When creating policies, configure an access policy for which an access filter is needed. An access filter is a filter that the Administrator can set to control what event data non-Administrator users or groups can view. For example, an access filter can restrict the data that appears on reports viewed by the specified users or groups. Access filters are automatically converted into EEM Obligation Policies. Access filters are often expressed in terms of the relative paths for the objects to which user access is limited. You can view these relative paths in the EEM Folders area of the interface.
Typically, policies that authorize actions such as create and schedule are defined with the CALM resource class and CALM resources such as reports, tags, DM and MP files, and suppression and summarization rules. Policies that authorize the read and write actions are defined with the SafeObject resource class and the AppObject resource. The Edit action is the only valid action for agent-related resources in the CALM resource class.
More specifically, actions that can be authorized for objects belonging to the CALM resource class follow:
|
Action |
Resource |
Description |
|---|---|---|
|
Annotate |
Report |
Record comments on reports |
|
Create |
EventForwarding |
Create rules to forward specific events to specific third-party applications. |
|
Create |
EventGrouping |
Create suppression and summarization rules using common event grammar |
|
Create |
Integration |
Create data mapping and message parsing files using common event grammar |
|
Create |
Profile |
Create profiles |
|
Create |
Report |
Create reports and queries |
|
Create |
Tag |
Create tags for reports and queries |
|
Dataaccess |
Data |
Access the CALM event data, which can be limited by data access filters. |
|
Edit |
AgentConfiguration |
Create agent groups. Configure installed agents with sources for collection and destination for processing |
|
Edit |
AgentAuthenticationKey |
Create and edit the agent authentication key that is specified during agent installation |
|
Edit |
ALL_GROUPS |
Edit all available agent groups Note: Access can be restricted to a particular agent group by specifying the Agent Group name as the resource |
|
Edit |
Connector |
Configure connectors |
|
Edit |
Database |
Determine the logs that exist that match the archive catalog query criteria and recatalog the database |
|
Edit |
Integration |
Edit integration details |
|
Schedule |
Alert |
Schedule action alerts |
|
Schedule |
Report |
Schedule reports and queries |
The actions that allow users to view or edit an object belonging to the SafeObject resource class follow:
|
Action |
Resource |
Description |
|---|---|---|
|
Read |
AppObject |
View report templates, query templates, tags, scheduled report jobs, alert jobs, service configurations, data mapping (DM) files, message parsing (XMP) files, suppression and summarization rules, and event forwarding rules. |
|
Read |
Calendar |
View the calendars listed under Administration, User and Access Management, Calendars |
|
Read |
Folder |
View the folders listed under Administration, User and Access Management, EEM Folders |
|
Read |
GlobalUser |
View information displayed for users listed when you query for Global Users under Administration, User and Access Management, Users |
|
Read |
iPoz |
View the user store setting under Administration, User and Access Management, User Store View the password policy settings under Administration, User and Access Management, Password Policies |
|
Read |
Policy |
View the policies listed under Administration, User and Access Management, Access Policies |
|
Read |
User |
View User details when you query for Application User Details under Administration, User and Access Management, Users |
|
Read |
UserGroup |
View the application group membership for users listed when you query for Application User Details under Administration, User and Access Management, Users |
|
Write |
AppObject |
Edit or delete report templates, query templates, tags, scheduled report jobs, alert jobs, service configurations, data mapping (DM) files, message parsing (XMP) files, suppression and summarization rules, and event forwarding rules. |
|
Write |
Calendar |
Edit user-defined calendars |
|
Write |
Folder |
Edit user-defined data added to the EEM Folders structure |
|
Write |
GlobalUser |
Edit global user details |
|
Write |
iPoz |
Configure user store and password policies |
|
Write |
Policy |
Edit user-defined and predefined policies |
|
Write |
User |
Edit application user details |
|
Write |
UserGroup |
Create, edit, or delete an application user group |
|
Copyright © 2013 CA.
All rights reserved.
|
|