Before you create authorizations, first decide which commands each type of user needs access to. The commands listed below are used specifically for the Rules Facility and others that, when the Rules Facility is installed, provide additional rules information. You will need to review the command authorizations for each type.
|
Command and Task |
——— Needed By ——— |
||
|---|---|---|---|
|
Security |
Security Group Manager |
General Users |
|
|
ACITRACE Dynamically trace ACI security events |
X |
|
|
|
CAN Query the rules database for user ID authorizations and respond by return code |
X |
X |
X |
|
GENACI Place a user ID in a security group. |
X |
|
|
|
GENHS Add history records to a user directory entry |
X |
|
|
|
GROUP Become a temporary member of a new security group |
X |
X |
X |
|
HISTORY Display user ID history records |
X |
X |
X |
|
JOURNAL Display password violations and reset password violation count |
X |
X |
|
|
LOGMSG Change the log message for a particular security group or create a DIALFAIL, LOGFAIL, NORULE, or SYSTEM log message |
X |
|
|
|
QCPCFG Display information about the CP component configuration to see whether Rules Facility is installed |
X |
|
|
|
QRULES Query the rules database for user ID authorizations and respond with relevant rule |
X |
X |
X |
|
QUERY Use all parameters on the QUERY command |
X |
X |
|
|
RESET Reset any password violation count |
X |
X |
|
|
RULEMAP Display all kinds of rules. Use the following parameters to restrict rules display: |
X |
|
|
|
|
|
X |
|
|
X |
|
|
|
X |
|
|
RULES Change all rules. Use the following parameters to restrict changes: |
X |
|
|
|
|
X |
X |
|
|
X |
|
|
SYSWORD Query or set the system word |
X |
|
|
|
TRACE Trace execution of a macro |
X |
|
|
|
Security group managers require authorization only for a user ID they manage. |
|||
|
Copyright © 2014 CA.
All rights reserved.
|
|