OSF DCE Administration Guide--Core Components
OSF DCE Administration Guide—Core Components
42.3.6.4 Filter Rules
Filter rules are used to resolve overlapping guides from different filters. There are two
filter rules: the override and the high-water-mark.
Under the override rule, filters that are overridable (that is, cell_overridable and
world_overridable types) are nullified by more specific filters. The override rule serves
as a mechanism that allows for complementary filters. A filter for a principal or a group
is more specific than a filter for a cell or for the world.
The high-water-mark rule is applied after the override rule. If multiple filters are
applicable to a client, the union of the actions (log or alarm) specified by these filters is
applied.
A filter is applicable to a client if its principal, groups, or cell identity matches the key of
the filter. The world and world_overridable filters have no keys and are applicable to
all clients. If there are multiple filters that are applicable to a client, then the union of the
actions (log or alarm) specified by these filters is taken.
42.3.6.5 Example of Using Filter Rules
The use of overridable filters is described in the following scenario:
Alice in Company (cell) X is responsible for activating some operations (event class
critical_transactions). Other principals in the company are also authorized to activate
the same operations, but only under certain conditions; for example, when Alice is not
available. The system administrator wants to log an audit record regardless of the event
outcome (that is, audit conditions = all) or who activates these operations. The
administrator also wants to generate an alarm if the activator is not Alice. This
specification is implemented by the following two filters:
Filter 1:
filter type: principal
key: Alice
guide 1:
audit conditions - all
audit actions - log
event classes - critical_transactions
Filter 2:
filter type: cell_overridable
key: X
guide 1:
audit conditions - all
audit actions - log, alarm
event classes - critical_transactions
42 − 8 Tandem Computers Incorporated 124243