Administer Advanced CA EEM Security › Touchpoint Security with CA EEM › Grant Users CA EEM Access to Define Touchpoint Security Policies

Grant Users CA EEM Access to Define Touchpoint Security Policies

By default, the EiamAdmin user is the only user who can log in to CA EEM. If you employ a policy-based Touchpoint Security approach, you can authorize certain users to create Touchpoint Security policies in CA EEM. Authorize content designers who design processes with operators that execute on touchpoints mapped to hosts that have high business value. Such touchpoints can be protected through Touchpoint Security policies that specify the users who are authorized to execute these operators.

To grant specified policy designers CA EEM access and authorization to create policies with the Touchpoint Security resource class

1. Log in to the CA Process Automation application in CA EEM.
2. Click the Manage Access Policies tab.
3. Click New Scoping Policy.

   

4. Complete the General section as follows:

   Name

   Specifies the name of this scoping policy. For example, Users Creating Touchpoint Security Policies.

   Description

   (Optional) Provides a short description. For example, Enables specified users to create custom policies only with the Touchpoint Security resource class.

   Calendar and Resource Class Name

   Skip the Calendar option and accept the default entry SafeObject for Resource Class Name.

   Type

   Specify Access Control List.

   Note: A message appears that changing policy type resets some of the filters. Click OK.

5. For Identities, add the names of all of the users who design processes to which Touchpoint Security applies. Users added to this policy are granted login access to CA EEM and the ability to create Touchpoint Security policies. A Touchpoint Security policy specifies the users to authorize to execute operators from a given operator category on a specified Touchpoint.

   Note: If you want to test this policy, create a user with the default user group and add that user name here. After you save this policy, log in to CA EEM with your test user name. Notice that the only thing you can do in CA EEM is create a policy with the Touchpoint resource class.

   1. Accept User as Type or select another value.
   2. Click the Search Identities link.
   3. Enter search criteria that includes the planned user or group and click Search.\
   4. Select a user or group from the displayed list of available identities and click the right arrow.

      The selected user or group appears in the Selected Identities list.

   5. Repeat this process for each user to whom you want to authorize to create Touchpoint Security Policies.
6. Configure the Access Control List as follows:
   1. Select each of the following resources from the drop-down list and click Add to add them to the list.
      • ApplicationInstance
      • Policy
      • User
      • GlobalUser
      • UserGroup
      • GlobalUserGroup
   2. Click read for all resources. Click write for Policy
   3. Click Filters.
   4. For Policy, select named attribute from the first drop-down list. In the field under named attribute, enter ResourceClassName. In the value field after EQUAL, enter TouchPointSecurity. Do not enter a space between TouchPoint and Security.

      

   5. Leave the rest of the fields on the filters page as is.
7. Click Save.
8. Verify that the Access Control List Configuration matches the following example exactly. The system adds a space between TouchPoint and Security.

   

9. Verify that your policy resembles the following example. In the example, the missing columns indicate that ResourceClassName is SafeObject, the Options value is Explicit Grant, and Identities is your list of users. These are users who design processes for Touchpoint Security and create an associated policy.