How can we seperate jobs into different view for different team or users
search cancel

How can we seperate jobs into different view for different team or users

book

Article ID: 274506

calendar_today

Updated On:

Products

CA Automic Dollar Universe

Issue/Introduction

How can we separate jobs into different view for different team or users

Environment

Release : 7.00.01

Cause

How permissions and roles work?

Globally, inside a Role, the right is an "interception" of all rights definition. Between several Roles, the right is a "union" between all rights.

Example:
   Rule 1 UPR=TC_* DENY
   Rule 2 UPR=* ALLOW
   Rule 3 UPR=TC_A* ALLOW

The right of that Role is all Uprocs are displayed etc... except Uprocs TC_* including Uprocs starting by TC_A* even if the Role TC_A* allow
If another Role exists:
UPR=TC_A* ALLOW

And that Role is in the same Group than the previous Role where the user is included. There is a union between Roles, so the user will have right to see all UPROC except TC_* but the user will see all UPROCS starting by TC_A*.

To check that, take the user in login page, and use "Display permission" to check which roles are used to define the user right, and check each role.

 

Resolution

How to grant permission to different objects to different groups?

The way to segregate the permissions across various object via groups is as below

1: The system provided default Roles for each COMP, as show below

2: Duplicate each ROLE of the COMP to have implicit rules, as the default Roles are not that restrictive. For example, screen shot below where UNI610/X Administrator, Read-only, Operators are duplicated

3: Now in newly created Roles change the specific “Permissions on Objects”, for example to restrict UPROC access we are going to do below (UPR=TIP* = Authorized i.e. only allowing to view UPROC with name TIP*)

4: Create a Group for example TIP Admin and make sure we assigned newly created role to it, as below

5: Navigate to UVC > Administration > Logins and assign the user this new Group. Please note as the permissions are union, so this user is associated with custom groups, associated with custom roles

6: Login to UVC as user TEST and the user will only see the UPROC with name TIP*, example screen shot below

Step below for scenario to Restrict Access to UPROC with name TIP* but grant access to other UPROC

7: Duplicate the Role DUAS UNI610/X Administrators TIP to DUAS UNI610/X Administrators NONTIP, as below

8: Now in newly created Roles change the specific “Permissions on Objects”, for example to restrict UPROC access we are going to do below (UPR=TIP* = Forbidden i.e. and allowing others i.e. UPR=*)

9: Create a Group for example NON TIPADMIN and make sure we assigned newly created role to it, as below

10: Navigate to UVC > Administration > Logins and assign the user this new Group.

11: Login with nontipaccess and you will only see UPROC which are not TIP*