Use the GROUP record to define a group name to be associated with the ACIGROUP directory control statement.
GROUP groupname [mgrid]
GROUP is defined in the SECURITY CONFIG file.
Defines a name that can be used with rules or on the ACIGROUP directory control statement. The groupname can be between one and eight characters, and must satisfy the criteria for a valid CMS filename.
Specifies an optional user ID to act as security group manager for the groupname. One user ID can be the security group manager for more than one group, and a security group manager does not have to be the directory manager for any user IDs in that group.
In addition to identifying an ACIGROUP name, the GROUP record also optionally specifies a user ID (mgrid) that is designated to establish security group rules and to create security group log messages. This user ID must have a GRANT record with RULES authorization in the AUTHORIZ CONFIG file. Without the optional user ID, only a user ID with RULES GROUP authorization can establish security group rules for the security group specified on the GROUP record.
Only security group names defined on GROUP records can be specified on rules or on an ACIGROUP directory control statement.
It is customary to authorize group managers to create group rules for the group. With CA VM:Secure configurable authorizations, this is not mandatory due to the variety of authorizations that can be set up.
Note: For more information, see GENACI Command and GROUP User Exit.
|
Copyright © 2014 CA.
All rights reserved.
|
|