The following table describes permissions that you can grant on various automation objects through custom CA EEM policies. You can grant permissions to any application groups in CA EEM. Access to automation objects and folders on any Orchestrator in an environment requires User or Content Administrator access in the Environment policy. Environment is the parent resource class to the resource classes for automation objects.
Some permissions implicitly include other permissions. When you select a specific permission, implicit permissions are selected simultaneously. When you grant an explicit permission, you implicitly grant all other permissions beneath it in the permissions hierarchy.
When you deny an implicit permission, you deny all other permissions above it in the permissions hierarchy. List permission is implicit to every other permission and dependent on no other permissions. You can deny all permissions for a group on a folder with a custom Object policy that denies permissions with List. Revoking List permission revokes every other permission on an automation object. However, revoking other permissions never revokes List permission.
Action Key |
Resource Class for Policy |
Permissions |
---|---|---|
Object_Admin |
Object |
Create a folder or create any automation object Implicit: Delete, Edit, Read, List |
Object_Delete |
Object |
Delete a folder or delete an automation object added to a folder. Implicit: Edit, Read, List |
Object_Edit |
Object |
Edit a folder or edit an automation object in a folder. Implicit: Read, List |
Object_Read |
Object |
Navigate a folder path and open any automation object in the corresponding designer or viewer. Implicit: List |
Object_List |
Object |
View a folder or view an automation object in the Library Browser. Define customized views of the library. |
Environment_Library_Admin |
Environment |
Create, Delete, Edit, Read, and List all automation objects. |
Environment_Library_User |
Environment |
View, export, and search automation objects if the access is set. Note: Implicitly inheritable by Resource Classes for automation objects |
Agenda_Control |
Agenda |
Activate and deactivate a schedule on a touchpoint. Implicit: Read, List |
Dataset_Modify |
Dataset |
Create, Edit, and Delete the dataset object. Implicit: Inspect, Read, List |
Dataset_Inspect |
Dataset |
View a dataset object and read values of variables in the dataset. Implicit: List |
Process_Control |
Process |
Suspend, restart, resume, or abort instances of a process. Implicit: Start, Monitor, List |
Process_Start |
Process |
Start an instance of a process. Implicit: Monitor, List |
Process_Monitor |
Process |
Open a running instance of a process in the Process Designer, monitor progress, and set breakpoints. Implicit: List |
Resources_Control |
Resources |
Lock, unlock, take, return, or add a parameter to a resource. Add or remove a resource unit. Implicit: Read, List |
StartRequestForm_Dequeue |
Start Request Form |
Dequeue a process that a start request form queued. Implicit: Start, List |
StartRequestForm_Start |
Start Request Form |
Start a task that a start request form defined. Implicit: List |
Execute |
TouchPoint Security |
Run scripts or programs in operators derived from specified operator categories that target specified touchpoints in a specified environment. |
Group_Config_Admin |
Group Configuration |
Define parameters for a custom operator group when defining a custom operator. Follow these steps:
Unlock publishes the named custom operator group configuration. Publication makes the group configuration available on the Modules tab in the Configuration Browser at the Domain and environment levels. |
Copyright © 2014 CA.
All rights reserved.
|
|