A CA PAM user with Device/Group manager or Delegated Administrator roles does not see the "Services" tab when adding a device
Article ID: 267725
Updated On:
Products
Issue/Introduction
Sometimes trying to fine-tune the roles assigned to users in CA PAM the Device/Group Manager or Delegated Administrator role is assigned to a given user.
In this case one would expect the user to be able to manage devices, that is effectively add, modify or delete them, and this should include all functionality associated to a device, like for instance adding an access method or a service
It turns out, however, that if a user has a Device/Group Manager or Delegated Administrator roles, he is able to manage the device but the "Services" tab does not appear in the Device Configuration GUI, whereby he is unable to add any service defined in PAM to it
Environment
CA PAM all releases
Cause
Neither the Delegated Administrator, nor the Device/Group manager roles have the right to manage services associated to a device. Therefore the tab is not shown in the GUI
Resolution
To work around this there are several possibilities
- Use a role which will allow you to manage services. For instance Operational Administrator
- If the level of rights associated to a given role like Operational Administrator is too much, make a copy of the role and modify it so that the redundant roles are expunged. To be able to add and manage services, the role must have at least the following three privileges: "Manage Services", "Delete Services" and "Read Services"
- Create a specific Role with the three rights relative to services, that is "Manage Services", "Delete Services" and "Read Services" and add this supplementary role to a user having the Device/Group Manager role or Delegated Administrator role
Feedback
