Installation Guide › Architecture

Architecture

CA Role & Compliance Manager (CA RCM) complements CA Identity Lifecycle Management products with analytical and administrative tools for Role-Based Access Control (RBAC).

In RBAC, predefined roles codify common resource usage patterns. Often these roles bundle access rights related to specific business tasks and responsibilities. Users are assigned one or more of these roles based on their current duties, allowing access to only the resources they need.

CA RCM supports implementation of RBAC in the enterprise in several ways:

Role Discovery: CA RCM imports data from CA Identity Manager and other provisioning nodes throughout the enterprise. Based on this data, CA RCM provides powerful analytical tools that efficiently discover common usage patterns and construct an optimized role hierarchy that provides most users the resource access they need. The database and role hierarchy are constantly updated based on user, resource, and provisioning information from across the network.
Certification: periodically, managers throughout the enterprise certify their workers' access privileges - by reviewing the roles assigned to them. Similarly, resource owners periodically review the users and roles that link to their resource. In some jurisdictions, these certification campaigns are mandated by law. CA RCM implements these certification campaigns with a ticket-based workflow. Tickets contain user, role, and resource information drawn from the CA RCM database.
Real-Time Provisioning Support: provisioning nodes can query CA RCM in real time using a set of web services. These web services suggest role profiles for users, and answer "what if" questions. In addition, CA RCM can export changes to these nodes, creating account templates and other provisioning tools that reflect the best practices of the role hierarchy. In this way, the role hierarchy proactively controls the privileges assigned to users - realizing the promise of role-based access control.

This section contains the following topics:

Product Components

Email CA Technologies about this topic