Administering › Managing Profile Objects › Profile Security and Auditing

Profile Security and Auditing

Since a profile lets many users share a single set of mainframe security credentials, use extra care when you define the access to CA View or CA Bundl by these credentials.

Note: This section refers to using a profile a proxy user account, and is largely not applicable to the LDAP Mainframe Hybrid Profile Object.

Determining Access

• To determine profile access, view which roles have this profile. The Assigned Roles drop-down on the Edit Profile pane lists these roles.
• Anyone that successfully logs in to one of the Assigned Roles can access this profile.
• Depending on the role permissions, users may not have complete access to all the information in which a profile has access. However, a role that uses a particular profile can never have access to more information than the profile.

Disseminating Information

• All repositories or data assigned to a profile’s credentials for CA View or CA Bundl can be assigned to any Basic User type role by the System Administrator or the Group Administrator who created the profile object.
• Members of the role who created the profile object are responsible for assigning it to the correct roles and users.
• Anyone in the same role as a profile creator can grant the right to grant the Profile to other Roles.
• Additionally, the System Administrator can assign the profile to any role.
• Once you give a profile access to information (Repositories or Reports), members of the Group Administrator role that created the profile or the System Administrator can assign any of the information that profile has access to any Basic User type role they have access to edit.

Auditing User Access

• CA OM Web Viewer lets you audit the actions of all users, and does not treat all users in a single profile as a single user.
• Although to CA View or CA Bundl auditing, all the LDAP users logged in to a single profile appear to be the same user logged in multiple times, in CA OM Web Viewer auditing they are audited separately.

  For example, if User A and User B both share a profile, their actions are audited separately in CA OM Web Viewer, but might appear like the same user logged in twice to CA View or CA Bundl auditing since they are using the same credentials as provided by the profile.