Administration Guide › User Accounts › Tasks Associated with Roles › Administrator Tasks › User and Access Management

User and Access Management

Only users with the role of Administrator can configure and maintain user accounts, policies, and other application objects accessible from the Administration tab, User and Access Management subtab. To log on to CA Enterprise Log Manager, users must have a user account configured with a role and credentials for logging in. Predefined roles and policies enable Administrators to set up user access by defining user accounts. Creating custom roles and policies is optional.

Administrator tasks involving users and access include the following:

• Define new global users (if the user store is the default, the CA Enterprise Log Manager user store).

  When you add a new user, you create a global user. Details such as name, location, and telephone number are considered global because they can be shared. A global user is the user account information that excludes application-specific details.

• Retrieve referenced users (if the user store is a referenced user store).

  Global user details are stored in the configured user store, which can be an external directory.

• Assign predefined or custom application groups (roles) to new or referenced users.

  Application details are always stored in the repository of the management server. They are the details loaded in read-only format when you configure an external user store.

• Edit, delete, and view user accounts.
• Create custom application groups (roles) and associated policies.

  Creating user roles begins with defining a new application user group and then creating a policy defining the actions are permitted on specified resources. A user role can be a predefined application user group or a user-defined application group. Custom user roles are needed when the predefined application groups (Administrator, Analyst, and Auditor) are not sufficiently fine-grained to reflect work assignments. Custom user roles require custom access policies and modification of predefined policies to include the new role.

• Edit, delete, and view application groups and associated policies.
• Edit the CALM application access policy.

  The CALM Application Access policy is an access control list type of scoping policy that defines who can access the CA Enterprise Log Manager. By default, the [Group] Administrator, [Group] Analyst and [Group] Auditor are granted access.

• Create, edit, delete, and view access policies.

  An access policy is a rule that grants or denies an identity (user or user group) access rights to an application resource.

• Configure, edit, delete, and view access filters.

  An access filter is a filter that the Administrator can set to control what event data non-Administrator users or groups can view. For example, an access filter can restrict the data specified identities can view in a report. Access filters are automatically converted into obligation policies.

More information:

Create a Global Group

Create a Global User

Assign a Role to a Global User

Back Up All Access Policies

Restore Access Policies

Configuring Custom User Roles and Access Policies

Add an Identity to an Existing Policy

Create a CALM Access Policy

Create a Dynamic User Group Policy

Create a Policy Based on an Existing Policy

Create a Scoping Policy

Create an Access Filter

Create an Application User Group (Role)

Grant a Custom Role Access to CA Enterprise Log Manager

Test a New Policy

Create a Calendar