Manage Users and Assign Roles

This article contains the following topics:
casm171
HID_Manage_Users_and_Assign_Roles
This article contains the following topics:
Basic Information About Users
A user in CA Service Catalog typically represents a person who uses the product. A person must have a user ID to log in and use CA Service Catalog. Each user requires a role and the user must belong to a business unit.
User Data in the MDB
The MDB stores user-related information for multiple CA products. For example, CA Service Catalog and other CA products share users and contacts. Therefore, use caution when managing users.
Some data in the MDB is product-specific and is not shared between products. For example, CA Service Catalog does not share role information. The MDB contains several users that CA Service Catalog does
not
use but that
other CA products
use. Examples are System_ADH_generated, System_AM_User, Systemt_Anonymous, System_Argis_User, System_MA_User, System_NSM_generated, System_SD_User, and UAPM Administrator.
The MDB stores user IDs and all other user data
except
passwords.
User Data in CA EEM
The user ID of each CA Service Catalog user maps to a matching user in CA EEM.
When a user logs in to CA Service Catalog, it passes the user ID to CA EEM for authentication. If CA EEM does
not
use an external directory, CA EEM authenticates the user ID. If CA EEM uses an external directory, the external directory authenticates the user ID.
If CA EEM uses an external directory, the Catalog system fetches important user details from the external directory. Examples include the first name, last name, email address, and organizational hierarchy. This fetching helps create the user quickly and efficiently.
CA EEM also controls access for each role to CA Service Catalog components.
External Directories
If you use an external directory to maintain CA Service Catalog users, perform the following tasks:
  • Configure CA EEM to use an external directory.
  • Synchronize the MDB users with the external directory users.
These tasks help verify that all CA EEM users have matching CA Service Catalog users.
Single Sign-On
If your organization uses a Windows domain, you can configure CA Service Catalog to use Single Sign-On. For more information, see the section Configure Single Sign-On Using Windows NTLM authentication.
User Groups
You or other administrators can organize CA Service Catalog users into the following types of user groups:
  • Global and Application user groups in CA EEM
An application group that CA Service Catalog uses is the Super User.
For information about creating these groups and assigning users to them, see your CA EEM documentation.
  • User-defined groups in CA EEM
You create user-defined groups, in either your external directory (if applicable) or CA EEM. You can apply the same action to all users in the user-defined group, instead of modifying the users individually. Once you create a user-defined group in CA EEM or your external directory, it is available in CA Service Catalog.
User group memberships appear as
read-only
data in user profiles.
For information about creating user-defined groups, see the Manage Users with CA EEM section.
Authorization Level
You can specify an authorization level for each business unit in which the user has a role. The system approval process is the only approval process that uses the authorization level. By default, the following levels are available with the text and numeric values shown:
  • Level 0 (0)
  • Level 10 (10)
  • Level 20 (20)
  • Level 30 (30)
  • Level 40 (40)
  • Level 50 (50)
In the system approval process, each
user
has an authorization level and each
service
has an approval level. The Catalog system automatically approves requests from users whose authorization level matches or exceeds the approval level of the service. Otherwise, the system follows a managerial hierarchy. The request proceeds to request managers until it reaches one whose authorization level matches or exceeds the approval level of the service.
Example:
If a service has an approval level of 40, then a user requesting the service requires
one
of the following criteria:
  • The user must have an authorization level of 40.
  • The user must obtain approval from a request manager who has an authorization level of 40.
The Requested For user can have different roles - and therefore different authorization levels - in multiple business units. The Catalog system uses the authorization level of that user in the business unit to which the requested
service
belongs.
Administrators create users to let them access CA Service Catalog. Administrators assign a role to each user to specify the access rights of the user.
Follow this process to manage users and roles: