CA SiteMinder® Administrator accounts can be configured with fine-grained privileges that determine the administrative capabilities available to that administrator.
CA SiteMinder® Administrator accounts are assigned rights to one or more security categories that define their administrative authority in the Administrative UI, such as managing authentication schemes. By default an Administrator account has access to every CA SiteMinder® object related to an assigned security category.
Workspaces define a subset of CA SiteMinder® objects. Assign a workspace to one or more Administrator accounts to filter the objects that are available to them, further controlling the scope of their administrative authority. An Administrator account whose authority is restricted by an assigned workspace is known as a scoped administrator.
Before you configure a scoped administrator, review the following considerations:
Important! An Administrator can only create another Administrator with the same or lesser privileges. For example, if an Administrator has GUI and reports privileges, the Administrator can create another Administrator with GUI and reports privileges, but not with local API privileges. Similarly, an Administrator can only create another Administrator with the same or lesser scope (as defined by an assigned workspace).
You create a workspace to define a subset of CA SiteMinder® objects for which a scoped administrator has administrative privileges.
Follow these steps:
The Create Workspace page appears.
Note: Click Help for descriptions of settings and controls, including their respective requirements and limits.
Note: Some commonly used objects are added to the workspace and appear in the Members list by default; you can remove them if necessary.
The Select Workspace Contents page appears.
A list of matching objects appears.
Note: If the administrator account with which you are logged in is itself scoped, the list of matching objects is limited to those objects available to you.
The Create Workspace page reopens.
The Create Workspace task is submitted for processing. CA SiteMinder® verifies that the workspace is consistent (all required objects that are related to objects in the workspace are present in the workspace). If not, the missing objects are added and an information dialog appears indicating that some objects were automatically added to make the workspace consistent.
Create a scoped Administrator by creating an Administrator account and assigning a workspace that defines the scope of the objects that it can administer.
Follow these steps:
The Administrators page appears.
The Create Administrator page appears.
Note: Click Help for descriptions of settings and controls, including their respective requirements and limits.
The Select a User page appears.
Users matching the specified criteria appear.
The full name of the user appears in the Name field. The URL to the user in the external store appears in the User Path field.
Example: If an administrator is going to use the XPSImport and XPSExport tools, select Import Allowed and Export Allowed.
The Create Permission: Select security categories page appears.
Note: Security categories comprise one or more tasks that correspond to specific CA SiteMinder® objects. For more information, see the Administrative UI online help system.
The Create Administrator page reappears.
The scoped Administrator is created.
After assigning a workspace to an Administrator account, verify that it only has access to the scoped subset of objects.
Follow these steps:
You have completed the required tasks to create a scoped Administrator account.
Copyright © 2013 CA.
All rights reserved.
|
|