Role objects let you manage system permissions and privileges to define and simplify different access levels. For example, some users require view access to reports that are specific to their job titles. Other users must perform advanced searches and want to create subscriptions (groups of reports) for their teams. A different set of users wants to upload information to a repository. Also, your database and report administrators want extensive access and security permissions to manage the system and everyone who is using it.
The System Administrator or Group Administrator (GA) assigns all privileges and permissions to a role object, not to an individual. The Group Administrator can then assign all those individual users to the role as needed. This action creates a group of people who each have all the system access capabilities that are associated with that role.
CA OM Web Viewer includes only the Default User and System Administrator roles. You can define other role types manually. Although the other role types let you have more than one role object of a particular type, you can only have one System Admin.
If a user with valid mainframe credentials logs in to CA OM Web Viewer, but does not have access to any role, that user logs in using the Default User Role. Also, if the user has not been previously defined, that user has a user object defined automatically, and placed in the Default User Role. For more information, see Auto Enrollment - Mainframe Users.
The Default User Role can have repositories and privileges assigned to it in the same manner as any other role.
The System Admin has complete access to the CA OM Web Viewer system. This role cannot bypass existing mainframe repository data restrictions in CA Dispatch, CA Deliver, or CA View.
All future Roles contain a subset of the System Admin privileges. The System Admin role is the only role in Web Viewer that can have a role type of System Administrator.
When you install CA OM Web Viewer, you must define a default system administrator. This Default System Administrator is the first member of the System Admin Role. You can add other users to the Role later to have more than one user with System Admin privileges.
Administrators design and maintain roles to control user permissions and their access to data, databases, repositories, and reports in the system. You can give an individual user more than one role assignment. For example, you have a Bank Teller role and you assign ten individual Bank Tellers, but you can assign the Bank Manager to a Bank Manager role, and also to the Bank Teller role.
This setup lets the Bank Managers operate with the privileges and data that the Bank Tellers use, but it also allows the manager to access a different set of data assigned to Bank Managers specifically.
Roles make the designation of privileges much less labor intensive:
|
Functionality |
Basic User |
Advanced User |
Group Admin |
Systems Admin |
|
LDAP Authentication |
Yes |
Partial, LDAP Mainframe Hybrid Profile Object Only |
No |
No |
|
Mainframe authentication (CA Top Secret®, CA ACF2™, RACF) |
Yes |
Yes |
Yes |
Yes |
|
View Subscribed Favorites (Report, Report Search Filter, Cross-Report Index-Value Report Section, Report Index and Report Index-Value Report Section)) |
Yes |
Yes |
Yes |
Yes |
|
Text Find/Go to Page |
Yes |
Yes |
Yes |
Yes |
|
Create Browse Favorites or Bookmarks |
Yes |
Yes |
Yes |
Yes |
|
Print, Email, Export (the number of pages can be limited) |
Yes |
Yes |
Yes |
Yes |
|
Advance Search (Search for unsubscribed reports and Cross-Report Indexes) |
No |
Yes |
Yes |
Yes |
|
Edit Report Comments (CA View only) |
No |
Yes |
Yes |
Yes |
|
View Report Information (Report metadata) |
No |
Yes |
Yes |
Yes |
|
Create Web Viewer Internal Favorites (Report, Report Search Filter, Cross-Report Search Filter, Cross-Report Index-Value Filter, Cross-Report Index-Value Report Section, Report Index, and Report Index-Value Report Section) |
No |
Yes |
Yes |
Yes |
|
View Web Viewer Internal Favorites (Report, Report Search Filter, Cross-Report Search Filter, Cross-Report Index-Value Filter, Report Index, and Report Index-Value Report Section) |
No |
Yes |
Yes |
Yes |
|
Remove Internal Web Viewer Favorites (Any Type) |
No |
Yes |
Yes |
Yes |
|
View Unsubscribed Material |
No |
Yes |
Yes |
Yes |
|
View Annotations Notes (CA View only) |
Yes |
Yes |
Yes |
Yes |
|
Other Annotation Actions (CA View only) (View Annotations, Edit Annotations, Delete Annotations, Create Annotations, Create Annotation Notes, Delete Annotation Notes, Create Annotation Bookmarks, View Annotation Bookmarks, Delete Annotation Bookmarks, |
No |
Yes |
Yes |
Yes |
|
Subscriptions (Create Private Subscriptions, Create Public Subscriptions, Delete Your Subscriptions) |
No |
Yes |
Yes |
Yes |
|
Assign Subscriptions to Roles |
No |
No |
Partial, can only edit Roles below this Role in the hierarchy |
Yes |
|
View Role Hierarchy |
No |
No |
Partial, can only see Roles below this role |
|
|
View, Edit, Delete Role Properties |
No |
No |
Partial, can only edit Roles below this Role in the hierarchy. |
Yes |
|
Create New Role |
No |
No |
Yes |
Yes |
|
Create Profiles |
No |
No |
Yes |
Yes |
|
Assign LDAP Directory to Repository |
No |
No |
Partial, can only edit Roles below this Role |
Yes |
|
Profile (View Edit, and Delete) |
No |
No |
Partial, can only access users created by this Role or sub Role of this Role |
Yes |
|
User (Create, Edit, Delete, and Find) |
No |
No |
Partial can only access users created by this Role or sub Role of this Role |
Yes |
|
Repository (Create, edit properties, or delete) |
No |
No |
No |
Yes |
|
Create LDAP Directory Reference |
No |
No |
No |
Yes |
|
Edit System-wide Preferences |
No |
No |
No |
Yes |
|
View Repository Status Panel |
No |
No |
No |
Yes |
|
View User Status Panel |
No |
No |
No |
Yes |
|
View Admin Information Panel |
No |
No |
No |
Yes |
|
View Audit Log |
No |
No |
No |
Yes |
|
Import Admin Objects |
No |
No |
No |
Yes |
|
Export Admin Objects |
No |
No |
No |
Yes |
|
Copyright © 2014 CA Technologies.
All rights reserved.
|
|