The MODE control option determines how CA Top Secret responds to security violations. There are four settings for the MODE control option:
CA Top Secret is installed, but it is not actively validating activity. The TSS command is fully supported and can be used.
CA Top Secret is active, but violations do not result in requests being failed. This mode gives the Security Administrators the opportunity to fine-tune definitions without impacting processing activity. They can examine security incident reports (see the “Monitoring Your Security Environment” chapter for a discussion of reporting and logging options) and adjust authorizations accordingly. Depending on how the MSG control option is set, violation messages may or may not be sent to the user.
CA Top Secret is active and will fail any unauthorized access requests. Users not defined to CA Top Secret can operate normally but will be restricted from accessing protected resources.
CA Top Secret is in full control of access requests. All users must be defined and all resources protected. Unauthorized access requests will be failed.
In a typical security environment, the entire installation will gradually move from DORMANT to FAIL mode. This is called phased implementation, and it lets you both introduce your users to how CA Top Secret will impact their daily job performance, and to customize your security database and security environment as the need arises.
In addition to phased implementation-where the entire installation gradually moves from one mode to another-you can also specify concurrent security modes-where different parts of your installation are running under different security modes all at the same time.
|
Copyright © 2014 CA Technologies.
All rights reserved.
|
|