82 Novell Privileged User Manager 2.2.1 Administration guidenovdocx (en) 7 January 2010 Stop if authorized: If Authorize is set to Yes, no more rules are checked for the command. Stop if unauthorized: If Authorize is set to No, no more rules are checked for thecommand.Run User: Define a run user by selecting the name of the user you want to run this command(this overrides any username defined through a set command).Run Host: Define a run host by selecting the name of the host on which you want to run thiscommand (this overrides any hostname defined through a set command).Risk Level: Set a Risk Level of 0 to 99. This option allows you to set a value representing therelative risk of a rule when using the rush or crush clients with the session auditing option (seeSection 5.2, “Integrating Command Control into User Environments,” on page 64). Whenviewing a Command Control Keystroke Report, you see commands controlled by rules withdifferent risk values represented in different colors.Audit Group: Define an Audit Group. This setting is for use in Compliance Auditor reports.6 Click Finish. The settings you have defined for the rule are displayed in the console.5.6.3 Setting Conditions for a RuleYou can set a number of conditions for a rule to determine whether the rule is processed or not. Forexample, you can set a particular command as a condition, and only process the rule if a user entersthat command.There are two ways of setting conditions for a rule: Dragging an entity onto the rule. Using the Edit Condition option, as described in the steps below.NOTE: When you drag an entity onto a rule, you might need to edit the condition to ensure that thecondition logic is what you want. If you want to use a script in rule conditions, you must set it toConditional first (see “Modifying a Script” on page 99).To set conditions by using the Edit Condition option:1 Click Command Control on the home page of the console.2 Click Rules in the navigation pane.3 Select the rule for which you want to set conditions.4 Select the currently defined condition in the right pane. If you have not yet defined a condition,this is Match All.5 Select Edit Condition in the task pane.6 In the Add Condition drop-down list, select the type of condition you want. The condition isdisplayed on the screen.7 Set the condition to the value and logic you want. For example, if you set a condition to matcha run user to a user group:7a Change user (submit user) to run user.7b Leave the logic setting as IN.7c Select the user group you require from the user group drop-down list.
