For every custom CALM policy involving EventForwarding, EventGrouping, Integration, Profile, or Report that you create from scratch, you create a scoping policy on AppObject. The scoping policy has read/write access that filters on the EEM paths for each CALM resource listed in the corresponding CALM policy. The same user groups that are Identities for the CALM policy are assigned as Identities to this policy. To complete the policy set, create an additional scoping policy for read only, assign an Identity that can only view the resource, and enter a filter with an EEM folder path.
Note: Whether a CALM policy requires a supporting scoping policy depends on the resource that the CALM policy uses. For example, the Database, Tag, and Alert resources are purely CALM resources and no scoping policies are required for them. Scoping policies are not required for agent-related resources either.
You can view EEM folders from the Administration tab, User and Access Management subtab. When you select a folder such as Suppression, that path is displayed. See the following example:
You specify the EEM folder path as the value in an expression that begins with pozFolder CONTAINS, as shown in the Filters section of a Policy definition. An example follows:
The following tables provide guidelines for the value specified in the filter of a scoping policy that is related to a CALM policy that grants, or denies, access to specific CALM resources.
Note: There is not a one-to-one correspondence between the CALM resources and the folders.
When creating a scoping policy that grants access to the content of this CALM resource |
Add a filter specifying this EEM Folder path |
---|---|
EventForwarding |
pozFolder CONTAINS /CALM_Configuration/Content/Rules/Forwarding |
EventGrouping |
pozFolder CONTAINS /CALM_Configuration/Content/Rules/Summarization pozFolder CONTAINS /CALM_Configuration/Content/Rules/Suppression |
Integration (Server) |
pozFolder CONTAINS /CALM_Configuration/Content/Mapping pozFolder CONTAINS /CALM_Configuration/Content/Parsing |
Profile |
pozFolder CONTAINS /CALM_Configuration/Content/Profiles |
Report |
pozFolder CONTAINS /CALM_Configuration/Content/CEG pozFolder CONTAINS /CALM_Configuration/Content/Reports |
When creating a scoping policy that requires access to this CALM module |
Add a filter specifying this EEM Folder path |
---|---|
Agent Manager |
pozFolder CONTAINS /CALM_Configuration/Modules/AgentManager |
Event Log Store |
pozFolder CONTAINS /CALM_Configuration/Modules/logDepot |
Report Server |
pozFolder CONTAINS /CALM_Configuration/Modules/calmReporter |
Subscription Module |
pozFolder CONTAINS /CALM_Configuration/Modules/Subscription |
Copyright © 2011 CA. All rights reserved. | Email CA Technologies about this topic |