Table 2-6 Context Attributes and Administrative Access
|
|
|
|
|
|
|
Queried when user attempts to create a new attribute declaration.
|
|
|
Queried when user attempts to delete an attribute declaration.
|
|
|
Queried when user attempts to rename an attribute declaration.
|
|
|
Queried when user attempts to modify an attribute declaration.
|
|
|
|
Queried when user attempts to create a new constant.
|
|
|
Queried when user attempts to delete a constant.
|
|
declaration, value, new_name
|
Queried when user attempts to rename a constant.
|
|
declaration, value, new_value
|
Queried when user attempts to modify a constant.
|
|
|
|
Queried when user attempts to create a new enumeration.
|
|
|
Queried when user attempts to delete an enumeration.
|
|
declaration, value, new_name
|
Queried when user attempts to rename an enumeration.
|
|
declaration, value, new_value
|
Queried when user attempts to modify an enumeration.
|
Declaration/Evaluation Function
|
|
|
Queried when user attempts to create an evaluation function.
|
|
|
Queried when user attempts to delete an evaluation function.
|
|
|
Queried when user attempts to rename an evaluation function.
|
Identity/Directory/Instance
|
|
|
Queried when user attempts to create a directory.
|
|
|
Queried when user attempts to delete a directory.
|
|
|
Queried when user attempts to delete a directory and all its users.
|
|
|
Queried when user attempts to rename a directory.
|
Identity/Directory/ AttributeMapping/Single
|
|
attribute, default_value, directory
|
Queried when user attempts to add a scalar attribute to an attribute schema of a directory.
|
|
attribute, default_value, directory
|
Queried when user attempts to delete a scalar attribute from an attribute schema of a directory.
|
|
attribute, default_value, directory, new_default_value
|
Queried when user attempts to modify a scalar attribute in an attribute schema for a directory.
|
Identity/Directory/ AttributeMapping/List
|
|
attribute, default_value, directory
|
Queried when user attempts to add a vector attribute to an attribute schema of a directory.
|
|
attribute, default_value directory
|
Queried when user attempts to delete a vector attribute from an attribute schema of a directory.
|
|
attribute, default_value, directory, new_default_value
|
Queried when user attempts to modify a vector attribute in an attribute schema of a directory.
|
|
|
|
Queried when user attempts to create a new user.
|
|
subject_name, new_subject_name
|
Queried when user attempts to copy a user.
|
|
|
Queried when user attempts to delete a user.
|
|
|
Queried when user attempts to cascade a user and all policies associated with the user.
|
|
subject_name, new_subject_name
|
Queried when user attempts to rename a user.
|
|
|
|
Queried when user attempts to create a new group.
|
|
|
Queried when user attempts to delete a group.
|
|
subject_name, new_subject_name
|
Queried when user attempts to rename a group.
|
|
subject_name, member_subject
|
Queried when user attempts to add a member to a group.
|
|
subject_name, member_subject
|
Queried when user attempts to remove a member from a group.
|
Identity/Subject/ AttributeAssignment/Single
|
|
attribute, value, subject_name
|
Queried when user attempts to set a value to a currently unset scalar subject attribute.
|
|
attribute, value, subject_name
|
Queried when user attempts to unset a currently set scalar subject attribute.
|
|
attribute, value, subject_name, new_value
|
Queried when user attempts to modify the value of a currently set scalar subject attribute.
|
Identity/Subject/ AttributeAssignment/List
|
|
attribute, value, subject_name
|
Queried when user attempts to set a value to a currently unset vector subject attribute.
|
|
attribute, value, subject_name
|
Queried when user attempts to unset a currently set vector subject attribute.
|
|
attribute, value, subject_name, new_value
|
Queried when user attempts to modify the value of a currently set vector subject attribute.
|
Identity/Subject/ Password
|
|
|
Queried when user attempts to modify the password for a user. The subject_name attribute contains the name of the user for which the password is associated.
|
|
|
|
Queried when user attempts to create a new resource.
|
|
|
Queried when user attempts to delete a resource.
|
|
|
Queried when user attempts to cascade delete a resource. This includes deletion of all child resources and associated policies.
|
|
|
Queried when user attempts to rename a resource.
|
Resource/Attribute Assignment/Single
|
|
attribute, resource, value
|
Queried when user attempts to set a value to a currently unset scalar resource attribute.
|
|
attribute, resource, value
|
Queried when user attempts to unset a currently set scalar resource attribute.
|
|
attribute, resource, value, new_value
|
Queried when user attempts to modify the value of a currently set scalar resource attribute.
|
Resource/Attribute Assignment/List
|
|
attribute, resource, value
|
Queried when user attempts to set a value to a currently unset vector resource attribute.
|
|
attribute, resource, value
|
Queried when user attempts to unset a currently set vector resource attribute.
|
|
attribute, resource, value, new_value
|
Queried when user attempts to modify the value of a currently set vector resource attribute.
|
Resource/MetaData/ IsApplication
|
|
resource, value, new_value
|
Queried when user attempts to toggle the "is application" resource metadata.
|
Resource/MetaData/ IsDistributionPoint
|
|
resource, value, new_value
|
Queried when user attempts to toggle the "is distribution point" resource metadata.
|
Resource/MetaData/ Logical Name
|
|
|
Queried when user attempts to create a logical name for a resource.
|
|
|
Queried when user attempts to delete a logical name for a resource.
|
|
logical_name, resource, new_name
|
Queried when user attempts to rename a logical name for a resource.
|
|
|
action, resource, subject_name, constraint
|
Queried when user attempts to create a new grant policy. "action", "resource", and "subject_name" attributes are lists.
|
|
action, resource, subject_name, constraint
|
Queried when user attempts to delete a grant policy. The "action", "resource", and "subject_name" attributes are lists.
|
|
action, resource, subject_name, constraint, new_action, new_resource, new_subject_name, new_constraint
|
Queried when user attempts to modify a grant policies "action", "resource", and "subject_name" attributes are lists.
|
|
|
action, resource, subject_name, constraint
|
Queried when user attempts to create a new deny policy. "action", "resource", and "subject_name" attributes are lists.
|
|
action, resource, subject_name, constraint
|
Queried when user attempts to delete a deny policy. The "action", "resource", and "subject_name" attributes are lists.
|
|
action, action_type, resource, subject_name, subject_type, constraint, new_effect, new_action, new_action_type, new_resource, new_subject_name, new_subject_type, new_constraint
|
Queried when user attempts to modify a deny policy. The "action", "resource", and "subject_name" attributes are lists.
|
|
|
action, resource, subject_name, delegator, constraint
|
Queried when user attempts to create a new delegate policy. "action", "resource", and "subject_name" attributes are lists.
|
|
action, resource, subject_name, delegator, constraint
|
Queried when user attempts to delete a delegate policy. The "action", "resource", and "subject_name" attributes are lists.
|
|
action, resource, subject_name, delegator, constraint, new_action, new_resource, new_subject_name, new_delegator, new_constraint
|
Queried when user attempts to modify a delegate policy. The "action", "resource", and "subject_name" attributes are lists.
|
Policy/Action/Role/ Instance
|
|
|
Queried when user attempts to create a new role.
|
|
|
Queried when user attempts to delete a role.
|
|
|
Queried when user attempts to rename a role.
|
Policy/Action/ Privilege/Instance
|
|
|
Queried when user attempts to create a privilege.
|
|
|
Queried when user attempts to delete a privilege.
|
|
|
Queried when user attempts to rename a privilege.
|
Policy/Action/ Privilege/Group
|
|
|
Queried when user attempts to create a privilege group.
|
|
|
Queried when user attempts to delete a privilege group.
|
|
|
Queried when user attempts to rename a privilege group.
|
|
|
Queried when user attempts to add a privilege to a privilege group.
|
|
|
Queried when user attempts to remove a privilege from a privilege group.
|
Policy/Analysis/ Inquiry Query
|
|
title, owner, effect_type, subjects, actions, resources, delegator
|
Queried when user attempts to create a new policy query.
|
|
|
Queried when user attempts to delete a policy query.
|
|
title, owner, effect_type, subjects, actions, resources, delegator
|
Queried when user attempts to modify a policy query.
|
|
title, owner, effect_type, subjects, actions, resources, delegator
|
Queried when user attempts to execute a policy query. If this is an unsaved query "title" and "owner" will be set to an empty string.
|
Policy/Analysis/ Verification Query
|
|
title, owner, actions, resources
|
Queried when user attempts to create a new policy verification query.
|
|
|
Queried when user attempts to delete a policy verification query.
|
|
title, owner, actions, resources
|
Queried when user attempts to modify a policy verification query.
|
|
title, owner, actions, resources
|
Queried when user attempts to execute a policy verification query. If this is an unsaved query "title" and "owner" will be set to an empty string.
|
|
|
|
Queried when user attempts to deploy a policy update.
"resource" is the distribution node and all nodes below it may be effected. This check is made for each chosen distribution point.
|
|
deleted_directories, deployed_engines, deleted_engines, deleted_bindings, deleted_applications
|
Queried when user attempts to deploy a structural change.
|
Infrastructure/Engines/ARME
|
|
|
Queried when user attempts to create a new Security Service Module.
|
|
|
Queried when user attempts to delete a Security Service Module.
|
|
|
Queried when user attempts to rename a Security Service Module.
|
|
|
Queried when user attempts to bind a resource to a Security Service Module.
|
|
|
Queried when user attempts to unbind a resource from a Security Service Module.
|
Infrastructure/Engines/SCM
|
|
|
Queried when user attempts to create a Service Control Manager.
|
|
|
Queried when user attempts to delete a Service Control Manager.
|
|
|
Queried when user attempts to rename a Service Control Manager.
|
|
|
Queried when user attempts to bind a Security Service Module to a Service Control Manager. The "resource" contains the name of the Security Service Module.
|
|
|
Queried when user attempts to unbind a Security Service Module from a Service Control Manager. The "resource" contains the name of the Security Service Module.
|
Infrastructure/ Management/Console
|
|
|
Queried when user attempts to login to the Administration Console.
|
Infrastructure/ Management/BulkManager
|
|
|
Queried when user attempts to login to the Policy Import tool.
|