CA GovernanceMinder implements RBAC standards without affecting an organization's on-going operation. CA GovernanceMinder implements the concept of a sandbox to separate CA GovernanceMinder's operation from the organization's on-going security environment (production server). The assumption is that when working with CA GovernanceMinder, existing access definitions must first be imported into a sandbox. A sandbox is an offline PC computer on which CA GovernanceMinder is installed where role discovery and audit activities are performed without affecting current operations of the organization. All work on discovering new or refining existing access definitions is performed in the CA GovernanceMinder environment.
CA GovernanceMinder defines roles as a group of users that have a common set of privileges. By users, CA GovernanceMinder refers to people or functions: employees, customers, suppliers, representatives, and so on. A resource is a specific right of access that may be an operation or object in formal RBAC terms. Thus, a resource can be as specific as a particular access right (Read/Write/Execute) to a specific file in a specific file system on a specific system, and it can also be used to provide a model for access to a computer system (such as, a user group on that system). A privilege is a connection between a user and a resource, indicating that this user possesses a specific access right. A role can include a set of users and a set of resources, with the semantics being that all users in the user set are allowed access to all resources in the resource set.
Most of CA GovernanceMinder's work is performed within a CA GovernanceMinder configuration that is automatically created when access data is imported into CA GovernanceMinder. By configuration, CA GovernanceMinder means a data structure that holds a snapshot of the definition of users, resources and roles (if already defined) and the relevant relationships (privileges) between them.
The following shows the CA GovernanceMinder architecture and how it relates to existing systems in your enterprise:
|
Copyright © 2014 CA.
All rights reserved.
|
|