Administration Guide › Policies › Predefined Access Policies › Examine Policies for Analysts

Examine Policies for Analysts

You can examine the predefined policies for Analysts to see how they limit application access to resources required to perform the following tasks:

• Schedule and annotate reports (Auditor tasks)
• View reports (Auditor task)
• Create reports and tags
• Create and schedule alerts (queries)
• Edit reports, alerts, and tags

To examine predefined policies for Analysts

1. Click the Administration tab and the User and Access Management subtab.
2. Click Access Policies in the left pane.
3. Search for policies for Analysts as follows:
   1. Clear the checkmark for Show policies matching name.
   2. Select Show policies matching identity.
   3. Enter ug:Analyst in the Add identity field.
   4. Click Add.
   5. Click Go.
4. All policies for ug:Analyst appear, including [All Identities] that includes this user group.
5. Examine the Analyst Create-Schedule-Annotate policy.

   This CALM access policy defines the actions that can be performed against application-specific resources. The policy grants users assigned the CA User Activity Reporting Module application user group, Analyst, the ability to create, schedule, and annotate reports, create and schedule action alerts, and create tags. (Auditors can only schedule and annotate reports.)

   

6. Examine the Analyst Auditor Report Server Access Policy.

   This scoping policy grants Analysts schedule rights for any Report Server. The resource listed in the policy is AppObject.

   

   AppObject is limited to specific resources with filters.

   

   • The filter ending in calmReporter grants read access to all Report Servers. When a report is scheduled, the destination Report Servers from which the generated report can be viewed is specified.
   • The filter ending in logDepot grants access to all Event Log Stores. When a report is defined as federated, queries are run against the data in all eligible Event Log Stores. Eligibility depends on the position in the hierarchy of the server on which the report is initiated, in hierarchical federations.
7. Examine the Analyst Report View-Edit policy.

   This scoping policy grants users assigned the Analyst role the ability to view, edit, or delete any report. The resource specified in the policy is AppObject.

   

   AppObject is limited to reports by the following filter, which grants the right to view generated reports saved in the EEM Folder /CALM_Configuration/Content/Reports.

   

   Note: The ability to edit reports granted by this policy is extended by the CEG policy, which grants the right to add filters to reports using CEG columns.