Restricting permissions on users to view only certain campaigns.
Updated On:14-02-2018 08:26
CA Identity Manager, CA Identity Governance, CA Identity Portal
Illustrates steps to take to create a new role with restrictive permissions to a specified universe.
Launch client tools. Click File->Review database and unlock and open the Eurekify.cfg. On the roles panel, create a new role ex "Limited Compliance Officer". Save to db.
Next we need to assign this new role the limited resources. Click File->Review database and unlock and open the eurekify_resources.rdb, right click with mouse select option to create a new resource with these field values: Res Name 1: [CAMPAIGN][RW] Res Name 2: UNIVERSENAME (the name of the universe you want to restrict it to) Res Name 3:* Type: DOC_ACCESS Filter 1,2,3 are set to '*' Save the rdb to db and then drag and drop the new resource from the rdb to the the role-pane on the Eurekify.cfg. There will be an "Add to role" option that shows up , so click to confirm this. Save Eurekify.cfg to db.
Also right click on the new role in the role pane of the Eurekify.cfg to add the existing resource link: Res Name 1=[PERMISSION][RW], Res Name 2=[*][CERTIFICATION MANAGEMENT],Res Name 3=* This is an OOTB resource that already exists and allows the role to explicitly view the Certification Management menu on the portal and is essential if GM property setting sage.security.disable=false. Save Eurekify.cfg to db.
Lastly. add a the role link to an existing user selected from the users pane. Save eurekify.cfg to db. Launch portal and login as this user with the new "Limited Compliance Officer" role and he should now only see running campaigns for the universe he specified.