|
|
|
In addition to identifying an ACIGROUP name, the GROUP record also optionally specifies a user ID (mgrid) that is designated to establish security group rules and to create security group log messages. This user ID must have a GRANT record with RULES authorization in the AUTHORIZ CONFIG file. Without the optional user ID, only a user ID with RULES GROUP authorization can establish security group rules for the security group specified on the GROUP record.
Only security group names defined on GROUP records can be specified on rules or on an ACIGROUP directory control statement.
It is customary to authorize group managers to create group rules for the group. With CA VM:Secure configurable authorizations, this is not mandatory due to the variety of authorizations that can be set up.
Note: For more information, see GENACI Command and GROUP User Exit.
| Copyright © 2011 CA. All rights reserved. | Tell Technical Publications how we can improve this information |