You can secure certain parts of CA CSM by granting or denying access using security rules, which are named resource profiles. Create these resource profiles in their associated security package using resource class CAMSM.
Important! If you grant a user permission to a *.@UPDATE resource profile, you must also grant that user permission to the corresponding *.@DISPLAY resource profile.
Grants access to CA CSM.
Grants full access to all settings on the Settings tab.
Grants full access to all system settings.
Grants DISPLAY authority to all system settings.
Grants UPDATE authority to all system settings.
Grants full access to a user's own settings, including the user's account on the CA Support Online website.
Grants DISPLAY authority to a user's own settings, including the user's account on the CA Support Online website.
Grants UPDATE authority to a user's own settings, including the user's account on the CA Support Online website.
Grants full access to the resources on the LMP Keys Browser page.
Grants access to Update Keys on the LMP Keys Browser page.
Grants access to Refresh Site IDs on the LMP Keys Browser page.
Grants full access to the resources on the Configurations tab.
Grants display only access to the resources related to SCS.
Grants full access to create or update the resources related to SCS.
Grants full access to the resources on the Deployments tab.
Grants access to implement configurations on remote systems.
Grants full access to the resources on the Deployment tab.
Grants read-only authority to information provided on the Deployments tab.
Grants authority to create deployments, assign systems and custom data sets as well as all actions for the deployment if your CA CSM user ID is marked as the owner of that deployment.
Grants authority to create and update deployments, assign systems and custom data sets as well as previewing the deployment.
Grants authority to perform a snapshot, transmit, deploy, and confirm a deployment.
Grants full access to all methodologies.
Grants read access to all methodologies.
Grants full access to only those methodologies where you are listed as the owner.
Grants access to create, edit, and remove methodologies from within the Maintain Methodologies page. It also controls the availability of the Edit button next to the methodology within the deployment view.
Grants full access to the resources on the Products tab.
Grants full access to the actions on the Products tab.
Grants access to all Update Catalog actions on the Products tab.
Grants access to the Show License Keys action in the Actions section on the Products tab.
Grants access to the Add Product action in the Actions section on the Products tab.
Grants access to the Install External Package action in the Actions section on the Products tab.
Grants access to the Hide Product action in the Products tree and to the Show Products button on the Show Hidden Products dialog on the Products tab.
Grants access to the action to update work DDDEF settings during product installation.
Grants full access to the actions on the SMP/E Environments tab.
Grants access to the action to migrate an SMP/E environment.
Grants access to Remove SMP/E Environment from CA CSM on the SMP/E Environments, SMP/E Environment Information tab. The permission is for the specified SMP/E environment.
Specifies the data set names of the SMP/E environments that the user can remove.
The value can be a full name that matches one SMP/E environment or a prefix that can match multiple SMP/E environment data set names.
Grants full access to the resources on the System Registry tab.
Grants display authority to all System Registry values.
Note: Users defined with this access are not allowed to create, delete or update any information on any of the panels.
Grants full access to the actions on the System Registry tab.
Grants access to the Create Non-Sysplex System link, the Create Sysplex link, the Create Shared DASD Cluster link and the Create Staging System link. It also enables the Create button from within the display for each primary node of the System Registry tree as well as the Create button within Data Destinations. Create authority also implies Update authority.
Grants access to the Select check box and the Remove item from within the Actions button from within each primary node of the System Registry tree.
Note: If the user does not have this authority, these items are disabled.
Grants full access to the profile information within each primary node of the system registry. Profile Information is applicable to those CA CSM users within your organization that create or implement configurations. If this access is not granted, the system profile information will not be displayed within the web-based user interface.
Note: Implementations can result in changes on the remote system that, if done incorrectly, could adversely affect the stability of that system. We recommend that you restrict authorization to this profile.
From within each system node of the system registry, a user with this access does not have authority to modify any values within a profile. These items are displayed but all Action buttons are disabled.
From within each system node of the system registry, grants access to create an occurrence of a profile or update any existing values within a profile. If the system registry is secured with the resource rule SYSREG@PROFILE.DISPLAY, this access rule is required to allow updating of any profile information.
Grants full access to all systems defined within the System Registry tab.
Grants access to the “system name” within the System Registry tab. If a system is created within a CA CSM session and specific system level security is desired, the security administrator must grant access to the newly defined system before it will become visible to the CA CSM user. Security at this level simply controls which defined systems are available to the user. The ability to update or delete information with the defined system is permitted using the SYSREG.@ACTION.CREATE, SYSREG.@ACTION.REMOVE, and SYSREG.@PROFILE.UPDATE resources.
Grants access to Manage History functionality within the Task tab and allows authorized users to create, run, or delete task archive policies.
Grants access to delete user's own tasks.
Grants access to delete any tasks.
|
Copyright © 2014 CA.
All rights reserved.
|
|