Role-Based Security

 
casm171
 
This article contains the following topics:
Access types and roles are the primary components you use to control CA SDM security.
For more information about other aspects security, see Security.
The following diagram shows an overview of how roles interrelate with other system objects to provide role-based security.
Providing Role-based security
Providing Role-based security
How Access Types Work
Each access type for a user controls the following aspects of system behavior:
  • How CA SDM performs web authentication when the user logs in
  • The access level for the user
  • Whether the user can modify web forms or the database schema using Web Screen Painter
  • Which roles are available to the user
You can associate an access type with a contact by selecting the access type while creating or updating the contact record.
The following table lists the predefined access types, identifies their linked roles, and gives a brief description.
Access Type
Linked Roles
Description
Administration
Administrator (default)
Configuration Administrator
Employee
Level 2 Analyst
Service Desk Administrator
System Administrator
Tenant Administrator
Provides the highest level of security access to all key administration roles. Used during implementation and ongoing administration.
Note:
The Administration access type is preconfigured to allow administrators to switch to any of the linked roles. For example, to see a different view of the system, administrators can switch to the Employee role without having to log out and log in again.
Customer
Customer
Provides highly restricted access to
external
customers who use the self-service view.
Employee
Employee
Provides highly restricted access to
internal
employees who use the self-service view. Used to create new incident and update incident pages.
IT Staff
Configuration Analyst
Employee
Level 2 Analyst (default)
Knowledge Analyst
Knowledge Management Administrator
Knowledge Manager
Provides analyst-oriented access to users who work within your IT organization but are not actual members of the support team. This access is designed specifically for users who need access to Knowledge Management.
Knowledge Management
Configuration Administrator
Configuration Analyst
Configuration Viewer
Employee
Knowledge Analyst
Knowledge Management Administrator (default)
Knowledge Manager
Level 2 Analyst
Provides administrative access tailored to users who administer Knowledge Management features.
Process Management
Change Manager
Configuration Analyst
Employee
Incident Manager (default)
Level 2 Analyst
Problem Manager
Service Desk Manager
Provides access tailored to users who perform key process management roles.
Service Desk Management
Customer Service Manager
Configuration Analyst
Employee
Level 1 Analyst
Level 2 Analyst
Service Desk Manager (default)
Provides access tailored to users who manage IT support or external customer support functions (typically front-line support supervisors).
Service Desk Staff
Configuration Analyst
Configuration Viewer
Customer Service Representative
Employee
Level 1 Analyst (default)
Level 2 Analyst
Provides access tailored to users who perform support tasks. Access is focused on those users that perform frontline support.
Support Automation Admin
Support Automation Administrator
Provides access to users that perform Support Automation administration.
Support Automation Analyst
Support Automation Analyst
Provides access to users that provide live assistance to end users.
Vendor Staff
Vendor Analyst
Provides highly restricted access to external vendors, who work only on items directly related to their product (for example, a particular brand of hardware).
 
Role Records
You can assign roles to an access type, or directly to a user contact record. If a role assignment conflict occurs, the contact role assignments take precedence.
Each role record must be configured with the following components:
  • One form group
  • One user interface type
  • Function access settings
  • One or more tabs
  • One help set
The following optional components can also contribute to each role definition:
  • Menu trees
  • Scoreboards
  • Menu bars
  • Toolbars
  • One data partition
  • Knowledge Management access
  • Support Automation access levels
  • Report web forms
  • Go resources
Data Partitions
Data partitions are subsets of the CA SDM database that enable you to control access at the record level. You can associate a data partition to a role to control access to tickets and other records accessible through the web interface.
For information about working with data partitions, see How to Set Up the Data Partition.