Setting up Resource Definitions and Ownership

Setting up Resource Definitions and Ownership

This section contains the following topics:

How Resources are Secured

Default Resource Protection

Implementing Default Protection

Resource Ownership

Resource Class Translation

How Resources are Secured

You can restrict a user’s access to a resource by day, time, facility, program, or access level. Resource protection can also be extended on a default or global basis.

To secure resources:

• Define the resources to CA Top Secret by:
  • Verifying that the resource class is defined to the RDT
  • Assigning ownership of the resource to an ACID
• Permit access using the TSS PERMIT command function

Requests to access a secured resource are filtered through the Security Validation Algorithm. Access depends on what PERMITs the ACID has, how explicit those PERMITs are, and where they are stored (in the user, profile, or ALL Record). The Security Validation Algorithm uses all of this information to determine “best fit” between what resources the user is allowed to access and what resources the user is requesting to access.