Managing Role Objects

Administrators use role objects for managing system permissions and privileges and for defining and simplifying different access levels. For example, some users require view access to reports that are specific to their job titles. Other users must perform advanced searches and want to create subscriptions (groups of reports) for their teams. A different set of users wants to upload information to a repository. Also, your database and report administrators want extensive access and security permissions to manage the system and everyone who is using it.
omerm10
Administrators use role objects for managing system permissions and privileges and for defining and simplifying different access levels. For example, some users require view access to reports that are specific to their job titles. Other users must perform advanced searches and want to create subscriptions (groups of reports) for their teams. A different set of users wants to upload information to a repository. Also, your database and report administrators want extensive access and security permissions to manage the system and everyone who is using it.
The System Administrator or Group Administrator (GA) assigns all privileges and permissions to a role object, not to an individual. The Group Administrator can then assign all those individual users to the role as needed. This action creates a group of people who each have all the system access capabilities that are associated with that role.
CA OM Web Viewer includes only the Default User and System Administrator roles. You can define other role types manually. Although the other role types let you have more than one role object of a particular type, you can only have one
System Admin
.
  • Default User
    If a user with valid mainframe credentials logs in to CA OM Web Viewer, but does not have access to any role, that user logs in using the Default User Role. Also, if the user has not been previously defined, that user has a user object defined automatically, and placed in the Default User Role. For more information, Managing User Authentication.
    The Default User Role can have repositories and privileges assigned to it in the same manner as any other role.
  • System Admin
    The System Admin has complete access to the CA OM Web Viewer system. This role cannot bypass existing mainframe repository data restrictions in CA Dispatch, CA Deliver, or CA View.
    All future Roles contain a subset of the System Admin privileges. The
    System Admin
    role is the only role in Web Viewer that can have a role type of System Administrator.
    When you install CA OM Web Viewer, you
    must
    define a default system administrator. This Default System Administrator is the first member of the System Admin Role. You can add other users to the Role later to have more than one user with System Admin privileges.
Administrators design and maintain roles to control user permissions and their access to data, databases, repositories, and reports in the system. You can give an individual user more than one role assignment. For example, you have a Bank Teller role and you assign ten individual Bank Tellers, but you can assign the Bank Manager to a Bank Manager role, and also to the Bank Teller role.
This setup lets the Bank Managers operate with the privileges and data that the Bank Tellers use, but it also allows the manager to access a different set of data assigned to Bank Managers specifically.
Roles make the designation of privileges much less labor intensive:
  • You can set or adjust the privileges for hundreds of users at one time by simply modifying the role.
  • When the Group Administrator promotes or reassigns a user, they do not have to change privilege. They can simply assign that user to a different existing Role that has all the privileges necessary for the new job.
  • You can assign an individual to more than one role.
Functionality
Basic User
Advanced User
Group Admin
Systems Admin
LDAP Authentication
Yes
Partial, LDAP Mainframe Hybrid Profile Object Only
No
No
Mainframe authentication
(CA Top Secret®, CA ACF2™, RACF)
Yes
Yes
Yes
Yes
View Subscribed Favorites
(Report, Report Search Filter, Cross-Report Index-Value Report Section, Report Index and Report Index-Value Report Section))
Yes
Yes
Yes
Yes
Text Find/Go to Page
Yes
Yes
Yes
Yes
Create Browse Favorites or Bookmarks
Yes
Yes
Yes
Yes
Print, Email, Export (the number of pages can be limited)
Yes
Yes
Yes
Yes
Advance Search (Search for unsubscribed reports and Cross-Report Indexes)
No
Yes
Yes
Yes
Edit Report Comments (CA View only)
No
Yes
Yes
Yes
View Report Information (Report metadata)
No
Yes
Yes
Yes
Create Web Viewer Internal Favorites
(Report, Report Search Filter, Cross-Report Search Filter, Cross-Report Index-Value Filter, Cross-Report Index-Value Report Section, Report Index, and Report Index-Value Report Section)
No
Yes
Yes
Yes
View Web Viewer Internal Favorites
(Report, Report Search Filter, Cross-Report Search Filter, Cross-Report Index-Value Filter, Report Index, and Report Index-Value Report Section)
No
Yes
Yes
Yes
Remove Internal Web Viewer Favorites (Any Type)
No
Yes
Yes
Yes
View Unsubscribed Material
No
Yes
Yes
Yes
View Annotations Notes (CA View only)
Yes
Yes
Yes
Yes
Other Annotation Actions (CA View only)
(View Annotations, Edit Annotations, Delete Annotations, Create Annotations, Create Annotation Notes, Delete Annotation Notes, Create Annotation Bookmarks, View Annotation Bookmarks, Delete Annotation Bookmarks,
No
Yes
Yes
Yes
Subscriptions (Create Private Subscriptions, Create Public Subscriptions, Delete Your Subscriptions)
No
Yes
Yes
Yes
Assign Subscriptions to Roles
No
No
Partial, can only edit Roles below this Role in the hierarchy
Yes
View Role Hierarchy
No
No
Partial, can only see Roles below this role
View, Edit, Delete Role Properties
No
No
Partial, can only edit Roles below this Role in the hierarchy.
Yes
Create New Role
No
No
Yes
Yes
Create Profiles
No
No
Yes
Yes
Assign LDAP Directory to Repository
No
No
Partial, can only edit Roles below this Role
Yes
Profile (View Edit, and Delete)
No
No
Partial, can only access users created by this Role or sub Role of this Role
Yes
User (Create, Edit, Delete, and Find)
No
No
Partial can only access users created by this Role or sub Role of this Role
Yes
Repository (Create, edit properties, or delete)
No
No
No
Yes
Create LDAP Directory Reference
No
No
No
Yes
Edit System-wide Preferences
No
No
No
Yes
View Repository Status Panel
No
No
No
Yes
View User Status Panel
No
No
No
Yes
View Admin Information Panel
No
No
No
Yes
View Audit Log
No
No
No
Yes
Import Admin Objects
No
No
No
Yes
Export Admin Objects
No
No
No
Yes