|
|
|
The basic principle of user administration is allowing the user to access only the resources they need to perform their job. You should also base access rights on a user's responsibility or job role, rather than on the individual user ID. By using these simple rules, you ensure that you are building a structure that does not require constant administrative attention.
CA Top Secret security lets you meet this objective by building profile records that reflect the many job roles and responsibilities in your organization. To start your security implementation, map job roles and responsibilities to CA Top Secret security profiles, and then map those profiles to account templates. You can then implement a provisioning role with the appropriate account template that maps into your CA Top Secret profile. This results in an ACID that has the appropriate CA Top Secret permissions for that job function.
If you spend time building a good profile structure before you start protecting resources, you will have a well-designed security system and simplified administration. Failing to build a strong profile structure results in custom administration based on individual access rights. The load on your security administrators increases as you protect more and more resources. As a result, users have access to the resources that they need to do their job function in addition to other resources that reflect previous job functions and responsibilities. Consequently, the administration tasks continue to increase over time.
| Copyright © 2011 CA. All rights reserved. | Email CA Technologies about this topic |