CA ITCM creates the following pre-defined security profiles at the time of installation and uses them internally for various purposes:
Specifies the owner of an object who is a member of this profile. For example, if you are allowed to create an object, say an Asset Group, you are the owner of the group if you create a new one. By default, this profile has Class Permissions Full Control for all object classes. All the system-created objects have the ownership as Unassigned. However, any authorized user can take ownership of the objects. You can see the ownership of an object in both the Object Permissions and Class Permissions dialog.
Specifies all of the unmanaged users who are members of this profile. If an unmanaged user logs into CA ITCM, the class permissions specified in this profile is applicable to that user. This profile has Class Permissions of No Access for all object classes. Hence, the member of this profile cannot even browse anything. The administrator can specify permissions as required for example, Read, for all classes.
Specifies the profile that belongs to enterprise administrator who initiates distributions to this domain manager.
Specifies the profile that belongs to local Windows administrators group on the manager. It has Full Control for all object classes.
Specifies the access rights that the predefined certificates must have to enable the DSM component to perform its job out of the box. The following profiles are available under this security authority:
Important! Do not modify these certificate profiles for any reason because it may cause certain DSM components to fail. If you have modified any of these profiles inadvertently, reset them to have their default permissions.
Allows one domain manager to authenticate with another domain manager during the agent move operation.
Allows the scalability server and manager registration to authenticate to a manager.
Allows the directory synchronization engine job to authenticate to a DSM manager.
Provides authentication for the CSM agent controller.
Used to authenticate the SD catalog with the manager.
Allows access to the domain password. The engine at the domain manager uses this certificate to access the domain password.
Allows access to the enterprise password. The engines at the domain and enterprise tier use this certificate to access the domain password.
Allows access to domain and enterprise passwords. The DSM Reporter uses this certificate. You can regenerate this certificate without affecting the certificates used by the engines.
|
Copyright © 2013 CA.
All rights reserved.
|
|