authority via UID(0) by allowing non‑superuser users access to new resources in the UNIXPRIV class. If a user does not have a UID=0, but they do have access to one of the new resources, access is allowed.
Activating CA Top Secret SAF HFS security does not override the superuser granularity support if there is an equivalent SAF HFS security resource for the UNIXPRIV resource.
If there is no SAF HFS resource, the UNIXPRIV resource is checked instead.
|
Copyright © 2014 CA Technologies.
All rights reserved.
|
|