|
|
|
In all cases, administrative authority and scope of the security administrator is verified at the sending and target nodes before the command is successfully applied to the targeted Security Files. This is an important level of control over remote administration. To enter TSS commands with a targeted destination, you need MISC2(TARGET) authority.
In addition to propagating changes, CPF allows the security administrator to view the contents of Security Files in remote nodes. This viewing is completely secure since scope is verified at both locations, allowing the administrator or auditor to review the security information for which he or she is responsible at all nodes in the CPF domain. CPF also encrypts the data that it sends between nodes.
Propagated administration commands execute on the remote system using the authority and scope of the user as defined on the remote system, and not from the originating system. For example, if a user who is defined as an SCA on one system propagates a TSS command to a system where that user is defined only as a USER, then the command is limited to the USER authority.
User initiated (versus administrator initiated) password changes propagated through CPF cause the user's password to change at each node where the change is sent, provided that the user's existing passwords are the same. The password will not change at nodes where the existing passwords aren't identical or aren't synchronized. This prevents one user from changing the password of an identically named ACID on another node that is used by another person.
| Copyright © 2011 CA. All rights reserved. | Tell Technical Publications how we can improve this information |