Enterprise Administration Guide › Administering CA Access Control Enterprise Management › Administrative Scoping › Admin Roles in CA Access Control Enterprise Management

Admin Roles in CA Access Control Enterprise Management

Predefined admin roles in CA Access Control Enterprise Management provide a basic set of admin roles that you can assign to administrators in your enterprise according to your requirements. Out-of-the-box, CA Access Control Enterprise Management comes with the following admin roles:

• CA Access Control Host Manager—Defines managed devices and logical security groups.

  CA Access Control Host Managers can create managed devices and security groups, assign devices to security groups, and modify the groups. CA Access Control Host Managers cannot define policies or deploy policies but they can use World View to view policies.

• CA Access Control Policy Deployer—Deploys policies across the environment.

  CA Access Control Policy Deployers assign policies to hosts and host groups, upgrade and downgrade policies, and reset host configuration.CA Access Control Policy Deployers can access the deployment audit. They can view policies and hosts but cannot define either. They can access World View.

• CA Access Control Policy Manager—Creates policies.

  CA Access Control Policy Managers create, modify, view, and delete policies. They cannot deploy policies to hosts or host groups but they can view them and can access World View.

• CA Access Control User Manager—Manages users and groups in CA Access Control Enterprise Management. They can also assign CA Access Control Enterprise Management roles to users.

  Note: The CA Access Control User Manager cannot create new admin roles. Only the System Manager can create new admin roles.

• System Manager—Manages CA Access Control Enterprise Management.

  System Managers can perform, create, and manage all tasks in CA Access Control Enterprise Management.

  Use this role for the implementation phase to define the actual admin roles in your organization and for emergency situations. We recommend that you assign this role to a minimal number of users, ideally only one user, and closely monitor the actions of this user.

• Reporting—Manages English reports. A user with this role can schedule and view reports.
• CA Enterprise Log Manager User—Reviews CA Enterprise Log Manager reports. A user with this role can view CA Enterprise Log Manager reports.
• CA Enterprise Log Manager Admin—Manages CA Enterprise Log Manager reports. A user with this role can administer the CA Enterprise Log Manager reports in CA Access Control Enterprise Management and manage the connection to the CA Enterprise Log Manager server.
• Delegation Manager—Delegates work items. A user with this role can delegate work items to users.
• Self Manager—Manages their own user account. A user with this role can perform administrative actions on their account. They can change the account password, modify their user profile, view their assigned roles, submitted tasks, and the items that are waiting for their approval.

  Note: By default, every user in the system is assigned the Self Manager role.