Use the WITHHOLD record to restrict users from using CA VM:Director commands, utilities, or screen selections. WITHHOLD records are also used to define exceptions to general authorizations given by GRANT records.
For CA VM:Director, the WITHHOLD record has this syntax:
WITHHOLD authority [OVER target‑userid(s)] FROM users
ACCESS is defined in the PRODUCT CONFIG file.
Specifies the authorization being withheld from an entire command, a command and some of its parameters, or a list of commands; authority can be any of the authorizations in the following tables:
Note: For information about how to use lists, see User ID Lists and Authority Lists in the chapter "Authorizations" in the Administration Guide. For more information about LIST record, see LIST Record.
You can also use an authorization with a trailing asterisk (for example, MAN*) to indicate all authorizations that begin with the specified characters. Such authorizations will be flagged by the configuration file editor as unrecognized, but they are still functional.
Limits the scope of the authority; you can use the word OVER, to make it clear that the authority is invalid for user ID(s) that follow the word OVER.
Specifies the user ID(s), over which the authority cannot be exercised by users.
Consists of a list of user IDs, separated by blanks, that are restricted from receiving authorization. A trailing asterisk (for example, M*) indicates that all user IDs beginning with the specified characters are denied authorization.
Examples
WITHHOLD ASSIGN * KEVIN FROM *ALL
WITHHOLD COMPRESS DOSRES FROM *ALL
WITHHOLD PASSWORD FROM BISHOP
LIST *ADMINS BRENDA SALLY ROB WITHHOLD MDSKSCAN FROM *ADMINS
WITHHOLD PASSWORD OVER *DIRUSRS OF MAINT FROM DAVID
|
Copyright © 2014 CA.
All rights reserved.
|
|