Enterprise Administration Guide › Administering CA Access Control Enterprise Management › Administrative Scoping › Admin Roles in CA Access Control Enterprise Management

Admin Roles in CA Access Control Enterprise Management

Predefined admin roles in CA Access Control Enterprise Management provide a basic set of admin roles that you can assign to administrators in your enterprise according to your requirements. Out-of-the-box, CA Access Control Enterprise Management comes with the following admin roles:

• CA Access Control Host Manager—Responsible for the definition of hosts and logical host groups.

  This admin role lets users create hosts and host groups, assign hosts to host groups, and modify them. It does not let users define policies or deploy policies but does let users view them and provides access to World View.

• CA Access Control Policy Deployer—Responsible for the deployment of policies across the environment.

  This admin role lets users assign policies to hosts and host groups, upgrade and downgrade policies, reset host configuration, and have access to the deployment audit. It lets users view policies and hosts but not define them and provides access to World View.

• CA Access Control Policy Manager—Responsible for creating policies.

  This admin role lets users create, modify, view, and delete policies. The admin role does not let users deploy the policies to hosts or host groups but they can view them and have access to the World View.

• CA Access Control User Manager—Responsible for user management in CA Access Control Enterprise Management: creating and managing users and groups, and assigning CA Access Control Enterprise Management roles to users.

  Note: The CA Access Control User Manager cannot create new admin roles. Only the System Manager can create new admin roles.

• System Manager—Responsible for managing CA Access Control Enterprise Management.

  A user with this admin role can perform, create, and manage all tasks in CA Access Control Enterprise Management.

  Use this role for the implementation phase to define the actual admin roles in your organization and for emergency situations. We recommend that you assign this role to a minimal number of users, ideally only one user, and closely monitor this user's actions.

• Reporting—Responsible for managing English reports. A user with this role can schedule and view reports.
• UNAB Administrator—Responsible for managing UNAB. A user with this role can configure UNAB hosts and host groups, manage login authorization policies, and resolve migration conflicts.

  Note: A user that is assigned the System Manager role is also assigned the UNAB Administrator role.

• CA Enterprise Log Manager User—Responsible for viewing CA Enterprise Log Manager reports. A user with this role can view CA Enterprise Log Manager reports.
• CA Enterprise Log Manager Admin—Responsible for managing CA Enterprise Log Manager reports. A user with this role can administer the CA Enterprise Log Manager reports in CA Access Control Enterprise Management and manage the connection to the CA Enterprise Log Manager server.
• Delegation Manager—Responsible for delegating work items. A user with this role can delegate work items to users.
• Self Manager—Responsible for managing their own user account. A user with this role can perform administrative actions on their account: change the account password, modify their user profile, view their assigned roles, submitted tasks, and the items that are waiting for their approval.

  Note: By default, every user in the system is assigned the Self Manager role.