You can narrow the scope of an authorization so that it is valid only when the user ID to whom you are granting the authority uses the command on certain user IDs. For example, this GRANT record allows WOODYB to use the EDIT command to change everyone’s directory entries:
GRANT EDIT TO WOODYB
You want to authorize WOODYB to edit only NORMP’s directory entry. You can do that by giving WOODYB a narrow authorization for the EDIT command, specifying NORMP as the only user ID on which WOODYB can use the command:
GRANT EDIT NORMP TO WOODYB
You can include the word OVER to describe these narrow authorizations if it helps you or whoever reads the AUTHORIZ CONFIG file to understand the intent of these records. The word fits between the command and the user ID or user IDs over which this authority is valid.
Example:
Both of the following GRANT records authorize WOODYB to use the EDIT command on NORMP’s directory entry:
GRANT EDIT NORMP TO WOODYB GRANT EDIT OVER NORMP TO WOODYB
OVER does not change the meaning of the record for CA VM:Director. You can use OVER only on those commands that pertain to a user ID. OVER has no meaning if used in an authorization for a command that pertains to the system or parts of the system. For example, you cannot use OVER when granting authorization to the MAP command.
|
Copyright © 2014 CA.
All rights reserved.
|
|