To indicate which users can access data, add one of these selectors to a WHEN access control record.
- USER controls access based on a userid and password.
- GROUP controls access based on the group a user belongs to.
- SYSADMIN controls access based on whether a user has VM:Webgateway SYSADMIN authority.
- SYSOPER controls access based whether a user has VM:Webgateway SYSOPER authority.
- IP controls access based on the IP address of the browser user.
- CNAME controls access based on the canonical name of the user's computer.
- CCERTCOMMONNAME controls access based on the TCP/IP domain name of the browser user's host name.
- CCERTCOUNTRY controls access based on the ISO code for the country in which the browser user is located.
- CCERTDISTINGUISHEDNAME controls access based on the fields in the browser's client certificate.
- CCERTEMAIL controls access based on the e-mail address of the browser user.
- CCERTLOCALITY controls access based on the locality or city in which the browser user's organization is located.
- CCERTORG controls access based on the organization to which the browser user belongs.
- CCERTORGUNIT controls access based on the organizational department to which the browser user belongs.
- CCERTSTATE controls access based on the state or province in which the browser user's organization is located.
Place WHEN access control records in DIRMAP and ACCESS files to identify the user information you want to base control on.
If you are basing access control on the identity of browser users or their VM:Webgateway authorization, VM:Webgateway must verify that web browser users are who they claim to be. To learn how to authenticate a user's identity, refer to Authenticating Web Browser Users in the side bar.
If you are basing access control on a web browser user's group, VM:Webgateway must first determine to which group a user belongs. To learn how to determine group membership, refer to Determining Group Membership in the side bar.
