When a user tries to access information through the Compliance Policy Administration interface, a resource authorization check occurs against the logged in user ID. The RACROUTE AUTH call submitted from the interface uses one of two entities. Additionally, the interface uses one of two possible access levels depending on the type of data the user is trying to access.
Because all CA Compliance Manager interface requests are processed through the CA LDAP Server, the following parts of the resource authorization check parameters are configurable:
Follow these steps:
Important!: Skip this step if you accept the default values for these parameters.
Indicates the high-level qualifier to use when constructing the entity name.
Default: CMGR
Indicates the resource class that RACROUTE AUTH call uses.
Default: CACMGR
The full entity name is a concatenated value consisting of the high-level qualifier value specified in the CMGRPolicyEntity parameter and REPORTS or POLICY. The latter depends on the area of the CA Compliance Manager interface the user is accessing. The following table includes examples:
|
Pane Task |
Entity |
Access Level |
|---|---|---|
|
Reports |
CMGR.REPORTS |
READ |
|
Create a policy set |
CMGR.POLICY |
UPDATE |
|
Modify a policy set |
CMGR.POLICY |
UPDATE |
|
Delete a policy set |
CMGR.POLICY |
UPDATE |
|
Create a policy statement |
CMGR.POLICY |
UPDATE |
|
Modify a policy statement |
CMGR.POLICY |
UPDATE |
|
Delete a policy statement |
CMGR.POLICY |
UPDATE |
For detailed control access and option information, see the CA LDAP Server for z/OS Product Guide.
Important! Skip this step if you accept the default values for the CMGRPolicyEntity and CMGRPolicyClass parameters in the previous step.
The high-level qualifier value that is used for the entity is the value specified in the slapd.conf file CMGRPolicyEntity parameter.
|
Copyright © 2014 CA Technologies.
All rights reserved.
|
|