IMPLEMENT mode allows you to combine DORMANT and FAIL mode easily in your implementation strategy. All resources which have been defined to CA Top Secret or protected by default cannot be accessed by undefined users unless permissions have been defined to the ALL Record. Access to unprotected resources by users is treated the same way in IMPLEMENT mode as in FAIL mode (except for those resources which are protected by default only in FAIL mode). Unauthorized access attempts by defined or undefined users are failed.
Many organizations use a global IMPLEMENT mode strategy during implementation and override that mode where appropriate by facility, profile, user, or event.
If you attach the DEFPROT attribute to specific resource classes, IMPLEMENT mode records violations for all those resources that have not been defined. See Implementing Default Protection for a more thorough discussion of this approach.
|
Copyright © 2009 CA.
All rights reserved.
|
|