Administration Guide › Custom Roles and Policies › Sample Policies for Suppression and Summarization Rules
Sample Policies for Suppression and Summarization Rules
You can authorize non-Administrators to create custom suppression rules and custom summarization rules by creating one custom role, one CALM policy and one scoping policy. You can give other non-Administrators the ability to view custom suppression rules and custom summarization rules by creating an additional custom role with an associated scoping policy. You add both custom roles to the CALM Application Access policy and assign users to these roles.
The following example procedure shows you how to do this.
- Create an application user group called Create-SUP-SUM-Rules.
- Create an application user group called View-SUP-SUM-Rules.
- Grant both roles access to the CA Enterprise Log Manager product.
- Create a CALM policy that grants Create-SUP-SUM-Rules users the ability to create summarization and suppression rules or import them while logged on to CA Enterprise Log Manager.
- Create a scoping policy that grants Create-SUP-SUM-Rules users the ability to view or edit custom summarization or suppression rules that have been saved to the EEM folder, /CALM_Configuration/Content/Rules/Suppression or /CALM_Configuration/Content/Rules/Summarization.
- Create a scoping policy that grants View-SUP-SUM-Rules users the ability to view custom summarization or suppression rules.
- Test the policies
- Assign users to the new roles. For example, external auditors may want to be able to view your summarization and suppression rules. To permit this, you could assign a role similar to View-Sup-Sum-Rules to such users.
An alternative to creating two new roles explicitly for the create/edit/view task and the view-only task is to expand the roles of the predefined Analyst and Auditor roles. For example, you could eliminate steps 1, 2, 3, and 8 of the previous procedure and instead assign the Analyst as the identity to EventGrouping Create policy and View-Edit-SUP-SUM-Rules and assign the user group Auditor as the identity to View-SUM-SUP-Rules.
More information:
Create an Application User Group (Role)
Grant a Custom Role Access to CA Enterprise Log Manager
Test a New Policy
Assign a Role to a Global User