Switching AUTH control option from OVERRIDE to MERGE
search cancel

Switching AUTH control option from OVERRIDE to MERGE


Article ID: 42617


Updated On:


Top Secret Top Secret - LDAP



How easy would it be from switching from AUTH(OVERRIDE) to AUTH(MERGE)?




The decision for which AUTH control option should be done when the security file is setup with PERMITs and PROFILEs.


AUTH control option determines how you want TSS to search for the PERMIT given to a user.


OVERRIDE searches user, then the profiles and then the All record in order. Once it finds a permit it stops the search.


MERGE merges all PERMITs on the user, profiles attached to the user and the ALL records in to one big pool. Then picks the PERMIT that best matches.


So your security architecture, build  and order your PERMITs and PROFILES are based on how you set the AUTH control option.


So, switching from OVERRIDE to MERGE or vice versa is no easy task.


With OVERRIDE you can always override a PROFILE by putting a PERMIT directly on the user acid. MERGE doesn’t give you this flexibility.


CA Top Secret give you the option to do OVERRIDE or MERGE. It's setting is based on a site’s security requirements and preference.


The vast majority of CA Top Secret users use OVERRIDE.



Component: TSSMVS