The following example authorizes a user to issue the ADDMDISK command to add a disk for a specific target user, user ID xxxxx01, who is managed by directory manager VMANAGER.
CADIRECT.ADDMDISK.xxxxxx01.VMANAGER
This format allows a variety of access rules to be written, using the resource name wildcard matching capabilities of the ESM.
The following table shows examples where an "* " is a wildcard character meaning any token:
|
ESM Rule |
Rule Description |
|---|---|
|
CADIRECT.ADDMDISK*.* |
Allows an ADDMDISK command with any target user ID to be issued. |
|
CADIRECT.ADDMDISK.xxxxxx01.* |
Allows an ADDMDISK command for only the xxxxxx01 user ID. |
|
CADIRECT.ADDMDISK.*.VMANAGER |
Allows an ADDMDISK command for any user ID managed by the VMANAGER user, who is a directory manager. |
|
CADIRECT.*.*.* |
Allows a user to use any CA VM:Director command. |
Note: Trailing wildcard characters can be omitted.
Although the resource names formats can define specialized command authorizations for system administrators, additional formats are needed for two unique groups of requestors:
|
Copyright © 2014 CA.
All rights reserved.
|
|