Policy Model Filter File
A filter file consists of lines, each with six fields. The fields contain information on:
cminder140
A filter file consists of lines, each with six fields. The fields contain information on:
- The form of access permitted or denied.
For example, READ or MODIFY
- The environment affected:
For example, AC or native
- The class of the record.
For example, USER or TERMINAL
- The objects, within the class, that the rule covers.
For example, User1, AuditGroup, or TTY1
- The properties that the record grants or cancels.
For example, OWNER and FULL_NAME in the filter line means that any command having those properties is filtered. You must enter each property exactly as it appears in the
Reference Guide
.- Whether such records should be forwarded to the subscriber database or not:
PASS or NOPASS
The following rules apply to each line in the filter file:
- You can use an asterisk * to denote all possible values in any field.
- If more than one line covers the same records, thefirstapplicable line is used.
- Spaces separate the fields.
- In fields with more than one value, semicolons separate the values.
- Lines beginning with#are considered a comment line.
- Empty lines are not allowed.
Example: Filter file
The following example describes a line from a filter file:
CREATE | AC | USER | * | FULL_NAME;OBJ_TYPE | NOPASS |
form of access | environment | class | record name( * =all) | properties | treatment |
In this example, if we name the file with this line TTY1_FILTER and edit the pmd.ini file for PMDB TTY1 so that filter=/opt/CA/AccessControl/TTY1_FILTER, then PMDB TTY1 will not propagate to its subscribers any records that create new users with the FULL_NAME and OBJ_TYPE property.