Administer the CA Process Automation Domain › Configure the Contents of the Domain › Configure CA EEM Security Settings for the Domain

Configure CA EEM Security Settings for the Domain

Most of the CA EEM security settings are established during the Domain Orchestrator installation. One CA EEM instance manages security for the CA Process Automation Domain. Therefore, these same settings apply to all environments in the Domain and to all Orchestrators within all environments. You can change the read-only settings by reinstalling the Domain Orchestrator.

Follow these steps:

1. Click the Configuration tab.

   The Security tab displays.

2. Examine the settings that were created at installation. For example, the EEM Application Name value is the value that you must enter for Application in the following cases:
   • When you log in to CA EEM to create user accounts.
   • When you assign default groups to new or referenced users.
3. Examine the CA EEM Cache Update Interval value.

   This value expresses the interval (in seconds) between CA EEM cache updates. The CA EEM cache contains current CA Process Automation user account, group, and policy settings. When CA EEM updates the cache, it sends CA Process Automation the contents of the refreshed cache. The default value, which optimizes the system performance, is 1800 seconds (30 minutes).

   • The default value is adequate after all users are configured in CA EEM.
   • To make this task go more quickly, reduce the update interval to the minimum (60 seconds) while you test and refine custom policies. Consider reducing the interval at the environment level for the environment on which you test.
4. Examine the Default Active Directory Domain value, if set.

   This value is set only if CA EEM is configured to use an external user store and Multiple Microsoft Active Directory Domains is selected. CA Process Automation users referenced in the AD domain specified here can log in with an unadorned user name. CA Process Automation users referenced in other selected AD domains are authenticated with their principal names (that is, domain_name\user_name). The same difference in naming conventions extends to how user identities are referenced in the main pane of the Library tab.

5. To reset either of the editable values:
   1. Select the Domain node and click Lock.
   2. Select a new value.
   3. Click Save.
   4. Select the Domain node and click Unlock.

   If you reduced the CA EEM Cache Update Interval, consider suppressing the CA Process Automation permissions cache. See Control Caches of CA EEM Updates.