Administration Guide › Policies › Predefined Access Policies › Examine Policies for Administrators

Examine Policies for Administrators

Administrators assign the Administrator role to users who are to have full access to the CA Enterprise Log Manager application and all of its features. You can examine the predefined policies for Administrators to see how to grant access to those users who are to perform the following tasks:

• Create EventGrouping, that is, create suppression and summarization rules using common event grammar.
• Create Integration, that is, create data mapping and message parsing files using common event grammar.
• Create EventForwarding, that is, create rules to forward events to third-party systems.
• Run Database, that is, query with Archive Catalog Query for the names of databases that have been backed up and moved to an external archive solution.
• View or edit policies.
• View or edit user-defined calendars.
• View or edit any application object. Application objects are report templates, query templates, scheduled report jobs, alert jobs, profiles, service configurations, data mapping (DM) files, message parsing (XMP) files, suppression and summarization rules, and event forwarding rules.
• Create filters with the iPoz attribute of AppObject.
• View the folders listed under Administration, User and Access Management, EEM Folders and edit any user-defined data in these folders.
• View or edit details for any application user, application user group, or global user.
• Any Analyst or Auditor tasks.

To examine predefined policies for Administrators

1. Click the Administration tab and then click the User and Access Management subtab.
2. Click Access Policies in the left pane.
3. Search for policies for Administrators as follows:
   1. Select Show policies matching identity.
   2. Enter ug:Administrator in the Add identity field.
   3. Click Add.
   4. Click Go.

   All policies for [All Identities] and ug:Administrator appear.

4. Examine the CALM access policy, Administrator Create Policy.

   This policy defines the actions that can be performed against application-specific resources. The policy grants users assigned the application user group, Administrator, the ability to perform the specified actions as they apply to the specified resources.

   

5. Examine the CALM access policy, Admin Agent Manager Policy.

   The policy grants Administrators the right to create agent groups, edit all agent groups, configure connectors, and create integrations. The policy lets Administrators edit the Agent Authentication Key for the application instance of the CA Enterprise Log Manager server to which the agent transfers collected events. By default, the configured Agent Authentication Key applies to all CA Enterprise Log Manager servers across application instances, but can be set to be unique to the application instance.

   

6. Examine the scoping policy, Administrator Default Policy.

   This policy grants Administrators the right to view, edit, or delete the listed resources. The listed resources are not specific to CA Enterprise Log Manager, and AppObject. AppObject refers to application-specific objects, which are resources listed in the CALM Administrator Create policy and in the CALM Admin Agent Manager policy.