A security profile represents an operating system user account or group in the domain manager (local profiles) or in its network domain (domain profile). You can also create security profiles for users in the trusted domains. Every user should have a valid security profile to log in to the system. If new users are added to a managed group, they automatically inherit the access rights given to the group and can immediately log in to the system.
A user can be a member of multiple profiles. However, each profile can be mapped to only one user or group. For example, a user who is a member of a group can have two profiles–one mapped to the user account and the other mapped to the group. In this case, the user will have the UNION of permissions in both profiles.
If a user is a member of more than one security profile, the effective permission for that user is a UNION of the permission of each of the individual permissions defined for each security profile (like OR'ing all permissions).
If you want to deny access for a user of an individual security profile, you must remove that user from the security profile.
Further, you can link a security profile to a security area to restrict the user or group to access only those objects that are linked to the security area of the profile.
CA ITCM creates predefined security profiles and lets you create as many profiles as you want, using the Security Profiles dialog.
Note: It is recommended that at least one of these profiles has Full Control access rights to the CA ITCM system.
|
Copyright © 2013 CA.
All rights reserved.
|
|