Previous Topic: Manage UsersNext Topic: Modify the Access Rights

Manage UsersView Security Object Relationships in the Topology ViewerIdentify the Missing Role

Identify the Missing Role

Use the Investigator to compare two users to identify which role a user requires to access a particular resource. Roles are known as profiles in CA Top Secret and groups in RACF.

In CA Chorus a role is a collection of rules that define permissions for access to resources. Adding rules in groups helps you to administer security more efficiently and accurately.

Follow these steps:

  1. Add the Investigator Launcher to your dashboard.

    Click Start New Investigation, and select the Security discipline from the drop-down list in the Investigator.

  2. Select Definitions, Users from the discipline drop-down list.

    The Search Users view appears.

  3. Click View Filter (the magnifying glass icon) and filter users, for example by their User ID. Click Search.

    The filtered list of users is displayed.

  4. Select the users that you want to compare. Click Navigation, Add to Topology Viewer in the Actions pane.

    Note: If the Actions pane is hidden, click the double arrow in the right column to show it.

    The Topology Viewer opens and displays a pictorial object for each selected user.

  5. Right-click an object and click Show Child Objects From Roles.

    A group object appears under the parent object. The group object indicates the number of child elements that satisfy this relationship. In this example, it shows how many roles this user has.

  6. Right-click the group object and click Expand.

    The relationships between the roles for each user are displayed.

  7. Drill down into any unshared roles by clicking the role icon and selecting Show Child Objects From, Rules for User.

    Rules for that role appear in the bottom pane.

  8. Examine the rules until you find the rule that grants access to the resource you are looking for.

    You have identified the access problem.