Role based control in Identity Governance
search cancel

Role based control in Identity Governance


Article ID: 250701


Updated On:


CA Identity Governance


We use both IG and IP for the recertification process. IP is used for end user/reviewer for logging into the portal and completing the recertification.

IG is mostly for the developers and administrator who needs to get access for reassignments. As part of it, we tried to give admin monitor roles for some of the application owners who want to handle the reassignments through IG, so we want to create roles that will have visibility for only particular workflows/campaigns/universes. 

Steps we used

1. Create a role in eurekify and give that role access to the user. 

2. Clear the cache

3. Tried to log in with that user ID 

Still, the user is able to see all the workflows which he should not have access to. 

We need guidance to fix this issue and enhance our role-based access for the application owners. 


Release : 14.4

Component : GovernanceMinder(Role & Compliance Manager)


We needed to set the property to false.

  • Be sure to add the appropriate Link Type resource so the user can navigate to the appropriate Certification screens in the Portal. For example, [Administration.NewCampaign]. The NewCampaign permission does not exist by default, but you can create it to enable access to this specific administration menu item in the Portal. Or, to enable all Administration menu items, you can use the permission [Administration.*].
  • Be sure to add the appropriate configuration permission so the user can add a certification to the configuration. For example, [CONFIGURATION] [RW], 
  • Set the property to false.
This is a setting for the security model that is created for the campaigns to be accessed.