Managing Role Objects
Administrators use role objects for managing system permissions and privileges and for defining and simplifying different access levels. For example, some users require view access to reports that are specific to their job titles. Other users must perform advanced searches and want to create subscriptions (groups of reports) for their teams. A different set of users wants to upload information to a repository. Also, your database and report administrators want extensive access and security permissions to manage the system and everyone who is using it.
omerm10
Administrators use role objects for managing system permissions and privileges and for defining and simplifying different access levels. For example, some users require view access to reports that are specific to their job titles. Other users must perform advanced searches and want to create subscriptions (groups of reports) for their teams. A different set of users wants to upload information to a repository. Also, your database and report administrators want extensive access and security permissions to manage the system and everyone who is using it.
The System Administrator or Group Administrator (GA) assigns all privileges and permissions to a role object, not to an individual. The Group Administrator can then assign all those individual users to the role as needed. This action creates a group of people who each have all the system access capabilities that are associated with that role.
CA OM Web Viewer includes only the Default User and System Administrator roles. You can define other role types manually. Although the other role types let you have more than one role object of a particular type, you can only have one
System Admin
.- Default UserIf a user with valid mainframe credentials logs in to CA OM Web Viewer, but does not have access to any role, that user logs in using the Default User Role. Also, if the user has not been previously defined, that user has a user object defined automatically, and placed in the Default User Role. For more information, Managing User Authentication.The Default User Role can have repositories and privileges assigned to it in the same manner as any other role.
- System AdminThe System Admin has complete access to the CA OM Web Viewer system. This role cannot bypass existing mainframe repository data restrictions in CA Dispatch, CA Deliver, or CA View.All future Roles contain a subset of the System Admin privileges. TheSystem Adminrole is the only role in Web Viewer that can have a role type of System Administrator.When you install CA OM Web Viewer, youmustdefine a default system administrator. This Default System Administrator is the first member of the System Admin Role. You can add other users to the Role later to have more than one user with System Admin privileges.
Administrators design and maintain roles to control user permissions and their access to data, databases, repositories, and reports in the system. You can give an individual user more than one role assignment. For example, you have a Bank Teller role and you assign ten individual Bank Tellers, but you can assign the Bank Manager to a Bank Manager role, and also to the Bank Teller role.
This setup lets the Bank Managers operate with the privileges and data that the Bank Tellers use, but it also allows the manager to access a different set of data assigned to Bank Managers specifically.
Roles make the designation of privileges much less labor intensive:
- You can set or adjust the privileges for hundreds of users at one time by simply modifying the role.
- When the Group Administrator promotes or reassigns a user, they do not have to change privilege. They can simply assign that user to a different existing Role that has all the privileges necessary for the new job.
- You can assign an individual to more than one role.
Functionality | Basic User | Advanced User | Group Admin | Systems Admin |
LDAP Authentication | Yes | Partial, LDAP Mainframe Hybrid Profile Object Only | No | No |
Mainframe authentication
(CA Top Secret®, CA ACF2™, RACF) | Yes | Yes | Yes | Yes |
View Subscribed Favorites
(Report, Report Search Filter, Cross-Report Index-Value Report Section, Report Index and Report Index-Value Report Section)) | Yes | Yes | Yes | Yes |
Text Find/Go to Page | Yes | Yes | Yes | Yes |
Create Browse Favorites or Bookmarks | Yes | Yes | Yes | Yes |
Print, Email, Export (the number of pages can be limited) | Yes | Yes | Yes | Yes |
Advance Search (Search for unsubscribed reports and Cross-Report Indexes) | No | Yes | Yes | Yes |
Edit Report Comments (CA View only) | No | Yes | Yes | Yes |
View Report Information (Report metadata) | No | Yes | Yes | Yes |
Create Web Viewer Internal Favorites
(Report, Report Search Filter, Cross-Report Search Filter, Cross-Report Index-Value Filter, Cross-Report Index-Value Report Section, Report Index, and Report Index-Value Report Section) | No | Yes | Yes | Yes |
View Web Viewer Internal Favorites
(Report, Report Search Filter, Cross-Report Search Filter, Cross-Report Index-Value Filter, Report Index, and Report Index-Value Report Section) | No | Yes | Yes | Yes |
Remove Internal Web Viewer Favorites (Any Type) | No | Yes | Yes | Yes |
View Unsubscribed Material | No | Yes | Yes | Yes |
View Annotations Notes (CA View only) | Yes | Yes | Yes | Yes |
Other Annotation Actions (CA View only)
(View Annotations, Edit Annotations, Delete Annotations, Create Annotations, Create Annotation Notes, Delete Annotation Notes, Create Annotation Bookmarks, View Annotation Bookmarks, Delete Annotation Bookmarks, | No | Yes | Yes | Yes |
Subscriptions (Create Private Subscriptions, Create Public Subscriptions, Delete Your Subscriptions) | No | Yes | Yes | Yes |
Assign Subscriptions to Roles | No | No | Partial, can only edit Roles below this Role in the hierarchy | Yes |
View Role Hierarchy | No | No | Partial, can only see Roles below this role | |
View, Edit, Delete Role Properties | No | No | Partial, can only edit Roles below this Role in the hierarchy. | Yes |
Create New Role | No | No | Yes | Yes |
Create Profiles | No | No | Yes | Yes |
Assign LDAP Directory to Repository | No | No | Partial, can only edit Roles below this Role | Yes |
Profile (View Edit, and Delete) | No | No | Partial, can only access users created by this Role or sub Role of this Role | Yes |
User (Create, Edit, Delete, and Find) | No | No | Partial can only access users created by this Role or sub Role of this Role | Yes |
Repository (Create, edit properties, or delete) | No | No | No | Yes |
Create LDAP Directory Reference | No | No | No | Yes |
Edit System-wide Preferences | No | No | No | Yes |
View Repository Status Panel | No | No | No | Yes |
View User Status Panel | No | No | No | Yes |
View Admin Information Panel | No | No | No | Yes |
View Audit Log | No | No | No | Yes |
Import Admin Objects | No | No | No | Yes |
Export Admin Objects | No | No | No | Yes |