You can create a new application user group to support the roles you need. Once you create a new application user group, you must create access policies for that group.
One case where new access policies are not needed for a new group is when that group is given memberships to existing groups. Consider the scenario where you need one role for individuals who are dedicated to creating data mapping and message parsing files, another role for individuals dedicated to creating suppression and summarization rules, and a third role for those who can perform either of these two tasks. You might define one application user group called AdminDMMP with a policy that grants create access to the Integration resource and another group called AdminSS with a policy that grants create access to the EventGrouping resource. You could then create a third group called AdminDMMPSS with memberships to the AdminDMMP group and the AdminSS group. This third group would automatically inherit the policies from the two membership groups.
Rather than creating new application groups or roles, you can expand the roles of the predefined Analyst and Auditor roles. For example, if you want Analysts to be able to create suppression and summarization rules and you want Auditors to be able to view these rules, you could create a CALM policy that grants the ability to create summarization and suppression rules and a scoping policy that grants the ability to view or edit custom rules and assign the Analyst role to those policies. You could then create a scoping policy that grants users the ability to view suppression and summarization rules and assign the Auditor group to that policy.
Only Administrators can create new roles.
To create a new application user group (role)
Note: If this new group is composed of existing groups, existing policies for each of the component groups will apply to this group. No additional policies are required.
|
Copyright © 2013 CA.
All rights reserved.
|
|