How to assign our LDAP user groups with very specific permissions in ITPAM

book

Article ID: 220784

calendar_today

Updated On:

Products

CA Process Automation Base

Issue/Introduction

We would like to assign some of our users with very specific permissions within ITPAM, such as only able to perform reporting, or only able to import or export.  We have created LDAP user groups for this purpose have assigned users to these LDAP groups.  We would like to know how to assign specific ITPAM permissions to these LDAP user groups.

Environment

Release : 4.3

Component : CA Embedded Entitlements Manager

Resolution

For each global group in Active Directory, the idea will be to add that group to the necessary Access Policies for the Process Automation product within EEM so that they are able to perform the necessary functions.  For example, to grant login access, you’d add the groups to the PAM40 User Login Policy, like this:

(btw, all your groups will need to be granted this permission)

The master-list of permission policies is here:
https://techdocs.broadcom.com/us/en/ca-enterprise-software/intelligent-automation/automic-process-automation/04-3-05/reference/permissions-reference.html

So, the idea will be to go down the list for each group, think through “a day in the life” of a user in that group, and identify which of those policies will be needed to allow a user in that group to accomplish the job you want them to perform.

Attachments