If attribute-based access control is used, add attributes to the users, groups of users, object classes, particular object types, particular objects for further verification of user access to objects and/or data segments in the attribute access policy structure.
NOTE. Custom attribute creation is available only to administrator with Changing User Permissions, Distributing Roles, Changing Policy, Change Security Mark and List of Control Access of Any Object Privilege. Each attribute must have unique name and identifier to prevent intersections of identical attributes between objects and subjects.
Create attributes for groups of users
NOTE. Attributes correspond only to the sections, into which they were added.
The Attributes dialog box:
The table includes all containing attributes with the defined properties.
Use the specified attribute values to check access to particular object types in properties of attribute-based access elements: objective, condition.
See also:
Setting Up Attribute-Based Access Control Method | Access Control Check Objective