Administration Guide › Custom Roles and Policies › Configuring Custom User Roles and Access Policies › Create a CALM Access Policy
Create a CALM Access Policy
You can create a CALM access policy to grant (or deny) one or more valid actions on one or more CALM resources.
The following CALM resources are application-specific; that is, they are used only by the CA Enterprise Log Manager product:
- Alert
- AgentConfiguration
- AgentAuthenticationKey
- ALL_GROUPS
- Connector
- Data
- Database
- EventGrouping
- Integration
- Profile
- Report
- Tag
To create a new CALM policy from scratch
- Click the Administration tab and the User and Access Management subtab.
- Click Access Policies.
- Click the New access policy button to the left of the CALM folder.
- Enter a meaningful name for the policy and, optionally, a short description.
- If this policy is temporary, select the Calendar with the date range to which it applies.
- Accept CALM as the resource class name.
- Select Type in the General panel according to the following criteria:
- Use the Identities area to select the users or groups to which this policy applies as follows:
- Select Application Group for Type or one of the other options, click Search Identities, and click Search.
- Select identities from those available and click the Move button to move them to the Selected Identities box.
- If the policy type is access policy, complete the access policy configuration as follows:
- Enter a CALM resource in the Add resource field and click Add.
- Select each Action that the selected identities are to be able to perform on any selected Resource, where valid actions include the following: annotate, create, dataaccess, edit, and schedule. You cannot grant the ability to perform a given action on one resource and not another where it is valid.
- If the policy type is access control list, complete access control list configuration as follows:
- Enter a CALM resource in the Add resource field and click Add.
- Select each Action that the selected identities are to be able to perform on this Resource, where valid actions include one or more of the following: annotate, create, dataaccess, edit, and schedule.
- Repeat the last two steps for each resource to be addressed by this policy.
With this type, you can grant the ability to perform an action such as create on one resource but not on another.
- If the policy type is identity access control list, complete the identity access control list configuration as follows:
- For each identity selected, select the Actions to be granted or denied on all resources for which they are valid.
- For each resource to be added, enter a CALM resource name in the Add resource field and click Add:
- Review the check boxes at the top and select any that apply:
- Select Explicit Deny to change the policy from one that grants access to one that denies access
- Select Disabled to inactivate this policy temporarily, if new.
- Select Pre-Deployment and then select Assign Labels and add the labels if using this policy for testing purposes and you want to categorize the policies with custom labels.
- Click Save and then click Close on the left pane.