Administer Advanced CA EEM Security › Touchpoint Security with CA EEM › Create a Touchpoint Security Policy

Create a Touchpoint Security Policy

Running a process runs specific operators on specified targets in a specified sequence. A custom Touchpoint Security policy grants permission to specified users or groups to run specified operators on specified targets. The CA EEM administrators can create a touchpoint security policy.

Follow these steps:

1. Browse to CA EEM and log in.
2. Click the Manage Access Policies tab.
3. Click the New Access Policy button for Touchpoint Security under Access policies.
4. On the new access policy form for the Touchpoint Security resource class, enter a name for the custom Touchpoint Security policy.

   The Enter/Search Identities section lets you specify the target user or group.

5. Select the type of target to which to grant access:
   • Select User if the target is a global user.
   • Select Global Group if the target is a group from a references user store.
   • Select Application Group if the target is a custom group you defined or is a default group.
6. Click Search Identities.
7. Select the identities to which this policy applies, and then click the down arrow.

   The Selected Identities list displays your selection.

8. Select the Execute action.
9. In the Add resource field, type the Access Control ID for the Source Operator Category that includes the operators to which this policy applies. For example:
   • Type Process Module for the Command Execution operator category.
   • Type File Module for the File Management operator category.
   • Type File Transfer Module for the File Transfer operator category.
   • Type Network Utilities Module for the Network Utilities operator category.

   You can enter regular expressions to cover the appropriate operator categories and then select Treat resource names as regular expressions. For example, an entry of File* would include operators in the File Management and File Transfer categories.

10. Click Add.
11. Add a filter that specifies the environment that contains the policy targets:
    • Set the named attribute to Environment.
    • Set the STRING operator to EQUAL.
    • Set the value to the environment_name.
12. Add other filters that specify the targets by touchpoint name:
    • Set the named attribute to Touchpoint.
    • Set the STRING operator to EQUAL.
    • Set the value to the touchpoint_name.
13. Click Save.

    If the Touchpoint Security policies are configured for enforcement, the product evaluates and enforces the policy.