Previous Topic: CA ACF2 Scope XREFNext Topic: Rules

Viewing Security Object Data in the InvestigatorSecurity DefinitionsCA Top Secret Scopes

CA Top Secret Scopes

CA Chorus for Security and Compliance Management lets you see the scope of authority in the Details pane for each scope list ID. The Top Secret Scopes category lets you view scope records. These records limit the authority a specially privileged user has over ACIDs, access rules, and other security system records. For your security hierarchy, the security administrator is responsible for the scope of authority. CA Top Secret provides several different levels of control ACID scope. Each level corresponds to a level in your corporate structure. By virtue of your security title in the hierarchy of your company, you have scope over one or several areas. In addition to scope authority, you need administrative authority to view and change entities within your scope.

Title

Scope

Example

MSCA

Entire installation

The master SCA (MSCA) can create and modify all entities and CA Top Secret administrators, including SCAs, LSCAs, ZCAs, DCAs, VCAs, and auditors.

SCA

Entire installation

The scope of authority for an SCA depends on the administrative authorities that they were granted. An SCA can create ZCAs, DCAs, VCAs, Profile, and User ACIDs, but not other SCAs.

LSCA

A zone, another LSCA, or both

An LSCA can have all the authority of an SCA, but unlike the SCA, the LSCA must have a scope of authority that is assigned to it. This scope of authority can be one or more LSCAs, zones, or both.

ZCA

A zone

A zone security administrator can perform the following tasks:

  • Permit access to resources owned by the zone, all connected divisions, departments and users within that zone.
  • Define profiles and perform maintenance for ACIDs that are within their scope.
  • Create ACIDs in their zone.
  • Permit ACIDs in other zones to access resources in their zone, but the ZCA cannot perform maintenance for ACIDs in other zones.

VCA

A division

A divisional security administrator can perform the following tasks:

  • Permit access to resources owned by their division, all departments and users within that division. The VCA can also define profiles and perform maintenance for ACIDs that are within their scope.
  • Create ACIDs in their division.
  • Permit ACIDs in other divisions to access resources in their division, but the VCA cannot perform maintenance for ACIDs in other divisions.

DCA

A department

A department security administrator has the same scope over a department that a VCA has over a division. DCAs can also create ACIDs in their department.

Example: Review Scope of Authority in Your New Department

You have been transferred to a new division that secures sensitive information for your company. As you begin your new role, you want to understand the entities within your scope. Additionally, you want to identify the other security administrators that have scope over your division.

  1. Add the Investigator to your dashboard.
  2. Select Security from the drop-down list.
  3. Select Definitions, CA Top Secret Scopes from the folder list.
  4. Click the Filter icon, which resides above the table on the left.
  5. Filter your data to display the applicable Scope list ID.
  6. Review the scope as noted in the Details pane, including the administrators.

    You now have a better understanding of your division. However, you are concerned about the number of administrators who can potentially change entities in your division. You decide to share your concerns with your manager.