Administration GuideCustom Roles and PoliciesConfiguring Custom User Roles and Access Policies › Add an Identity to an Existing Policy

Previous Topic: Grant a Custom Role Access to CA Enterprise Log Manager

Next Topic: Create a CALM Access Policy

Add an Identity to an Existing Policy

When you create a new application user group, you can add the new group to existing policies, if applicable. When you create a user that has no role but has access limited with an access filter, you can add such a user to existing policies.

Important! When working with the installed access policies, take special care not to delete them as they are not locked or protected.

If a predefined access policy is accidentally deleted, users will be unable to access the CA Enterprise Log Manager server until it is restored. You can restore policies using the safex utility.

To add an identity to an existing policy

  1. Select the Administration tab, click User and Access Management, and then click Access Policies on the left pane.
  2. Click the policy type, and then select the policy that applies to the new application user group. View the Identities pane.
  3. For Type, select Application Group.
  4. Click Search Identities.
  5. Leave Name as the attribute and LIKE as the operator. Click Search.

    The name of the new application group appears in the displayed list of identities.

  6. Select the name of the new application group and click the move button to move the group name to the Selected Identities box.
  7. Click Save.

More information:

Step 4: Add PCI-Analyst to Existing Policies