When you authorize user IDs to use the CA VM:Director GRANT AUTHORITY and REVOKE AUTHORITY commands, specify the two–word command authorization (GRANT AUTHORITY or REVOKE AUTHORITY) followed by the file space for which users can issue the command. You also specify the user IDs of the users who will be issuing the commands.
Note: The authorization is at the file space level. This means that the user is authorized to grant or revoke authority for all files and directories in the specified file space.
You cannot use the GRANT AUTHORITY or REVOKE AUTHORITY authorizations in LIST records.
The GRANT record for the GRANT AUTHORITY and REVOKE AUTHORITY authorizations uses the following structure:
GRANT {GRANT | REVOKE} AUTHORITY filespace TO "Issuer"
Issuer:
{userid | userid_list}
Authority and file space.
Command issuer.
The WITHHOLD record for the GRANT AUTHORITY and REVOKE AUTHORITY authorizations uses the following structure:
WITHHOLD {GRANT | REVOKE} AUTHORITY filespace TO "Issuer"
Issuer:
{userid | userid_list}
Authority and file space.
Command issuer.
By default, the command issuer can grant (or revoke) authority for all users. For example, this GRANT record allows directory manager CARLAT to use the CA VM:Director GRANT AUTHORITY command to grant access to the ENG:PROJECT file space for everyone:
GRANT GRANT AUTHORITY ENG:PROJECT TO CARLAT
Now that CARLAT is authorized, she can give anyone (FRAISERC is used in this example) read access to the ENG:PROJECT.PROJECT1 directory. To do so, CARLAT enters the following command:
vmdirect grant authority eng:project.project1 to fraiserc (read
|
Copyright © 2014 CA.
All rights reserved.
|
|