CA CSM does not use the distinctions of READ, UPDATE, CONTROL, and ALTER for access to resources. Instead, access is encoded into the resource name. If you have access to a resource, you can perform the specified action on the resource.
The granted authority level is immaterial. Access to the resource is managed in a binary manner: either you can access the resource (any combinations of READ, UPDATE, CONTROL, or ALTER), or you cannot access the resource. For example, the following resource profiles control access to the system settings on the Settings tab:
Enables a user to display and update the system settings.
Enables a user to display the system settings.
Enables a user to update the system settings.
For resources that have both an @DISPLAY and an @UPDATE profile, granting access to only the @UPDATE profile is an error. Because you have no authority to display the value, you cannot change the value, even though that level of access is granted.
Because all the system settings are organized under ADMIN.SETTINGS.SYSTEM, you can give access to all system settings by granting one or more users to the ADMIN.SETTINGS.SYSTEM profile. These users would be taking on the administration role for CA CSM.
User settings are organized under ADMIN.SETTINGS.USER. The settings are maintained separately in CA CSM for each user. Access to display or update a resource is managed through the @SELF qualifier in the resource profile. For example, authorizing the user IDs, USER01 and USER02, to the ADMIN.SETTINGS.USER.@SELF.@DISPLAY and ADMIN.SETTINGS.USER.@SELF.@UPDATE profiles enable the users to update their own web-based interface settings. However, USER01 cannot display or update the settings for USER02. We recommend that you grant permission to ADMIN.SETTINGS.USER.@SELF to all CA CSM users.
|
Copyright © 2014 CA.
All rights reserved.
|
|