Enterprise Policy Management (EPM) is an access management model that lets you protect business applications without an in-depth knowledge of CA SiteMinder®-specific concepts and components.
EPM presents policy configuration in the context of securing an application. To protect an application, you create an Application object and are only required to provide data for configuration settings that do not have defaults. Modifying other settings is optional. EPM therefore makes policy configuration more straightforward. You can manipulate additional CA SiteMinder® settings that allow you to define more fine-grained protection of an application; however, such manipulation is not required.
For the administrator already familiar with CA SiteMinder® domain-based policies, there is a relationship between the application-oriented concepts and the underlying CA SiteMinder® policy objects. This relationship is reflected in the CSP console and is shown in the following table:
|
Application Dialogs and Group Boxes |
Underlying SiteMinder Component |
|---|---|
|
General settings |
Defines the policy domain |
|
Components |
Defines the realm |
|
Resource |
Specifies the rule |
|
Application Roles |
Define the policy users |
Application roles define the set of users who have access to a resource or group of resources defined in an Application object. Roles can include all users in configured user directories, be limited to selected groups, organizations, and users with matching user attributes, or specified using a named or unnamed expression.
EPM offers the following benefits:
The focus on applications relates closely to the view of access management by most businesses.
The security enforcement model for EPM is no different than implemented by the more CA SiteMinder®-centric model. However, the CA SiteMinder®-specific components are hidden from configuration.
Securing resources is simplified—you name the application, the application resources that need protecting, and the application roles that are permitted access. You are not required to examine or modify every aspect of a component to establish a security policy.
A CA SiteMinder® administrator can grant access to an application without expert knowledge of CA SiteMinder®. This ability enables a senior security administrator to delegate access management responsibilities to other administrators.
|
Copyright © 2013 CA.
All rights reserved.
|
|