In this example, the special ACID name of MULTIID along with the CRITERIA name tells CA Top Secret that if the subject's and/or the issuer's distinguished name information matches, then search the CRITMAP records for a match on the application name before assigning an ACID to the user:
TSS ADDTO(MULTIID) CERTMAP(NYMAP2)
LABLCMAP('NY Dept 2 Map')
TRUST
SDNFILTR('OU=Dept2.OU=NY.OU=Sales.O=ABC Co')
CRITERIA(CNFAPP=&CNFAPP)
TSS ADDTO(NYDEPT2B) CRITMAP(NYCRIT2B)
CNFAPP(BUSINESS)
TSS ADDTO(NYDEPT2B) CRITMAP(NYCRIT2R)
CNFAPP(RETAIL)
In this example, the user whose subject's distinguished name matches the SDNFILTR is assigned the ACID NYDEPT2B or NYDEPT2R, depending upon what application was used to access the system. If access was through the BUSINESS application, NYDEPT2B is assigned to the user. If access was through the RETAIL application, NYDEPT2R is assigned.
|
Copyright © 2009 CA.
All rights reserved.
|
|