|
|
|
Use the CAN command to query the rules database to determine whether a user ID is authorized to perform a specific action using CP, CA VM:Schedule, or CA VM:Tape commands. When searching for an authorization, the CAN command uses the first and most specific applicable rule it encounters in the rules database. It responds by return code so that you can use the CAN command in programs that need to check rules in the rules database. Use of the CAN command is not recorded in the audit data.
The user ID specified in this command may be able to temporarily switch security group membership using the GROUP command. Use the GROUP option of the command to query access rules as if the user ID were a member of a security group other than its default.
To query CA VM:Schedule and CA VM:Tape rules, activate the interfaces between CA VM:Secure and these two products through PRODUCT records in each product configuration file.
The CAN command is identical to the QRULES command except that the CAN command responds by return code and the QRULES command responds by displaying the rule that governs the specified action.
The CAN command is also similar to the MAY command. The difference is that the CAN command queries authorizations in the rules database to use CP, CA VM:Schedule, and CA VM:Tape commands while the MAY command queries authorizations in the AUTHORIZ CONFIG file to use CA VM:Secure commands.
| Copyright © 2011 CA. All rights reserved. | Tell Technical Publications how we can improve this information |