OSF DCE Administration Guide--Core Components
OSF DCE Administration Guide—Core Components
A filter is composed of filter guides that specify these conditions. Filter guides also
specify what action to take if the condition (outcome) is met.
A filter answers the following questions:
• Who will be audited?
• What events will be audited?
• What should be the outcome of these events before an audit record is written?
• Will the audit record be logged in the audit trail file, or displayed on the system
console, or both?
For example, for the bank server program, you can impose the following conditions
before an audit record is written:
‘‘Log audit records on all withdrawal transactions (the audit events) that fail because of
access denial (outcome of the event) that are performed by all customers in the DCE cell
(who to audit).’’
42.3.6.1 Filter Subject Identity
A filter is associated with one filter subject, which denotes to whom the filter applies.
The filter subject is the client of the distributed application who caused the event to
happen. The filter subject has two parts: the filter type and the key.
There are eight filter types:
• principal—DCE principal in the local cell.
• foreign_principal—DCE principal in a foreign cell.
• group—DCE group in the local cell.
• foreign_group—DCE group in a foreign cell.
• cell—DCE cell in the network.
• cell_overridable—DCE cell in the network. This type can be overriden by a more
specific filter type.
• world—All clients of the distributed application.
• world_overridable—All clients of the distributed application. This type can be
overriden by a more specific filter type.
The key is the specific name of the principal, foreign_principal, group, foreign_group,
cell, and cell_overridable filter types. The world and world_overridable filter types
have no keys.
42 − 6 Tandem Computers Incorporated 124243