Allow System Owners to Review Access Reviews for Roles that involved their Application Only
search cancel

Allow System Owners to Review Access Reviews for Roles that involved their Application Only

book

Article ID: 74554

calendar_today

Updated On:

Products

CA Identity Manager CA Identity Governance CA Identity Portal

Issue/Introduction

The following is an example on how to configure  different system accounts in Identity Governance, that allows the special users to login to Identity Governance to view any user access reviews that have roles that involved their Application only. Also how to limit them to read-only access to the access reviews. 

Environment

Release:
Component: SGRM

Resolution

Please note that this is an example which utilises the Eurekify universe. 

1.) In property settings search for this property: "sage.security.disable" and set it to "False". Restart the server
2.) Using the DNA, open the Eurekify.cfg file and locate any user (Cooper Amos for example) and right click on him and "Show linked entities"
3.) Remove from Cooper Amos "Basic Role" and link to Cooper Amos only these resources: a.) TmsSystem.* b.) SelfService.* c.) [Universe][R] d.) Entity Browser
4.) Save Eurekify.cfg to DB
5.) Open file:Eurekify_Resources.rdb and add a new resource with these attribures: a.) Res Name 1: [FILTER_ROLE] b.) Res Name 2: * c.) Res Name 3: Filter (add any non existing ID) d.) Description: Any description e.) Type: Filter f.) Filter 1: (rolename=Testrole)
6.) Save configuration to DB
7.) Drag the new Filter from the Eurekify_Resources.cfg to the Eurekify.cfg configuration and save it
8.) Link between Cooper Amos and the new Filter Resource you have created in Eurekify.cfg file
9.) Open the Model configuration and add a new Role with name 'Testrole'and Save the model configuration to DB
10.) Open IG web portal, login with Cooper Amos and verify in portal home page only these links(Home,Role Management,Entity Browser) are displayed to the user
11.) Click on "Entity Browser" link and Choose your Model configuration and verify on the role Testrole is displayed.
 

Additional Information

​For more information on how to use Filters and provide the permissions please find the documentation link https://techdocs.broadcom.com/content/broadcom/techdocs/us/en/ca-enterprise-software/layer7-identity-and-access-management/identity-governance/14-1/configuring/permissions/filter-type-resources.html