Previous Topic: Privileged Access RolesNext Topic: Methods to Assign Roles to a User


Create a Privileged Access Role

A privileged access role defines the tasks that role members, administrators, and owners can perform when using SAM, for example, check-in and check-out privileged accounts. If the predefined privileged access roles in CA ControlMinder Enterprise Management are not suitable for your organization requirements, you can create new ones.

Follow these steps:

  1. In CA ControlMinder Enterprise Management, click Users and Groups, Roles, Privileged Access Roles, Create Role.

    The Create Role: Select Privileged Access Role page appears.

  2. (Optional) Select an existing privileged access role to create the role as a copy of it, as follows:
    1. Select Create a copy of a role.
    2. Select an attribute for the search, type in the filter value, and click Search.

      A list of privileged access roles that match the filter criteria appear.

    3. Select the object that you want to use as a basis for the new privileged access role.
  3. Click OK.

    The Create Admin Role task page appears. If you created the admin role from an existing object, the dialog fields are prepopulated with the values from the existing object.

  4. Complete the following fields in the Profile tab of the dialog:
    Name

    Defines the name of the role.

    Description

    A textual description of the role.

    Enabled

    Specifies whether the role can be assigned to users and groups.

  5. Add tasks to the role, as follows:
    1. Click the Tasks tab.
    2. (Optional) Select a task category from the Filter tasks drop-down list

      The tasks in this category load.

      Note: The task category matches the tab on which tasks in this category appear in CA ControlMinder Enterprise Management.

    3. Select a task from the Add Task drop-down list.

      The task is added to the role.

    4. Repeat steps b through c to add more tasks to the role.
  6. Add Member and Scope Rules.
  7. Click Submit.

    The role is created.