MEMBER rules are valid only at the system and security group levels. MEMBER rules do not reference a CP command; rather, they control the GROUP command. The GROUP command allows users to change security group membership temporarily. This change is made only for the active user ID, not in the CP object directory or in the CA VM:Secure directory database. The user default security group, the group defined in the ACIGROUP statement in the user’s directory entry, remains unchanged by the GROUP command.
If there is no MEMBER rule that applies to a user request, the command is rejected. The NORULE record in the SECURITY CONFIG file does not apply.
Examples
ACCEPT BROCK MEMBER
REJECT * MEMBER ACCEPT BROCK MEMBER (LOGPASS ACCEPT ADMINGRP MEMBER (GROUP LOGPASS
The LOGPASS option prompts BROCK and user IDs in security group ADMINGRP for their logon passwords and verifies them before allowing them temporary membership in security group FINGROUP. The GROUP option specifies that ADMINGRP is a security group name.
|
Copyright © 2014 CA.
All rights reserved.
|
|