Policy Model Filter File

A filter file consists of lines, each with six fields. The fields contain information on:
cminder140
A filter file consists of lines, each with six fields. The fields contain information on:
  • The form of access permitted or denied.
For example, READ or MODIFY
  • The environment affected:
For example, AC or native
  • The class of the record.
For example, USER or TERMINAL
  • The objects, within the class, that the rule covers.
For example, User1, AuditGroup, or TTY1
  • The properties that the record grants or cancels.
For example, OWNER and FULL_NAME in the filter line means that any command having those properties is filtered. You must enter each property exactly as it appears in the
Reference Guide
.
  • Whether such records should be forwarded to the subscriber database or not:
PASS or NOPASS
The following rules apply to each line in the filter file:
  • You can use an asterisk * to denote all possible values in any field.
  • If more than one line covers the same records, the
    first
    applicable line is used.
  • Spaces separate the fields.
  • In fields with more than one value, semicolons separate the values.
  • Lines beginning with
    #
    are considered a comment line.
  • Empty lines are not allowed.
Example: Filter file
The following example describes a line from a filter file:
CREATE
AC
USER
*
FULL_NAME;OBJ_TYPE
NOPASS
form of access
environment
class
record name( * =all)
properties
treatment
In this example, if we name the file with this line TTY1_FILTER and edit the pmd.ini file for PMDB TTY1 so that filter=/opt/CA/AccessControl/TTY1_FILTER, then PMDB TTY1 will not propagate to its subscribers any records that create new users with the FULL_NAME and OBJ_TYPE property.