Administration Guide › Policies › Predefined Access Policies › Examine Policies for All Users

Examine Policies for All Users

You can examine policies for all users. Edit the CALM Application Access policy to define custom roles. All custom roles must be added as identities to this policy.

To examine policies for all users

1. Click the Administration tab and then click the User and Access Management subtab.
2. Click Access Policies in the left pane.
3. Display the CALM Application Access policy as follows:
   1. Select Show policies matching name.
   2. Enter CALM*.
   3. Click Go.
4. Examine the CALM Application Access policy.

   This policy grants read and write access to the listed resources for all members of the default application user groups (Administrator, Analyst, and Auditor) and to others who use the CA Enterprise Log Manager API:

   

   The listed resources are as follows:

   • The ApplicationInstance resource is CAELM, which refers to the CA Enterprise Log Manager product.
   • Policy refers to access policies.
   • User is any user added to a CA Enterprise Log Manager application user group.
   • GlobalUser is any user defined in the user store within CA Enterprise Log Manager or referred to from CA Enterprise Log Manager.
   • AppObject with the pozFolder value to the Profiles folder refers to profiles.
   • AppObject with the pozFolder value to the flex folder refers to the dynamic time range XML used to populate the time ranges drop-down list in the Result Conditions step of query-based wizards.

   The filter for CALM application access specifies the action limitations on each resource.

   

5. Search for policies for all users as follows:
   1. Click Access Policies in the left pane.
   2. Select Show policies matching identity. Clear other selections.
   3. Enter [All Identities] in the Add identity field.
   4. Click Add.
   5. Click Go.

   Four policies appear, including the CEG Policy and the Default Data Access Policy. (If you do not explicitly enter [All Identities], many additional policies display.)

6. Examine the Default Data Access Policy.

   The predefined Default Data Access policy on the CALM resource class grants all users access to CA Enterprise Log Manager data to the extent specified in an access filter. An access filter is translated into an obligation policy with the FulfillOnGrant Action to dataaccess/CALM/Data.

   

7. Examine the scoping policy, CEG Policy.

   The predefined CEG Policy grants all users with CALM Application Access the ability to view Common Event Grammar fields. Therefore the CEG fields appear in drop-down lists for simple and advanced filters for all users, because all users can set global and local filters for the queries they run. Users with rights to create and edit queries can set the filters for the queries they create and edit. This policy also helps ensure that all users can view the Global Configuration settings.