How to assign our LDAP user groups with very specific permissions in ITPAM
Article ID: 220784
Updated On:
Products
Issue/Introduction
We would like to assign some of our users with very specific permissions within ITPAM, such as only able to perform reporting, or only able to import or export. We have created LDAP user groups for this purpose have assigned users to these LDAP groups. We would like to know how to assign specific ITPAM permissions to these LDAP user groups.
Environment
Release : 4.3
Component : CA Embedded Entitlements Manager
Resolution
For each global group in Active Directory, the idea will be to add that group to the necessary Access Policies for the Process Automation product within EEM so that they are able to perform the necessary functions. For example, to grant login access, you’d add the groups to the PAM40 User Login Policy, like this:
(btw, all your groups will need to be granted this permission)
The master-list of permission policies is here:
https://techdocs.broadcom.com/us/en/ca-enterprise-software/intelligent-automation/automic-process-automation/04-3-05/reference/permissions-reference.html
So, the idea will be to go down the list for each group, think through “a day in the life” of a user in that group, and identify which of those policies will be needed to allow a user in that group to accomplish the job you want them to perform.
Feedback
