|
|
|
You can create a scoping policy that is similar in intent to a CALM policy, except the resources are global rather than product-specific. Global resources are those resources that are used across multiple CA products. You can create policies that grant or deny access to specific global resources, accessed by buttons on the Administration tab, User and Access Management subtab.
Use the following table as a guide when creating a scoping policy that grants or denies specified Identities the ability to read and write where the resource specified is a global resource.
|
Task |
Action |
Global Resource |
|---|---|---|
|
Show, create, edit, or delete a global user, a global user group, and an application user group (role); add an application group (role) to a global user or create a global user with a role. |
read, write |
User UserGroup GlobalUser GlobalUserGroup |
|
Create, edit, copy, export, disable, test, view or delete a policy; add a calendar to a policy |
read, write |
Policy Calendar |
|
Create, edit, copy, view, or delete an access filter; view EEM Folders |
read, write |
Policy |
|
Create a calendar |
read, write |
Calendar |
|
Configure the user store; create, edit, or view password policies |
read, write |
iPoz |
When creating a filter for a global resource, refer to the filter for the CALM Application Access policy as an example. One of the things the filter does is to specify what actions go with what resource. If you click Edit on a predefined policy, you can examine the source for an example of how to enter the logic.
| Copyright © 2011 CA. All rights reserved. | Email CA Technologies about this topic |