|
|
|
|
|
Fixed Definition mode enables the administrator to determine the definition mode in advance. Conditional Definition mode first establishes the user’s definition mode (Basic or Extended) and then determines a user’s authority to access an entity. Conditional Definition mode provides more flexibility than Fixed Definition mode when determining a user’s authority. For example, certain users can be set to work in one mode, while others can be set to work in another mode. Using Fixed Definition mode improves the performance of the security checking process because the check for the mode is eliminated.
When Conditional Definition mode is used and a resource profile is defined to protect $$IOAEDM or $$CTxEDM entities, it is recommended that the security system not audit this resource to avoid generating failure audit records for these entities.
When Conditional Definition mode is used, one more call is made to the security product to determine the mode in which the user should operate.
Parent Topic |