Portal User Guide
Contents
1. Pending Action 19 01 2009 Rami Sas H Barb Geers SEE erman Barbara Eurekify Rami Delete Allen Sherman tink 19 03 2009 IBMRSO Ian User Role 7 Sharoni Pending Action If the ticket that you chose to transfer is a parent ticket having other tickets located below it in the specific Approval Process ticket tree then the complete sub tree will now be listed in the new owner s Ticket Queue ID Tite State Status Children Type Received Owner Previous Owner Delete Link 19 01 2009 User 23 38 50 Role Delete Pending Link 19 01 2009 Rami Sas Action User 17 47 43 Eurekify Rami Role Delete Pending Link 19 01 2009 Action User 17 47 43 Role Request to remove user to role association 18235 B role Organization Database Administrators New In Progress Characterist Cooper Amos Flag Lee DOMAIN Cooper Amos User Approval Request to delete role A Organization Database Administrators Characteristic New Role 100 Allen Sherman IBMR50 Ilan Sharoni Role Approval Request to delete role Organization Database Administrators Characteristic New Role 100 Chapter 9 Approval Process Tickets 155 General Approval Process Ticket Functions 156 Portal User Guide If you choose to escalate an Approval Process root ticket the whole tree will now be visible in the new owner s Ticket Queue To escalate a ticket you have to select a user from the list of appropriate users Br2. Chapter 15 Using Administration Functions 363 The Transaction Log lt Column gt Select the column that will determine which transactions will be viewed in the Transaction Log table You can filter the table contents based on the following options Source The subsystem where the transaction originated Owner Owner or ticket ID SData1 SData2 SData3 lt text box gt Enter any data that may appear in the selected column to further filter the transactions The text is case sensitive OK Updates the data presented in the transaction log table If no filter was supplied all the existing transactions are listed Delete All Deletes all the transactions saved by the Eurekify system Records per page Select the number of records that will appear in the table 364 Portal User Guide The Transaction Log The following table provides some information on possible sources of transaction logs com eurekify utils TXLogClientImpl Refers to completed Approval Processes EurekifyScheduler Refers to transactions involving the Job Scheduler SageDal Refers to transactions concerning the configuration files TMS Acronym Ticket Management System Transaction Log SData2 SAVE pressed Delete All Showing 1 to 10 of 111 4 472345678910 gt ID Date Source Owner Ticket SDatal SData2 SData3 SData4 SData5 SData6 SData7 SData8 Parameters 2 17 11 2008 15 08 13 TMS Gun SAVE pressed 4 25 11 2008 21 30
3. The query can include one or more filter statements Each rule consists of the following fields Field Description Column This drop down box provides a list of possible name columns You can select any column that appears in the drop down list even if the column is not currently visible in the Ticket Queue table Filter The following filtering functions are available functions Equal ma Greater m Less Between a In a Is null Is not null Not equal m Like Item Based on the column name you can select an item from a drop down list or enter free text 80 Portal User Guide Ticket Tables Field Description For example m If the column name is Status you can select Pending Action from the drop down list m If the column name is Owner you can enter free text The Search Ticket window provides two functions Add Condition Allows you to add an additional filter rule to the search criteria The dependency between the rules is that all the criteria must be met AND in order for a record to be located Delete Allows you to delete the filter rule located next to the button Search Tickets Find tickets that match these criteria Status XI EQUAL Pending Action x Add Conditi Note The search only checks the top most ticket in each ticket tree within the Ticket Queue To search the Ticket Queue s table 1 Click Search on the Ticket Queue s menu bar The Search Ticket scr
4. Import client name Provide a name for the import connector Description Provide a description of the import connector its use timing etc Universe Provide the name of the universe to be associated with this import connector The data obtained through this connector will be downloaded into the universe s master configuration files In the case of a first time download and there are no pre existing configuration files the import process will create the configuration files Setting Connectors Settings XML file Create this file in the Eurekify DM module It is usually located in the directory lt Eurekify Home Directory gt lt Converter Directory gt The installation provides a default defaultsettings xml file For more information see the CA Eurekify Role amp Compliance Manager Sage DNA Data Management User Guide Mapping XML file Create this file in the Eurekify DM module It is usually located in the directory lt Eurekify Sage Home Directory gt lt Converter Directory gt The installation provides a default mapping xmI file For more information see the CA Eurekify Role amp Compliance Manager DNA Data Management User Guide Enrichment settings file Optional The data is usually downloaded from a specific endpoint You can enrich the original data by adding additional information from a second source For example you can download user information from a security related endpoint and you can then enrich the
5. ccc ce cence ene net n tent ee rererere 339 Creating a NeW URIVERS Ce Secs cece eet eea E et hel acelin eter ete arith ele ete a glee tle ee leer 340 Editing a UniverSe 6 nnn nee eraann orerar tet eet ee tn eens 344 Deleting a UNIVErSe i saisandacudasadein danse EEEIEE EEEO EEEE EATE INERAT SA 345 S tting CONNECTORS ssssssree s etch aioe 8 EEE one EE GEE EEE EE EEE GEE bel EEE EE ach EEE EE E E GEE E EEEE Gaa a GEE 346 The Connector Settings Panel Tables 0 0 ccc ccc cece nent reroror 348 Creating a New Import Connector 2 5 R S R A cere eee eee ee ee EE eee eee eee 350 Creating a New Export Connector 0 een ete ne nee eee n eens 354 R nning a CONMectOr os 026 Mo ott a Se aes Sc awe tk ae ta Sas ae See Sak aes das Seas Sa aw Sea Sa ee oe aes 357 Import Error TicketS 20 en ene nn een cnet eet n teen eet e ete eeneee 359 JOB SCHECUIING 2s tv4 th cork cond cae beew idan beans ew INEEN ASEO AEEA EEAO ASEE ARENE RESER 360 Scheduling a New Job 6 ene nee n nen n eee tn rreren oenn ene eee 361 The Jobs Table vac csccisteted tietabec tied ehea ti acad ee tieewi se Beat ane E ana TR TRE OFSA 362 Contents 9 The Transaction LOG ce een een eee nent beeen eee tbe t beens 363 Cache Manipulation ar at tier ebb ot Ro PEE BORO EE BEE TB EG te thee eae tesa teat 366 Lad Cane fiesta teewa ewes cues nin eae ean ane wees a ests means oats mee E 366 Clear Cache aeeoa Ee a E E e E E E E 367 Properties
6. y 01 02 2009 Eurekify Admin gt 2221 E Hew Role Corporate Security Open In Progress 11 Add Role 00 29 05 AD1 EAdmin 2222 Select Accountable to Role Corporate Security Archived Completed 0 Task tora Eurekify Admin Cooper Amos E P gt 2223 Role Approver New Role Corporate Security Archived Approved 0 Add Role 01 02 2009 DOMAIN Cooper J 00 35 53 Amos Cooper Amos Request to add user to role association Link User 01 02 2009 2224 a role Corporate Security user 89213720 Open In Progress 1 Role 00 38 36 oe z Cooper Amos Request to add user to role association Link User 01 02 2009 2225 a a corporate Security user 54672910 New In Progress 1 Role 00 38 36 ere IN Cooper E User Approval Request to add role Corporate Link Herman Barbara P 2234 B security Role provides resources to users who are New Prang 0 User S DOMAIN Herman invol Role San Barbara Cooper Amos Request to add user to role association Link User 01 02 2009 2226 a role Corporate Security user 91236370 New In Progress 1 Role 00 38 36 es atid Cooper Amos Request to add user to role association Link User 01 02 2009 2227 role Corporate Security user 89123140 New In Progress 1 Role 00 38 36 ne Cooper Amos E Request to add user to role association Link User 01 02 2009 2228 E a role Corporate Security user 84847310 New In Progress Role 00 38 36 Tarao Cooper Amos Request to add role to role association parent Link Role 01 02 2009 22
7. 1 eee e nee n ete orrn eee eee neenee 391 Appendix A Duplicating a Configuration 403 Appendix B Eurekify Properties 409 Sample Properties File e ee H R evan RRR de eax de See ae Shea EEREN NOE ae oe aaa eA ae wa 409 tms delegate filter 2 ene ene n een e ene n ete teen ete e eens 415 tms escalate filter Ke 0 N e ER RRR EK R ae eds oeke sees goede deeds Saas ae Se seas oaks ERRER 415 tms campaign campaign type reassign filter cc cece cent nee e een eeas 416 Appendix C Portal Structure XML 417 Sample Portal Structure XML 418 10 Portal User Guide Appendix D Eurekify Sage Configuration Data Formats 427 Users Database Elle A 536455464 ro oor I 5459 S584 4 SEES AEE ARETE DESH EELS REARS SRE 427 R source Databas File tere a ea mG OT Ta Poe ar a S 428 Configuration File anaana aeann een enn rarr r rrera aranne earrann 428 ERIE e neee EEE RER EE N EE EE E EE AEE EE EEE sade sates 429 Relations hiDS amen teeta 429 Glossary 431 Index 435 Contents 11 Chapter 1 Introduction CA Eurekify Role amp Compliance Manager software provides solutions for the design implementation ongoing management and auditing of role based privileges as well as solutions for the full enterprise compliance life cycle In 2008 Eurekify was acquired by CA the world s leading independent IT management software company This manual provides an overview and step by step instructions on how to use the Eurekify P
8. 441234567 Enrolled 1 2 1 2 1 2 0 2 0 2 0 2 0 2 0 2 0 2 0 2 Records per page the results are in the Resources table OEN SS S OUOU Test Compliance Copyright C 2008 Eurekify All Rights Reserved Build 08 11 26 01 Chapter 11 Running Self Service Tasks 253 Defining a New Role To assign users resources and role hierarchy to the new role 1 Select users resource and or role hierarchy entities Utilize the Find Entity filter and the Suggest Entity utility when necessary 2 Click Test Compliance to check your selections for violations 3 Click Submit to submit the new role definition request The Requests screen opens The Requests screen provides both the new role s attributes and links Enterprise Role and Compliance Manager Home Ticket Queue Dashboards Self Service Entity Browser Reports Administration Logout DOMAIN Herman Barbara Senior manager in charge of local IT 54672910 Organizational Role IT Security Branch Corporate Organization IT Security Name Steven Pat 45489940 Steiven Pat 45489940 Fred John 86544420 Fred John 86544420 Angel Ben 67283470 Angel Ben 67283470 Resource UGFIN1 TSSCREDIT TSS50 Top Secret on MVSCREDIT UGFIN1 TSSCREDIT TSS50 Top Secret on MVSCREDIT Resource UGFINMGR TSSCREDIT TSS50 Top Secret on MVSCREDIT UGFINMGR TSSCREDIT TSS50 Top Secret on MVSCREDIT 4 Click Back to amend the data 5 Click Submit to forward t
9. Users to update No records were found Users To Fix these users are missing a login field data No records were found 5 If the system identified records that need to be updated or fixed check the system suggestions and act as necessary Note We recommend that you use the Eurekify Sage DNA module to fix the records Chapter 15 Using Administration Functions 375 RACI Operations RACI Operations Create RACI 376 Portal User Guide The RACI model is a tool that can be used for identifying roles and responsibilities during an organizational audit thereby making the audit process easier and smoother The model describes what should be done by whom during audits and when corporate changes take place RACI is an abbreviation for R Responsible who owns the problem project A Accountable to whom R is accountable who must sign off Approver on work before it is accepted C Consulted who is to be consulted who has information and or the capability necessary to aid in completing the work I Informed who must be notified of results but does not need to be consulted The Eurekify Portal uses RACI for various purposes Its main use is for the purpose of identifying entity managers Approvers It is important that every model configuration that you wish to audit be run through the RACI generator so that the Approvers will be listed correctly The RACI utility takes the data in the fields you identifie
10. Chapter 11 Running Self Service Tasks 209 Manage My Team s Role Assignments To enter the data in the MMT Role General section 1 Select a Universe from the drop down list 2 Enter the Business Area for the current action 3 Enter the Business Process associated with the current action 4 Enter a Description Presenting the Users Table MMT Role Screen Users Showing 1 to 10 of 69 441234567 gt Person ID Name Organization Organization Type 98383770 Rolen Dave Finance Corporate 84847310 Goid Wiliam Human Resources Corporate 86544420 Fred John System Management Corporate 75676560 Rodney Sergio Database Administrators Corporate 75464420 Cohen Steve System Management Corporate 86023090 Sterling Kent Human Resources Corporate 88311130 Goodman Bruce Marketing_Dept Corporate 67565330 Schwarts Barry Human Resources Corporate 99883110 Bean Frank Purchasing Corporate 89213720 Orr Taylor IT Security Corporate Customize Records per page 19 210 Portal User Guide Manage My Team s Role Assignments The Users table displays a list of the users in the selected Universe s configuration files The members of your team are marked with a green dot next to their Person ID The Users table provides the following options Add A column of check boxes one per user Select one or more When you check multiple users all the changes you make will be implemented for all select
11. Creating a New Export Connector see page 354 Scheduling a New Job see page 361 Chapter 4 Showcasing the Eurekify Portal Enterprise information security auditing has become increasingly relevant following new US and world wide legislation mandating corporate and enterprise auditing The computer security audit is a systematic measurable technical assessment of how the confidentiality availability and integrity of an organization s information is assured CA Eurekify Role amp Compliance Manager is capable of performing such security audits and it can also assist you in upgrading your information security The Eurekify Portal provides the Campaign facility as a tool towards assessing your corporate compliance with BPRs Best Practice Rules and the relevant legislation It is recommended that you run campaigns regularly on a quarterly or annual basis though critical information systems dealing with sensitive information or large monetary transactions should probably be audited as often as once a month Running a Campaign Campaigns review the system s permissions thereby assuring that only users with the appropriate provisioning can access the corporate resources and that users who should not have access to various resources are indeed barred from them The Eurekify Portal campaign provides you with two basic options either to approve the corporate permissions sent to you for review or to reject them and notify t
12. Self Service Task Approval Root Request For example Add Role Approval Root Request Description A description of the ticket It includes The universe name and the source of the request For example Approval Root Request Request was submitted on Universe Portal from Update Role This section covers the following topics m The Role Definition Approval Root ticket s General functions The Role Definition Approval Root ticket s Advanced functions 268 Portal User Guide Role Definition Approval Root Ticket More information The Ticket Properties Form see page 83 Approval Root Ticket General Functions Role Definition see page 269 Approval Root Ticket Advanced Functions Role Definition see page 270 Approval Root Ticket General Functions Role Definition The Role Definition Approval Root ticket provides the following General functionality Close Closes the ticket Save Saves the changes made to the ticket Delegate Transfers the ticket tree to another manager Escalate Transfers the ticket tree to another manager Start Process For regular Approval Processes this button is disabled as the procedure starts automatically when the tickets arrive in the approvers Ticket Queues Cancel Process Allows you to manually stop the Approval Process at any stage Acknowledge This function is disabled until the Approval Process has been completed More information Escalate see page 154 Delegate
13. lt data gt com eurekify web TxLogPage lt data gt lt checkPermission gt true lt checkPermission gt lt tag gt lt tag id LoadCachePage gt lt type gt internal lt type gt lt label gt Load Cache lt label gt lt data gt com eurekify web LoadCachePage lt data gt Appendix C Portal Structure XML 423 Sample Portal Structure XML lt tag gt lt tag id ClearCachesPage gt lt type gt internal lt type gt lt label gt Clear Cache lt label gt lt data gt com eurekify web ClearCachesPage lt data gt lt tag gt lt tag id CreateRaciPage gt lt type gt internal lt type gt lt label gt Create RACI lt label gt lt data gt com eurekify web CreateRaciPage lt data gt lt checkPermission gt true lt checkPermission gt lt tag gt lt tag id SyncRaciPage gt lt type gt internal lt type gt lt label gt Syne RACI lt label gt lt data gt com eurekify web SyncRaciPage lt data gt lt checkPermission gt true lt checkPermission gt lt tag gt lt tag id TmsAdmin gt lt type gt external lt type gt lt label gt TMS Administration lt label gt lt data gt SAGE_SERVICE_URL tms ui admin lt data gt lt checkPermission gt true lt checkPermission gt lt tag gt lt tag id Settings gt lt type gt internal lt type gt lt label gt Settings lt label gt lt checkPermission gt true lt checkPermission gt lt tag id ConnectorSettings gt lt type gt internal lt type gt lt la
14. Campaign Manager lezat Approver Campaign 9 Owner Eurekify Admin AD1 EAdmin Eurekify Admin AD1 EAdmin w Eurekify Admin AD Helmuth Howard EAdmin Flag Lee DOMAIN Flag Lee Garr Jim DOMAIN Garr Jim Hope Collin DOMAIN Hope Collin g Cooper Amos To escalate a campaign you have to select a user from the list of appropriate users Browse Tickets Windows Internet Explorer 7 http localhost 8080 eurekify tms uif wicket interFace 9 Find Escalate Users Where Choose Field Where Choose Field Where Choose Field OK UserName Rodney Sergio Moris Bill Rolen Dave Fred John Deer Alex Goid Wiliam Sharon Johnson Moos Steve Rojer Dave Steiven Pat Organization Database Administrators System Management Finance System Management Fifth Ave Branch Human Resources Fifth Ave Branch Human Resources Stamford Branch System Management Cancel OrganizationType Corporate Corporate Corporate Corporate Branches Corporate Branches Corporate Branches Corporate Email 75676560 company com 47868650 company com 98383770 company com 86544420 company com 91238730 company com 84847310 company com 89123470 company com 87623450 company com 88490390 company com 45489940 company com Title A 412345 DB Developer Developer Accountant Developer Branch Officer Clerk Psychologist Branch Officer Clerk HR Officer Branch Off
15. Create RACI Configurations Choose Universe Create RACI e Successfully Created RACI configurations for Portal Note If the RACI configuration files become corrupted you can access them through the Eurekify DNA module On the File menu click Review Database This allows you to view delete the files More information Eurekify Configuration Settings see page 374 Synchronize RACI Once the Universe s RACI configuration is created it needs to be maintained in order to account for additional entities which are added to the universe and therefore should also be reflected in the Universes RACI Note RACI synchronization does not affect the links already present in the RACI configurations It just adds new entity data or deletes entities that no longer exist This means that if an existing entity s manager was changed the Synchronize RACI utility will not update this information Chapter 15 Using Administration Functions 377 TMS Administration To synchronize the RACI configurations 1 On the Administration menu click Sync RACI The Sync RACI Configurations screen opens Enterprise Role and Compliance Manager _ eure ify Home Ticket Queue Dashboards Self Service Entity Browser Reports Administration Logout AD1 EAdmin Choose Universe Choose One Sync RACI 2 Select a Universe from the drop down 3 Click Sync RACI An appropriate notice appears when the process is completed TMS Administra
16. Critical Severity Set the severity level The available options are Minimal Medium m Serious Urgent Critical 352 Portal User Guide Setting Connectors To create a new Import Connector 7 8 9 10 11 12 13 14 In the Connector pane click Create New Enter the name of the new Import Connector Provide a clear and concise Description of the import connector Select the Universe from the drop down list Enter the name and location of the Settings XML File You have to provide the full path and file name You can locate the file using your systems file browser and copy the name and path from the Address bar and paste it in the text box Enter the name and path of the Mapping XML File You have to provide the full path and file name You can locate the file using your systems file browser and copy the name and path from the Address bar and paste it in the text box Optional Provide the name and path of the Enrichment Settings file Enter the Remote system login password for accessing the endpoint Provide an upper estimate in seconds for the Max duration time Select the appropriate converter s Connector Java Class Select the default Workflow process name Select the default import Ticket Type Select the Priority Select the Severity When the new import connector is created it appears in the Connector Settings Import table More information Tickets and the Ticket Queue see page
17. ID Title Status Children Typey Received Owner w Approval 29 12 2008 1158 E G user Review Approval Root Request Open In Progress if eee 1346 29 Eurekify Admin Request to remove user to resource association Delete 1159 E G resource UGMPBR RACFPROD RACF22 Production Open In Progress 2 Link User RACF Resource 29 12 2008 Eurekify Admin 13 46 30 AD1 EAdmin User Approval Request to delete resource Delete 1199 E UGMPBR RACFPROD RACF22 Production RACF fromOpen ae 0 Link User oberg fora user Joe Dass Resource 13 47 Resource Approval Request to delete resource gaia Delete Keren Cindy 1200 UGMPBR RACFPROD RACF22 Production RACF fromNew kendng 0 Link User DOMAIN Keren user Joe Resource Cindy 29 12 2008 13 47 21 166 Portal User Guide Approval Process Root Ticket Note Under some circumstances only a single ticket is located below a Rejected Link Parent ticket The ticket is then a Notification ticket that informs you of the reason why the expected approver tickets are not present When you click the ticket title you open the Ticket Properties Form in a separate browser window Ticket Properties Form Windows Internet Explorer DAR le http localhost 8080 eurekify tms ui wicket interface 14 M Approval Root a Ticket Id 1158 Owner Eurekify Admin Previous Owner Status In Progress v Due Date 29 12 2008 18 46 29 Priority Low Severity Minimal State Open v Modified Date 29
18. La Internet Click View Consult Results to view the View Consult Results screen in a separate browser window Click Close to close the browser window Chapter 9 Approval Process Tickets 187 Approval Process Info Tickets Approval Process Info Tickets When specific Approver ticket s owner completes an approval process that is the designated Approvers approved or rejected a request to sever a link between two entities all the users connected to the process are informed of the decision The Eurekify Portal sends a ticket to inform the concerned parties that a change has taken place regarding a specific link The users who will receive this ticket are The Approvers entity managers who approved or rejected the link The Campaign Manager m When the reviewed link involves a user then the user is informed of the change All the info tickets for a specific event provide the same information and functionality independent of who receives them The ticket is marked by the icon L After it is opened the icon changes to Enterprise Role and Compliance Manager __ eureXify Home Ticket Queue Dashboards Self Service Entity Browser Reports Administration Logout DOMAIN Angel Ben State Status Children Type Received Owner Previous Owner Delete Pending Link 29 01 2009 Action User 09 15 10 Role Request to delete role Organization System 1979 management Characteristic Role 100 0 Min 40 New from Ange
19. Role definition tickets These tickets provide a final review of role definition requests Defining a new role a Updating the definition of an existing role This section contains the following topics Ticket Life Cycle see page 71 Ticket Tables see page 76 Administrator View User View see page 82 The Ticket Properties Form see page 83 Info tickets see page 91 Ticket Life Cycle Ticket Life Cycle The ticket s purpose and functionality governs its life cycle A ticket life cycle can be very simple or extremely complex You can gain information on a specific ticket s current situation by checking the fields State and Status either in the Ticket Queue table see page 76 or in the Ticket Properties Form window see page 83 Tickets are generated by the system and sent to their designated owner state New Status Pending Action Once they are opened even if no action has been taken the ticket state changes to Open Depending on the ticket type other types of action may be possible When the ticket has been processed the ticket state changes to Done and you can archive the ticket As tickets can be hierarchal that is actions taken on a ticket located higher in a ticket tree can impact on a ticket lower in the tree For example a campaign ticket tree consists of the Owner ticket root ticket and the associated Approver tickets The number of Approver tickets associated with a specific campai
20. Step 2 Creating Import Connectors 44 Portal User Guide After you have defined the universe that you intend to audit you need to import the user and user privileges data from various end points This requires you to define import connectors Connectors allow you to import export for example Active Directory CSV RACF or SQL files into the ERCM using a pre defined converter thereby creating a communications link to the downloading uploading production server The connectors are defined as either import connectors or export connectors and utilize a specific pre defined converter see CA Eurekify Role amp Compliance Manager Sage DNA Data Management User Guide Import refers to downloading the system s true user resource and role when available configuration data Export refers to uploading the desired changes in user resource and role data generated following an audit You will need the following information when you create a new connector Name and location of the converter s Settings XML file see CA Eurekify Role amp Compliance Manager Sage DNA Data Management User Manual Name and location of the converter s Mapping XML file see CA Eurekify Role amp Compliance Manager Sage DNA Data Management User Manual Optional Name and location of the Enrichment Settings file see CA Eurekify Role amp Compliance Manager Sage DNA Data Management User Manual m Name of the converter s Java Cla
21. Tickets and the Ticket Queue see page 69 The dashboard automatically shows users useful information as they go about their tasks The Self Service menu provides access to a series of provisioning operations Self Service supports quick and easy user management by allowing the administrators managers on the fly access to role and resource assignment requests for themselves and their team members The Self Service menu provides the following functions Manage my team s role assignments Manage my role assignments Manage my team s resources assignments Manage my resource assignments Request a new role definition Place a request to alter a role definition More information Running Self Service Tasks see page 197 Entity Browser Reports Menu Menu Bar The Entity Browser opens the Eurekify Portal s Entity Browser Page Here you can view information concerning Users Roles or Resources for a selected Universe under a selected configuration The information is presented in three tables where only one entity is visible at a time Users table Roles table Resources table More information Introducing the Entity Browser see page 311 The Reports menu provides access to the following families of reports Configuration reports Privileges quality management reports Role management reports Policy management reports Campaign Reports Chapter 2 Using The Eurekify Portal Interface 37 Menu Bar Admi
22. Introducing the Requests Table Add Role stages Stage 1 Select Accountable A Task ticket sent to the Self Service task manager Stage 2 Role Approver An Add Role ticket sent to the Role manager Stage 3 Link Approval Process sub trees One Link Entity Role parent and one Link Entity Role approver ticket for each request made during the original Self Service task The parent ticket is always assigned to the Role manager Update Role definition stages Stage 1 Role Approver An Update Role ticket sent to the Role manager This ticket is generated only when a request to Add entities is made Stage 2 Approval Process sub trees One parent and one approver ticket for each request made during the original Self Service task The request can be to either add a link or remove a link between the role and another entity The parent ticket is always assigned to the Role manager The ticket tree generally comprises four families of tickets Approval Root ticket This ticket belongs to the Self Service manager Each approval process has only one root ticket Main Request Parent ticket This ticket type depends on the type of request made during the role definition task There are two possible sources for this ticket Add Role Parent ticket When a new role is generated this is the main parent ticket Below it you will find the Task ticket used to select the role s accountable the role managers approver ticket and the set of subtre
23. Mapping XML file Create this file in the DM module It is usually located in the directory lt Eurekify Sage Home Directory gt lt Converter Directory gt For further information see the CA Eurekify Role amp Compliance Manager Sage DNA Data Management User Guide Remote system login password The password is not saved within the system settings Provide it at this point Max duration time seconds Provide an estimate of how long the export process takes This is useful when you know how long it should take and therefore a longer export time indicates that there is a problem The export process will end when the specified time is over Connector Java Class Select the Java Class that matches the converter you will be using to import the data from the system s endpoints Sbt classes enable the connection between the Eurekify Portal which was written in Java and the Eurekify Sage DNA which is not Workflow process name Select the default export process You can use the bundled Workpoint BPM engine to generate additional workflow processes Ticket Type Tickets are work items that can be viewed in the Ticket Queue Select the default export ticket type Priority Set the priority level The available options are m Low Normal m Rush Critical Severity Set the severity level The available options are a Minimal Medium m Serious m Urgent Critical Chapter 15 Using Administration Functions
24. The associated Roles and Resources tables appear 2 Click the check box in the Y column next to the user s role s and or resource s that you want to approve 3 Click Save The selected links are approved and the relative progress made is reported on the Approver Progress bar Note Replace user in the above procedure with either resource or role for instructions on how to approve Role links or Resource links Ticket Properties Form Windows Internet Explorer DER 7 http localhost 8080 eurekify tms uif wicket interface 20 vi Campaign Manager Approver Ticket Id 756 Owner Cooper Amos Previous Owner Status Pending Action v Due Date 15 01 2009 00 00 00 Priority Normal lt Severity Medium State Open Modified Date 22 12 2008 17 16 24 Date Created 21 12 2008 12 28 38 Title User Certification Eurekify Admin Resource certification Description User Certification Eurekify Admin Resource certification Reassigned From pi eer 1A X gt Progress Violations PersonID UserName Organization OrganizationType Comment OOO mm 3 6 Joe Dassin 99883136 Joe Dassin Sales Corporate Ef Attachments Comments Add Comment Add Attachment View Initiators View Transaction Log CE internet Q100 140 Portal User Guide Auditing Links Rejecting a Link When a link is rejected during a campaign the rejection does not become final until it is reviewed
25. View Parent see page 163 View Entity see page 165 View Children see page 163 Add New Role Ticket Tree Self Service Request New Role Approver Ticket During the third stage of an Add New Role Approval Process after the role manager has approved the suggested links to the new role a new set of Approver tickets is generated These tickets are standard Link Entity Role Approver tickets one for each link requested during the Request New Role Definition task Ticket Properties Form Windows Internet Explorer le http flocalhost 8080 eurekify tms ui wicket bookmarkablePage com eurekify tms web template DefaultTicketPage ticketId 2237 2237 Owner Cooper Amos DOMAI Previous Owner an Status Pending Action y 01 02 2009 05 38 49 Priority Low lt Severity Minimal Y State open Modified Date 02 02 2009 00 17 22 Date Created 01 02 2009 00 38 49 mies Approval Request to add role Corporate Security Role provides resources to users who are involved with security at the corporate level to user Orr Taylor 8921372 Description Approval Request to add role Corporate Security Role provides resources to users who are involved with security at the corporate level to user Orr Taylor iano Request was submitted on Universe Portal from Add Role lt lt Less Details nfiguration Name Model2_ConfigWithRoles ID 89213720 Name Corporate Security pproval Process Result lt ir Internet The
26. cc ccc cece cece teen eens 174 Rejected Link Parent Ticket Advanced Functions 0 ccc ccc cece cee tne t eens 175 Approval Process Approver Tickets 176 Approver Tickets General Functions 177 Approver Tickets Advanced Functions 0 ccc cece cece cece e nent net errer 185 Approval Process Info TicketS 0 0 ccc ee ence tent e teen een teen eee n eens 188 General Approval Process Info Ticket Functions 0 ccc ccc cee cnet ete eens 190 Advanced Approval Process Info Ticket Functions 0 ccc cece cece teen eee n 191 Chapter 10 How to Use Dashboards 193 Configuration Dashboard 1220 a a cia a h THERE ERRER 193 Contents 7 Audit Card Dashboard a R R ccc cece cece cence ee een cece eens eee eens a 194 Compliance Dashboard acide ra eaaa REER ERER EERE EE GRRE E eae ee A T 195 Chapter 11 Running Self Service Tasks 197 General Self Service Functions cce ee e e e e e e e s00cc cece cece eee eee RRR RRR ESTEE EN 199 Test Compliance eerste ever caer eee aaa en re ee ea eS 200 Suggesting Entities 2 5 lt 24454 446454544 92446 8268S ERE EEL HERE BEBE EE EERE EE E EEE REE S 202 Manage My Team s Role Assignments 0 cece cece cece eee n een rrer eee e een e eee 207 Presenting the General Section MMT Role Screen 0 ccc ete t ete eens 209 Presenting the Users Table MMT Role Screen 210 Presenting the Currently Enrolled Roles Table Manage My Roles Screen 212 Prese
27. 136 Portal User Guide Auditing Links When you expand the tree for each entity listed in the table you will see entity tables for the linked entities The following table describes the entity tables found in each Approver Ticket type User Campaign CMA Main entity table Users Link tables Roles and Resources Role Campaign CMA Main entity table Roles Link tables Users Resources Child Roles and Parent Roles Resource Campaign CMA Main entity table Resources Link tables Users and Roles Note Only the ticket owner can approve or reject a link The campaign owner can reassign a specific link within a Campaign Approver ticket to another approver Ticket Properties Form Windows Internet Explorer el http localhost 8080 eurekify tms ui wicket bookmarkablePage com eurekify tms web template Default TicketPage amp ticketId 756 r Campaign Manager Approver Ticket Id 756 Owner Cooper Amos Previous Owner Status Pending Action Due Date 15 01 2009 00 00 00 Priority Normal Severity Medium v State Open x Modified Date 22 12 2008 17 16 24 Date Created 21 12 2008 12 28 38 Title User Certification Eurekify Admin Resource certification Description User Certification Eurekify Admin Resource certification Save and Reassign Hide Selected Reassigned From poprover Progess eres 1 X T Progress Violations PersonID UserName Organization OrganizationType Comment Booo w 3 6 Joe Dassin 99883136
28. 21 12 2008 12 29 06 Title Resource certification User Certification Description End of year review Universe Portal Campaign Type USER Auto Generate Permissions Configuration Model2_ConfigWithRoles Link Filter Direct Dual Audit Card Entity Fitter No Filter lAttachments Comments Owner Note Received R 21 12 2008 12 29 06 Eurekify Admin AD1 EAdmin Delegated to Cooper Amos Campaign Management o View Campaign Progress C internet 112 Portal User Guide Ticket Queue gt General Campaign Ticket Functions A comment is generated stating that the campaign has been Delegated to current owner This comment appears in both the old root ticket and in the new root ticket The new root appears as the top level in the new owner s campaign ticket and as the second level in the previous owner s archived campaign ticket Archived Tickets gt ID Title State Status Children Type Received Owner L fi fi kify Admir 755 E Resource certification User Certification Archived Delegated Campaign 1s ae arrie 834 756 758 AD1 EAdmin S Pending 21 12 2008 a Eurekify Admin AD B Resource certification User Certification Open Action Campaign 13 29 06 Cooper Amos EAdmin gt User Certification Eurekify Admin Resource Hidden Pending Campaign 54 42 2008 z Brata Manager 5 50 Cooper Amos certification Action Approver 2 28 38 e E Campaign 4 Herman Barbara
29. 40 E Resources 4 x X d Namel office2003 2003 WinNT MS office2003 e mail outlook WinNT MS email UGMPBR RACFPROD RACF22 Production RACF UGADGEN1 Administration ROOT NOVELADM Novell4 NOVELADM Novel4 Active Directory Admin1 Name2 Hame 2003 WinNT outlook WinNT RACFPROD RACF22 2 Attachments comments Add Comment Add Attachment Characteristic Role 0 6 0 UserName Joe Dassin Comment E Organization Sales OrganizationType Corporate Organization Rule Owner History Comment Ef E Type Org Role Sales Organization Sales 99883135 History Org Role Sales Organization Sales 99883135 History Location San Mateo CA San Mateo CA Irvine CA Description Managerid owner History Comment MS office2003 91236370 History MS email 91236370 History Production RACE 77292450 History Active Directory 67283470 Admin1 Portland OR History View Initiators View Transaction Log You can click the violation number to display the relevant violations in a separate browser window Violations Windows Internet Explorer Date Status First 2009 01 06 16 21 04 0 2009 01 06 16 21 04 0 Suspected Resource Link 336 Portal User Guide Joe Dassin 99883136 Joe Dassin Suspected 799883136 Second office2003 2003 WinNT MS office2003 office2003 2003 WinNT MS office2003 Start Approval Process from DNA
30. Add RemoveEnrollment Res Name 1 Res Hame 2 Res Hame 3 Description ManagerID Owner Location o 1 4 25 PUBLIC RACFPROD RACF22 RACFPROD RACF22 Production RACF 77292450 Irvine CA UGADGEN1 Administration Active Directory 1 4 25 ROOT NOVELADM Noveli4 Admini UGADMGR Administration Active Directory ROOT NOVELADM Novell4 Manager NOVELADM Novel4 67283470 Portiand OR 1 4 25 NOVELADM Novel4 67283470 Portland OR E E 1 4 25 UGHR RACFPROD RACF22 RACFPROD RACF22 Production RACF 77292450 Irvine CA San Mateo CA San Mateo CA San Mateo CA 3 4 75 e mail outlook WinNT outlook WinNT MS email 91236370 3 4 75 office2003 2003 WinNT 2003 WinNT MS office2003 91236370 1 4 25 public UNXMARKT Solaris26 UNXMARKT Solaris26 Marketing Sun Server 89123140 Chapter 11 Running Self Service Tasks 231 Manage My Team s Resources 232 Portal User Guide In the case of multiple user selection you can m Click the Remove check box next to a resource thereby severing the link between the users and the selected resource m Click the Add check box next to a resource to which only some of the selected users were enrolled thereby linking all the chosen users to the selected resource The Currently Enrolled Resources table provides the following options Add A column of check boxes one per resource Select one or more The check boxes next to resources that are already linked to a
31. As the first step in any role definition approval process is to allow the role manager to approve the links added to the role the Role Links table provides a list of the entities that were listed as Add requests in the Requests table Requests to remove links are processes separately This table provides lists for each possible entity m Users to add m Resources to add m Parent roles to add Children roles to add If any of the options are empty it will not appear in the table This section is informational only Note You cannot access any of the entity cards for the entities listed here 276 Portal User Guide Role Definition Main Request Parent Ticket Main Parent Ticket Advanced Functions Role Definition The Role Definition Main Parent ticket provides the following Advanced functionality Add Comment Manually add a comment to the ticket Add Attachment Add an attachment or URL to the ticket View Transaction Log The transaction log provides a history of the ticket related actions executed since the creation of the ticket View Parent Opens the current ticket s parent s ticket View Initiators View of list of the users who launched this ticket View Children Opens a table which provides you with information concerning all the nodes leaves that are located below the current ticket For the Approval Process Root ticket this means that you can view information concerning the various Approver Process tickets and sub subt
32. Ben Godheart Dan DOMAIN Godheart Dan Keren Cindy DOMAIN Keren Cindy Allen Sherman DOMAIN Ian Sharoni manually stop 119 Campaign Management Functions Restart Campaign The ability to restart a campaign is enabled only when you manually stop a campaign Campaign Management Start Carnpaign Stop Carnpaign Restart Campaign When you restart a campaign the approver tickets are once again accessible to the Approvers You will see them listed as state New in your Ticket Queue but their status will reflect their status prior to the campaign s manual cessation For example if an Approver managed to complete his assigned reviewing tasks while the campaign was running this Approver s ticket status will be Completed After you restart the campaign this Approver ticket s status will show that the process has been already completed gt ID Title State Status Children Type Received Owner 18 12 2008 Eurekify Admin 16 41 08 AD1 EAdmin Pending Faik 18 12 2008 Flag Lee ory Action Approver 16 41 08 DOMAIN Flag Lee Campaign resource Certification Angel Ben Resource1 New Completed Manager nna Approver 7 Campaign a Godheart Dan pel Manager 18 12 2008 DOMAIN Godheart Approver Dan Campaign a Keren Cindy i Manager ce DOMAIN Keren Approver Y Cindy Campaign Allen Sherman Drede Manager 18 12 2008 DOMAINN Ian Approver 7777 Sharoni 619 E G Resource Resource Certification Open
33. El User Certification Herman Barbara Resource Hidden Pending Foner 21 12 2008 DOMAIN Herman To delegate a campaign you have to select a user from the list of appropriate users Find Delegate Users Where Choose Field x contains Where Choose Field x contains Where Cho ose Field x contains Cancel Showing 1 to 30 of 140 4 412345 UserName Organization OrganizationType Email ie Title Rodney Sergio Database Administrators Corporate 75676560 company com DB Developer Moris Bill System Management Corporate 47868650 company com Developer Rolen Dave Finance Corporate 98383770 company com Accountant Fred John System Management Corporate 86544420 company com Developer The Find Delegate Users window is divided into two sections The filter Located in the window s header The filter lets you narrow down the list of proposed approvers The proposed users This table presents a pre filtered list of users who can receive the delegated approval task s This list can be filtered to aid in finding a specific user The names listed in the proposed approvers list are governed by several default property filters of the type tms delegate filter Chapter 7 Running Campaign owner Tickets 113 General Campaign Ticket Functions To delegate an campaign 1 Click Delegate in the Campaign Ticket s Properties Form The Find Delegate Users screen opens 2 Select a name from the list You can use th
34. Escalate Transfers the ticket tree to another manager Cancel Process Allows you to manually stop the Approval Process at any stage Chapter 12 Role Definition Tickets 295 Add New Role Ticket Tree More information Escalate see page 154 Delegate see page 157 Cancel Process see page 169 New Role Parent Ticket Advanced Functions 296 Portal User Guide The Request New Role Parent ticket provides the following Advanced functionality Add Comment Manually add a comment to the ticket Add Attachment Add an attachment or URL to the ticket View Transaction Log The transaction log provides a history of the ticket related actions executed since the creation of the ticket View Parent Opens the current ticket s parent s ticket View Initiators View of list of the users who launched this ticket View Children Opens a table which provides you with information concerning the leaf that is located below the current ticket For the Request Parent ticket this means that you can view information concerning the link s Approver ticket View Role Opens the Role s card View Entity The Add New Role Approver tickets review links between the new role and other entities This button will provide you with the entity card associated with the entity to be linked to the new role More information Add Comment see page 87 Add Attachment see page 89 View Transaction Log see page 90 View Initiators see page 162
35. Eurekify Admin AD1 834 E Resource certification User Certification Open EAdmin 9 Campaign Cooper Amos Cooper Amos 872 HB user Certification Cooper Amos User Review New DOMAIN Cooper Amos Chapter 2 Using The Eurekify Portal Interface 27 User Interface The Entity Card You will come across entity lists in table format while using the Eurekify Portal In most of these tables one or more column s have active links allowing you to view further information concerning a specific entity user role or resource For example when running the Self Service option Manage my Team s Role Assignments you can view a Users table The content in the column showing the Person ID user s ID is highlighted When you click on any specific Person ID the specific user s card opens in a separate browser window Enterprise Role and Compliance Manager ooper Amos 54672910 Configurtion Model2_ConfigWithRoles Person ID 54672910 Name Cooper Amos Organization TT Security Organization Type Corporate Country US Location Pennsylvania Title IT Manager Cost Center 23456 Suspended No Manager ID 64646410 E Mail 54672910 company com Login ID DOMAIN Cooper Amos R Resources Description Type Organization Basic role for all users that have access to IT Org Role Enterprise Organization IT Security Characteristic Role 100 0 Min 40 Org Role IT Security Customize Filter 28 Portal User Guide User Interface The e
36. Home Page My Business Processes Manage My Team s Role Assignments Manage My Team s Resources Assignments 198 Portal User Guide When you first access a Self Service task screen you may find the following error message Manage My Resources Business Area Universe Demo1 w Business Process Description Login user not found in model Currently Enrolled Resources General Self Service Functions The message Login user not found in model appears because the Universe currently listed in the Universe drop down is the first one in the list but it may not be the universe where you are listed As soon as you update the Universe to an appropriate one where you are listed this error message will disappear This section contains the following topics General Self Service Functions see page 199 Manage My Team s Role Assignments see page 207 Manage My Role Assignments see page 218 Manage My Team s Resources see page 226 Manage My Resources see page 237 Defining a New Role see page 244 Updating Role Definitions see page 255 Introducing the Requests Table see page 257 General Self Service Functions The Self Service tasks functionality depends on the specific task that you undertake Nevertheless several functions are shared by several tasks This section describes two such functions Test Compliance Suggest Entity It is important to realize that you can use the S
37. Low v Severity Minimal Open Modified Date 01 02 2009 16 55 42 Date Created 01 02 2009 14 05 45 Title Update Role Organization Marketing_Dept Description Update Role Organization Marketing_Dept More Deta gt Add Attachment View Transaction Log View Initiators Done LE internet 100 272 Portal User Guide Role Definition Main Request Parent Ticket Ticket Id Owner Eurekify Admin AD1 Previous Owner Status In Progress Due Date 01 02 2009 05 29 04 Priority Low Severity Minimal State open Modified Date 01 02 2009 00 38 37 Date Created 01 02 2009 00 29 05 New Role Corporate Security New role Corporate Security Model2_ConfigWithRoles DOMAIN Cooper Amos Corporate Security Rule Organization2 Organization Type Owner Description Organization3 Organization IT Security null null Enterprise 41T Security Organizational Role 546729102 Role provides resources to users who are invoh 89213720 54672910 91236370 89123140 84847310 sers To Add d Roles To Add ent Roles To Add ources To Add s To Remove d Roles To Remove arent Roles To Remove Resources To Remove Approval Process Result Organization IT Security public UNXMARKT Solaris26 PUBLIC RACFPROD RACF22 UGMTSYS RACFTEST RACF22 Organization Organization Type Owner Description Enterprise IT Security Organizational Role 546
38. Master Configuration Specifies the configuration used as a reference in comparing several configurations The drop down shows all configuration files in the database Master Configuration Label Defines a text label for the reference configuration Configuration n Specifies a configuration that is compared to the master configuration The drop down shows all configuration files in the database Parameters and Filters for Report Generation Label Defines a text label for the corresponding configuration Use the following parameters when working with campaign related reports Campaign Specifies the campaign the report will reference The drop down lists all campaigns defined in the portal All Approvers All participants who must approve privileges for users or resources they manage are included in the report Select by Field Specifies a user attribute field used to select participants The drop down shows all user attributes defined in the campaign s affiliated configuration file Select an attribute and existing values in the configuration file are listed Click a value to use it as a filter Only participants with that attribute value are included in the report Use the following parameters with the Life Cycle Report Universe Specifies the universe the report will reference The drop down lists all universes defined in the portal Configurations Specifies the configurations in the universe to use for the report
39. Running Campaign owner Tickets 105 Info tickets Advanced provides additional functionality such as the ability to add comments or attachments view the transaction log or view the campaign children Ticket Properties Form Windows Internet Explorer DER 7 http localhost 8080 eurekify tms uif wicket bookmarkablePage com eurekify tms web template DefaultTicketPagesticketId 465 Campaign Ticket Id 465 Owner Previous Owner isd Status pending Action v Due Date 91 01 2009 00 00 00 Priority Normal Y Severity Medium State Open w Modified Date 16 12 2008 19 41 40 Date Created 16 12 2008 18 37 42 Title User Certify Dec 2008 User Certification Description User Certification Campaign for the end of 2008 Universe Portal Campaign Type USER Auto Generate Permissions true Configuration Model2_ConfigWithRoles Link Filter Direct Dual Audit Card Entity Filter No Filter Attachments omments Campaign Management Start Campaign stop Carnpaign Restart Carnpaign Start Approval Processes View Campaign Progress Send Reminder Add Comment Add Attachment View Transaction Log View Children gt gt This section contains the following topics Campaign Ticket Data see page 107 General Campaign Ticket Functions see page 111 Campaign Management Functions see page 117 Campaign Ticket Advanced Functions see page 126 Campaign Approver Tickets see page 128 106 Portal User Guide C
40. System Management Fifth Ave Branch Human Resources Fifth Ave Branch Human Resources Stamford Branch System Management Select Cancel OrganizationType Corporate Corporate Corporate Corporate Branches Corporate Branches Corporate Branches Corporate Email 75676560 company com 47868650 company com 98383770 company com 86544420 company com 91238730 company com 84847310 company com 89123470 company com 87623450 company com 88490390 company com 45489940 company com A 412345 gt Title DB Developer Developer Accountant Developer Branch Officer Clerk Psychologist Branch Officer Clerk HR Officer Branch Officer Clerk Security Admin Manager a internet 100 The Find Delegate Users screen is divided into two sections The filter Located in the window s header The filter lets you narrow down the list of proposed approvers The proposed users This table presents a pre filtered list of users who can receive the delegated approval task s This list can be filtered to aid in finding a specific user The names listed in the proposed users list are governed by several default property filters of the type tms delegate filter To delegate a ticket 1 Click Delegate in the ticket s Ticket Properties Form The Find Delegate Users screen opens 2 Select a name from the list You can use the filter option to reduce the number of records listed in the table 3 Click OK The Ex
41. The number of children tickets changes over the course of the Approval Process During the first stage there is usually only one child ticket as the Approval Process moves on and generates the entity Approver tickets the number of children will increase to include the number of discrete requests made during the original Role Definition request plus whatever individual tickets were generated along the way Search Customize Admin View Refresh ID Title 2259 D update Role Approval Root Request B Update Role Organization Marketing_Dept Role Approver Update Role Organization Marketing_Dept Request to add user to role association role Organization Marketing_Dept user 84847310 a Request to remove user to role association role Organization Marketing_Dept user 77371120 Request to remove user to role association role Organization Marketing_Dept user 88382990 a Request to add role to resource association resource UGMTSYS role Organization Marketing_Dept Request to remove role to resource association px AD Administration Status Children In Progress In Progress Archived Approved In Progress In Progress In Progress In Progress Type Received Approval 01 02 2009 Root 14 05 45 Update 01 02 2009 Role 14 05 45 Update 01 02 2009 Role 14 05 53 Link User 01 02 2009 Role 14 07 34 Remove 01 02 2009 User Role 14 07 34 Remove 01 02 2009 User Role 14 07 34 Link Role
42. USER Auto Generate Permissions true Configuration Model2_ConfigWithRoles Link Filter Direct Dual Audit Card Entity Filter No Filter Attachments comments Received Owner Note x 21 12 2008 13 24 06 Eurekify Admin End of year audit Campaign Management La Internet Chapter 6 Tickets and the Ticket Queue 87 The Ticket Properties Form The Comments table provides the following information Received Provides the date when the comment was generated Owner The name of the user who generated the comment Note The content of the comment Next to each comment you can see an X Click X to delete the comment The Add Comment screen contains two fields Owner Lists the name of the note owner Note Free style text To add a comment 1 Click Add Comment The Add Comment screen opens 2 Enter the comment you want to make in the Note field 3 Click Save The Executing bar appears The new comment appears in the Ticket Properties Form s Comment table Ticket Properties Form Windows Internet Explorer t http flocalhost 8080 eurekiFy tms ui wicketiinterface Campaign Ticket Id s35 __ Owner Eurekify Admin AD1 Previous Owner T status pending acon Due Date 15 01 2009 00 00 00 Priority Normal x Severity Medium lt State Open yl Modified Date 5 008 13 28 43 Date Created 21 Title User Review User Certification Description End of year us
43. null workpoint database connection is closed failed to run 0 please watch log files failed to run 0 please watch log files warning master and model configurations are the same missing name field missing description field duplicate name name already in use missing master configuration name field missing model configuration name field was unable to find the audit settings file 0 the master configuration 0 is not read only the master configuration 0 has a parent configuration the model configuration 0 is not logged the model configuration 0 is not read only the model configuration 0 has a parent configuration the model configuration 0 is not logged the following issues were found would you like to auto fix them Eurekify Sage Error Messages Field Code Description error workpoint dbconnection errcode wp001 workpoint database connection is closed Chapter 17 Troubleshooting 401 Appendix A Duplicating a Configuration Note Duplicating a configuration is performed in the CA Eurekify Role amp Compliance Manager Sage DNA module In the course of your work with the Eurekify Portal you may need to duplicate a configuration whether to use while learning the Eurekify Portal or because you need to generate a master model configuration set that can be used as the base line for a Universe you will create later in the Eurekify Portal Th
44. oar Applicative Role When viewing the CMA in the Ticket Queue you can see how many campaign type entities you have to review by checking the Children column A role manager with 10 listed in the Children column has to audit ten roles and their links to their users resources Child roles and Parent roles within the campaign s configuration files Note The default maximum number of entity trees per page is 10 The certification is complete when you have reviewed all the links listed in the ticket and either approved rejected or reassigned when relevant them 132 Portal User Guide Campaign Approver Tickets The campaign owner can view all the CMAs as branches located under the campaign s owner ticket Other users can only view their own CMAs Enterprise Role and Compliance Manager Home Ticket Queue Dashboards Self Service Entity Browser Reports Administration Ticket Queue gt Open New Done Tickets gt p 835 836 838 857 868 Title State Status Children Type Received N 21 12 2008 Eurekify Admin E user Review User Certification Open In Progress 9 Campaign 3 51 21 ADI EAdmn Pending arzeg 21 12 2008 Eurekify Admin Action Approver 12 51 21 AD1 EAdmin Pending Campaign 51 12 2008 Manager 45 04 Action Approver 12 51 21 Campaign Manager E user Certification Eurekify Admin User Review Open Herman Barbara DOMAIN Herman Barbara Purple Mary DOMAIN Pur
45. role 0 is already in process Chapter 17 Troubleshooting 397 Eurekify Sage Error Messages Field changeapproval child remove role resource info title rejected errcode changeapproval child remove role resource info title failed errcode changeapproval child remove role resource info description rejected errcode changeapproval child remove role resource info description failed errcode changeapproval child remove role resource notification title errcode changeapproval child remove role resource notification description errcode changeapproval child role task addroletoraci description errcode changeapproval child remove user role notificati on description errcode login errors invalidcredentials errcode login errors invalidcredentials errcode page admin failuremessage errcode error validate optionvalue errcode error validate command notfound errcode error validate command disabled errcode error addattachment noname errcode error filter errcode error filter resultempty errcode 398 Portal User Guide Code tkt033 tkt034 tkt035 tkt036 tkt037 tkt038 tkt039 tkt094 tms001 tms001 tms002 tms003 tms004 tms005 tms006 tms007 tms008 Description request was submitted on universe 2 from 3 request to delete resource 1 from role 1 rejected request to delete resource 0 from role 1 failed the request to delete resource 1 from role 0 was rej
46. see page 157 Cancel Process see page 169 Acknowledge see page 169 Chapter 12 Role Definition Tickets 269 Role Definition Approval Root Ticket Approval Root Ticket Advanced Functions Role Definition 270 Portal User Guide The Role Definition Approval Root ticket provides the following Advanced functionality Add Comment Manually add a comment to the ticket Add Attachment Add an attachment or URL to the ticket View Transaction Log The transaction log provides a history of the ticket related actions executed since the creation of the ticket View Children Opens a table which provides you with information concerning all the nodes leaves that are located below the current ticket For the Approval Process Root ticket this means that you can view information concerning the Approval Processes Main Request Parent ticket View Statistic Provides the status of all the children tickets More information Add Comment see page 87 Add Attachment see page 89 View Transaction Log see page 90 View Children see page 163 View Statistics see page 171 Role Definition Main Request Parent Ticket Role Definition Main Request Parent Ticket 2260 The Main Request Parent ticket is a management ticket generated by the Eurekify portal for each Role Definition procedure All the individual tickets and sub trees that make up the Role Definition Approval Process ticket tree are located beneath this ticket
47. workpoint changeRoleRole reference ARRO workpoint changeUserRole reference AURO workpoint changeUserResource reference AURE workpoint deleteUserResource reference DURE workpoint deleteUserRole reference DURO workpoint deleteRoleRole reference DRRO workpoint deleteRoleResource reference DRRE workpoint deleteRole reference DROL workpoint updateUser reference UUSR workpoint updateResource reference URES workpoint addRole reference AROL workpoint updateRole reference UROL ws security Idap server adserver ws security manager dn AD1 Administrator ws secutiry manager password eurekify 412 Portal User Guide sage security disable true sage security disable ADAuthentication true sage security disable ss ADAuthentication true sage security eurekify keyStore file Uncomment this property to specify a different directory for the audit parameters default is EUREKIFY_HOME conf audit parameters audit parameters dir raci configuration separator _ raci sageMaster udb defualtCustomFields Manager D Title approvals duePeriod default 5 approvals configuration mail user DemoV4 Eurekify com approvals configuration mail password abcd 1234 approvals configuration mail server smtp company com approvals configuration mail serverPort 25 approvals configuration mail useSSL false approvals configuration mail from TMS eurekify com approvals configuration updateRole minimumLinks 4 approvals configuration
48. 0 DOMAIN Levi Jay Levi Jay 0 63 0 DOMAIN Schwarts Schwarts Barry Barry 0 18 0 IBMRSO Kistor Steve Kistor Steve 13 13 100 v LE Internet R100 The information in this screen lets Nancy know how much progress has been made by the campaign s approvers More information View Campaign Progress see page 123 56 Portal User Guide Running a Campaign A Case Study Sending Reminders to the Approvers As the campaign s due date nears Nancy decides to send reminders to the Approvers who have not yet started reviewing their Approver tickets In the campaign owner ticket Nancy clicks Send Reminder The Send Reminder screen opens in a separate browser screen Send Reminder Windows Internet Explorer 7 http flocalhost 8080 eurekify tms uis wicket bookmarkablePage popuppagemap_ViewSend Y A ow Send reminder when progress is equal to 0 v ote a comment containing the sent mail summary will be added to the ticket Send Mail La Internet Q100 Chapter 4 Showcasing the Eurekify Portal 57 Running a Campaign A Case Study Nancy selected the option equal to 0 and clicks Send Mail All the Approvers who have not yet begun to approve reject the links in their approver tickets will receive email notification When the process is completed a comment is generated by the system and added to the campaign owner s ticket Ticket Properties Form Windows Internet
49. 00 Priority Normal Severity Medium lt State Open User Certification Eurekify Admin User Review User Certification Eurekify Admin User Review Save and Reassign Hide Selected ssigned From Approver Progess a 2 6 33 Violations PersonID UserName Organization OrganizationType Comment 2 6 Joe Dassin 99883136 Joe Dassin Sales Corporate E Basic resources approved 100 More information Tickets and the Ticket Queue see page 69 The Ticket Properties Form see page 83 Auditing Links see page 136 General CMA Ticket Functions see page 147 Advanced CMA Ticket Functions see page 149 Chapter 8 Campaign Approver Tickets 135 Auditing Links Auditing Links The Eurekify Portal generates Campaign Manager Approver tickets Approver tickets CMA tickets as part of a campaign These tickets contain links that have to be examined The Approver is responsible for approving rejecting or reassigning links between entities This section describes actions available for Approver tickets Presenting the Entity Links Table Approving a link Rejecting a link m Reassigning a link Adding comments to a specific link Presenting the Entity Links Table Campaign Manager Approver tickets CMA Approver tickets present all the links for each entity listed in the ticket based on the campaign definitions Every Approver ticket presents
50. 01 02 2009 Resource 14 07 34 01 02 2009 Remove Bole Owner Eurekify Admin Eurekify Admin AD1 EAdmin Allen Sherman DOMAIN I Sharoni Allen Sherman DOMAIN I Sharoni Allen Sherman DOMAIN I Sharoni Allen Sherman DOMAIN I Sharoni Allen Sherman DOMAIN I Sharoni Allen Sherman Chapter 12 Role Definition Tickets 271 Role Definition Main Request Parent Ticket The Role Definition Approval Process supports two different Main Request Parent tickets Add Role Main Parent ticket When a new role is generated this is the main parent ticket Below it you will find the Task ticket used to select the role s accountable the role managers approver ticket and the set of subtrees generated for each request listed in the original Requests table Update Role Main Parent ticket When a request is made to update a role definition this is the main parent ticket Below it you will find the role managers approver ticket and the set of subtrees generated for each request listed in the original Requests table Both ticket types provide you with the same management functionality They differ in the content of the individual Main Parent ticket Ticket Properties Form Windows Internet Explorer Ce http flocalhost 8080 eurekiFy tms ui wicketsinterface 7 v Update Role 7 Ticket Id 2260 Owner Eurekify Admin AD1 Previous Owner In Progress X Due Date 01 02 2009 19 05 45 Priority
51. 01 2009 19 28 04 Date Created 19 01 2009 16 48 55 Update Role Ffth av Applicative role Update Role Fifth av Applicative role More Details gt gt LE Internet Chapter 12 Role Definition Tickets 303 Update Role Ticket Tree In this section you will find information specific to the Self Service Request Update Role Parent ticket lt Ticket Title gt Update Role Title Update Role Role Name Description Update Role Role Name The More Details gt gt lt lt Less Details option provides more information than in other parent tickets In this case you can see a full list of the ID numbers for all the users that you or the Self Service manager requested to enroll in this role Owner lEurekify Admin AD1 Previous Owner E Status In Progress 19 01 2009 21 48 55 Priority Minimal v State open Update Role Fifth av Applicative role _ Update Role Fifth av Applicative role Model2_ConfigWithRoles Fifth av Applicative role 91238730 67762440 87473220 84774660 94738470 76329130 89213478 89123470 87623490 82653450 Organization Type Owner Rule Description Reviewer 0rganization2 0rganization3 CreateDate ApprovalDate ApprovalStatus ExpirationDate PropertyType SAGE OldPropertyValues Fifth Ave Branch Applicative Role 91236370 No Rule Role By 2 Resources 45489940 Branch Corporate 31 03 2007 03 33 0
52. 1 3 33 Role Name Click any highlighted role name listed in this column to open its Role Card Depending on the type of action you wish to take you may find that after selecting the appropriate check boxes in this section you have completed the task In this case you can ignore the Other Roles section and skip submit your requests by clicking Submit at the bottom of the Manage My Team s Roles screen Chapter 11 Running Self Service Tasks 213 Manage My Team s Role Assignments To make selections in the Currently Enrolled Roles table 1 In the Currently Enrolled Roles table click the relevant check boxes in the Add and or Remove columns At this point you can choose to m End the process at this point m Add additional roles to the selected users If you do not want to add new roles submit your requests Presenting the Other Roles Table MMT Role Screen This section allows you to enroll your selected user s to additional roles of your choice The actual enrollment will take place following a review process Note When you click Get Roles in the Users section a list of roles that are not linked to the currently selected user s appears in the Other Roles table In addition to managing the roles currently linked to the members of your team you can also request that the system provide a list of recommended roles for your selected users This list of roles will be displayed in the section Other Roles Other Roles Showin
53. 2008 17 13 01 DOMAIN Cooper Amos GUI SAGE startCampaign Start Campaign pressed 22 12 2008 17 13 01 DOMAIN Cooper Amos StatusChangeCmd status changed from Pending Action to SAGE InProgress and state OPEN 90 Portal User Guide Info tickets The View Transaction Log table provides the following information Date The date when the transaction took places User Full user name Action The type of action taken Message A full description of the action taken To view the campaign s transaction log 1 Click Advanced at the bottom of the Ticket Properties Form 2 Click View Transaction Log The View Transaction Log table opens in a separate browser window 3 Click Close to close the pop up Info tickets Info tickets provide users with notification of changes made to the system s configuration files For example when a role definition is updated the role s manager is informed of the changes Delete Link User Role S S Ticket Id 570 B o E Herman Barbara DOM Previous Owner Status Pending Action v Due Date 18 12 2008 18 51 50 Priority Low Severity Minimal v State Open x Modified Date 18 12 2008 13 52 39 Date Created 18 12 2008 13 51 50 Title iRequest to delete role Novell HR Application Characteristic Role 40 0 Min 40 from user Novell HR Application Characteristic Role Description The request to delete role Novell HR Application Characteristic Role 40 0 Min 40 from use
54. 2009 23 27 19 Priority Low x lt Severity Minimal State New Modified Date 21 01 2009 18 37 01 Date Created 21 01 2009 18 37 0 Request to remove user to resource association resource office2003 2003 WinNT MS office2003 user Keren Cindy 77292450 Description Request to remove user to resource association resource office2003 2003 WinNT MS office2003 user Keren Cindy 77292450 Request was submitted on Universe Portal from Resource certification Model2_ConfigWithRoles 77292450 office2003 2003 WinNT Owner Note Cooper Amos DOMAIN Cooper Amos Delegated to Tailor Janet E internet Chapter 9 Approval Process Tickets 157 General Approval Process Ticket Functions When a ticket is delegated a new ticket is generated with the new owner listed in the Owner field and the manager who delegated the ticket is listed in the Previous Owner field A comment is generated stating that the campaign has been Delegated to current owner This comment appears in both the old root ticket and in the new root ticket When viewed in the original ticket owner s Archive screen Ticket Queue Archived tickets the old ticket and the new ticket create a hierarchal tree in which the original ticket the Status is set to Delegated is the root ticket and the new ticket is the next node Ticket Queue gt Archived Tickets Search Customize Admin View Refresh Clear Filter gt
55. 69 Chapter 15 Using Administration Functions 353 Setting Connectors Creating a New Export Connector Connectors utilize the Eurekify Sage converters to export data to the system s endpoints You will need to know which converter you intend to use and the name and location of the settings xml file and the mapping xml file for this converter For further information see the CA Eurekify Role amp Compliance Manager Sage Data Management User Guide Export client name Description Universe Choose One v Settings XML file Mapping XML file Remote system login password Max duration time seconds Connector Java Class Choose One Workflow process name Choose One vi Ticket Type Choose One Priority SAGE Normal Severity 354 Portal User Guide i SAGE Medium Export client name Provide a name for the export connector Description Provide a description of the export connector its use timing etc Universe Provide the name of the universe to be associated with this connector The uploaded data will be based on the universe s master model configuration files Settings XML file Create this file in the DM module It is usually located in the directory lt Eurekify Sage Home Directory gt lt Converter Directory gt For further information see the CA Eurekify Role amp Compliance Manager Sage DNA Data Management User Guide Setting Connectors
56. Amos E amp update Role Approval Root Request Open In Progress Eurekify Admin E amp update Role Corporate Security Open In Progress Role Approver Update Role Corporate Security Archived Approved Link User 01 02 2009 Role 13 15 48 Approval 01 02 2009 Root 13 01 32 01 02 2009 Eurekify Admin Add Role 13 01 32 AD1 EAdmin 01 02 2009 13 01 40 Request to add user to role association 6 n v v N ri E role Corporate Security user 89213720 nen In Progress E A00 Role Approval Root Request Open In Progress Eurekify Admin El G New Role Manage Human Resources Open In Progress Select Accountable to Role Manage Human A Resources Archived Completed Task Eurekify Admin Levi Jay DOMAIN Levi Jay Role Approver New Role Manage Human Resources Pending 01 02 2009 Action Add Role 13 08 02 Approval 01 02 2009 Root 00 29 04 New E Add Role Approval Root Request Open In Progress Eurekify Admin Role Definition Approval Root Ticket In the case of a Role Update request if the requests included only removing links or they encompassed both adding and removing links the tickets generated by the request to remove links will still be generated As an approver you are tasked with making the decision whether to approve the request to add sever a link or not To aid you in the decision making process you have the ability to consult with other managers Important As several complex procedures are documented
57. Approval Root a Ticket Id S Eurekify Admin Previous Owner Status pending Action Y Due Date 12 01 2009 16 28 07 Priority Low Severity Minimal v State Done v Modified Date 12 01 2009 11 30 14 Date Created 12 01 2009 11 28 08 is Indirect Link User Campaign Approval Root Request Description Approval Root Request Request was submitted on Universe Portal from Indirect Link User Campaign Less Details onfiguration Name Model2_ConfigWithRoles Done internet Click Acknowledge to finish the Approval Process The Executing bar appears When the process is complete the ticket is archived Chapter 9 Approval Process Tickets 169 Approval Process Root Ticket Approval Root Ticket Advanced Functions 170 Portal User Guide The Approval Root ticket provides the following Advanced functionality Add Comment Manually add a comment to the ticket Add Attachment Add an attachment or URL to the ticket View Transaction Log The transaction log provides a history of the ticket related actions executed since the creation of the ticket View Children Opens a table which provides you with information concerning all the nodes leaves that are located below the current ticket For the Approval Process Root ticket this means that you can view information concerning the Approval Processes Rejected Link Parent ticket View Statistics Provides the status of all the children tickets More information
58. Audit Card Entity Fitter No Filter Auto Generate Permissions true Attachments jomments Campaign Management Restart Campaign View Campaign Progress Send Reminder Stop Carnpaign Advanced Done a internet When a campaign has been stopped it returns to its pre start conditions state Open status Pending action and the approver tickets are once again hidden from their owners ID Title State Status Type Received Owner Pending Action 18 12 2008 16 41 08 18 12 2008 16 41 08 619 E G Resource Resource Certification Open Campaign Campaign Manager Approver Campaign Manager Approver Campaign Nereoer 18 12 2008 Approver Campaign 18 12 2008 fat Pending Resource Certification Flag Lee Resource1 Action 620 Hidden Pending Action 639 Resource Certification Angel Ben Resource1 Hidden ee Pending 645 Resource Certification Godheart Dan Resource1 Action Hidden Pending one Action Resource Certification Keren Cindy Resource1 Hidden Manager Approver si Pending Campaion 18 12 2008 Le 697 Action Resource Certification Allen Sherman Resourcel Hidden Manager Approver Click Stop Campaign in the campaign s Ticket Properties Form to a campaign More information Restart Campaign see page 120 Chapter 7 Running Campaign owner Tickets Eurekify Admin AD1 EAdmin Flag Lee DOMAIN Fiag Lee Angel Ben DOMAIN Angel
59. Branch Officer Clerk Branch Officer Clerk R 100 CE internet To narrow down the number of users to choose from Nancy selects the filter Where Organization contains Silicon Valley Branch the filter is case sensitive For more information on using the filter options see Filtering a Data Table see page 24 Nancy selects to reassign the users to Kistor Steve and clicks OK Ticket Properties Form Windows Internet Explorer 7 http localhost 8080 eurekify tms ui wicket interface 10 Campaign Manager Approver Ticket Id 2288 C i C W Due Date Lee Allen Sherman DOMA Previous Owner Severity Status Completed 21 02 2009 00 00 00 Priority Normal lt Medium lt Hidden Modified Date 4 92 2009 21 27 45 Date Created 14 02 2009 21 12 38 pes User Certification Allen Sherman First User Audit 2009 Description User Certification Allen Sherman First User Audit 2009 Save and Reassign Hide Selected Reassigned From prover paas HIR 1 X Progress Violations PersonID UserName Organization OrganizationType Comment 71 Sterling Kent 86023090 Sterling Kent Human Resources Corporate E Corporate E 78 Bean Frank 99883110 Bean Frank Purchasing 100 CE internet 52 Portal User Guide Running a Campaign A Case Study As all the users have been reassigned the Approver progress bar shows that the process is 100 completed and the users have a reassign icon 74 n
60. Bruce DON Previous Owner Status Pending Action 15 01 2009 00 00 00 Priority Normal lt R Medium Modified Date 23 12 2008 11 49 44 Date Created 21 12 2008 12 51 2 State Open v User Certification Goodman Bruce User Review User Certification Goodman Bruce User Review Save and Reassign Hide Selected 0 26 0 UserName Organization OrganizationType Comment Free Georgia 93833870 Free Georgia Marketing_Dept Corporate g E Marketing_Dept Corporate E Devin Roger 88382990 Devin Roger Marketing_Dept Corporate Garr Jim 77371120 Garr Jim Add Attachment View Initiators View Transaction Log 134 Portal User Guide CMA Ticket Properties Form As you review progresses after every time you save your selections you can see your progress on the Approver Progress bar Your progress is also listed as number of links approved total of links to approve so that if you have a total of six links to approve and you have already approved two links you will see 2 6 in digits and the percentage 33 listed next to it icket Properties Form Windows Internet Explorer DER 7 http localhost 8080 eurekify tms ui wicket interface v Campaign Manager Approver Ticket Id Due Date Modified Date 23 12 2008 17 45 15 Date Created 21 12 2008 12 51 21 836 lEurekify Admin AD1 Previous Owner Status pending Action 15 01 2009 00 00
61. Chapter 13 Introducing the Entity Browser 311 CAFS Ca Wa s n Co TTT 311 Specific Entity DrOWSEM e sects ave che ave ten ee Ais wee tw Avy Sek ee ies Ao es ee eg ie ew dv es es ee R e 313 WI SERS BROWSER Sa csi cacao REE E EEE cosas sn ata lg ens Sea tangata N E ceca satan ya E E E 314 Roles BrOWSCF 2449554954455 S oropa r I GAGS SEGRE AG ASS YASS GAGAISPAGSSAEETAG RR 315 Resource BrOWSER sash sawewnw a a naan abies Aakers Madea ee ae eee ane ees 316 Chapter 14 How to Generate Reports 317 PRE OIC TYPES es cas cacy cco ccc E aceon wanna os nea tm CEG vce Re eeom E E e E AE E E E E ES 318 Parameters and Filters for Report Generation 0 cc cence teen ene eae 319 Display elen Rae T soest tate tact acerca ecb A tata A EAA E arb rot AE RES 322 Change Report Parameters e lt ccc cc cee eee eee eee teen eee eee e ee ee teens 322 Export a Report to aFile nak cc anaadaasansea SEAE EEEE EEEE aad EEE E AERO EE IEEE saad NEE EEE 322 Printa Repot TTT 323 Chapter 15 Using Administration Functions 325 Adding Campaigns 54 4454606464 4802524452564 EA A E E EEA RR 325 Introducing the Privileges to Certify Options 0 ccc ccc cee cnet eee ee neee 333 Introducing Audit Cards 0 cn ene ene RE RRR R R RRR ARR S 334 Start Approval Process from DNA 0c cece cece eee e eee eee eee e eee e teen eeeeee 337 Setting a UNiVerse te dren ete seed eee ee hee eed eee eet men deed weet R 9 338 The Universe Settings Table
62. Cooper Amos DOMAIN Cooper Amos Cooper Amos DOMAIN Cooper Amos Cooper Amos DOMAIN Cooper Amos Cooper Amos DOMAIN Cooper Amos Cooper Amos DOMAIN Cooper Amos Cooper Amos DOMAIN Cooper Amos Cooper Amos DOMAIN Cooper LES ae 2224 m Gy Request to add user to role association role Corporate Security user 89213720 New In Progress Link User 01 02 2009 Role 00 38 36 amp Request to add user to role association H 2225 a role Corporate Security user 54672910 l New In Progress rac User S Link User 01 02 2009 Request to add user to role association kasa 2 Role 00 38 36 role Corporate Security user 91236370 New In Progress Request to add user to role association S 2227 B role Corporate Security user 89123140 J New In Progress fad bent OLE Request to add user to role association 2228 6 role Corporate Security user 84847310 Link User 01 02 2009 New In Progress Role 00 38 36 Link Role 01 02 2009 Role 00 38 36 Request to add role to role association parent 7229 a 6 role Corporate Security child role Organization I New MPSS a Request to add role to resource association Link Role 01 02 2009 2230 B resource public role Corporate Security Resource 00 38 36 Copyright C 2008 Eurekify All Rights Reserved Build 08 11 26 01 New In Progress i Chapter 12 Role Definition Tickets 267 Role Definition Approval Root Ticket As the tickets t
63. Corporate Customize 34 Portal User Guide Menu Bar Menu Bar The menu bar provides access to Eurekify Portal s functions The menu bar is functionally organized and includes the following main items Home m Ticket Queue Dashboards m Self Service m Entity Browser m Reports Administration Some of the menu bar items contain submenus with additional options Where relevant the name of the active window is indicated below the menu bar in italics Home Ticket Queue Dashboards Self Service Entity Browser Reports Administration Entity Browser Entity Browser Universe Porta Configuration Model2_ConfigwithRoles x Home Click Home to return to the Eurekify Portal s home page More information Presenting the Home Page see page 63 Chapter 2 Using The Eurekify Portal Interface 35 Menu Bar Ticket Queue Menu Dashboards Menu Self Service Menu 36 Portal User Guide The Ticket Queue allows you to filter your tickets based on various criteria Show the active ticket list This includes tickets whose Status is Open New or Done Show the New Tickets list Show the Overdue Tickets list Overdue tickets are flagged Show the Approver Tickets list This enables administrators to view all the Approver tickets associated with their own campaigns Show the Campaign Tickets list This option depends on the user s permissions Show the Archived Tickets list More information
64. Edit Use to edit existing Property Keys Apply Filter Use to filter the properties list Records per page Select the number of records that will appear in the table When creating a new key or editing a new one the data is not saved directly to the Eurekify properties file Instead the updated property key value is saved to the Eurekify ERCM s database When you run the Eurekify Portal the Eurekify ERCM will check the database property listings If the value of a property key in the database is different than the value listed in the Eurekify properties the system will use the value listed in the database Note The database values do not change during system updates The Eurekify Portal provides you with two databases to store your update key values DB_dynamic_properties The change is immediate You do not have to wait for the server to go offline to update the property values DB_static_properties The change will take place the next time that the server is restarted Note Servers go offline for regular maintenance and backup The changes made to the property values designated DB_static_properties will be implemented the next time the server goes back online To access the Properties page 1 On the Administration menu click Settings The list of available options appears 2 Click Properties Settings The Eurekify Properties Page screen opens Chapter 15 Using Administration Functions 369 Properties Settings More inf
65. Explorer 7 http localhost 8080 eurekify tmsjui wicket bookmarkablePage com eurekify tms web template DefaultTicketPagetticketId 2281 Campaign Ticket Id Owner Previous Owner Status In progress Taris Priority Normal Z ae Medium gt State open _ Modified Date Date created Title First User Audit 2009 User Certification Description Running the first Silicon Valley user certification campaign Universe Portal Campaign Type USER Auto Generate Permissions true Configuration Model2_ConfigWithRoles Link Filter Direct Indirect Dual Audit Card Model2_ConfigWithRolesAudit1 Entity Fitter No Filter Attachments omments Received Owner Note X 14 02 2009 22 16 45 Katz Nancy DOMAIN Katz Nancy Reminder was sent to 8 approvers Campaign Management armpaign Stop Campaign Restart Carnpaign Campaign Progress CE internet 58 Portal User Guide Running a Campaign A Case Study Examining a User s Links When the campaign owner is also a user manager he will be assigned a Campaign Manager Approver ticket CMA ticket with links to roles and resources that have to be reviewed Nancy is also an Approver in this campaign and the number of Children listed is four indicating that she has to review links associated with four users Ticket Properties Form Windows Internet Explorer 7 http localhost 8080 eurekiFy tms ui wicket bookmarkablePage com eurekify tms web template Default
66. For regular Approval Processes this button is disabled as the procedure starts automatically when the tickets arrive in the approvers Ticket Queues Cancel Process Allows you to manually stop the Approval Process at any stage Acknowledge This function is disabled until the Approval Process has been completed This section provides instructions for the following functions m Cancel Process m Acknowledge More information Delegate see page 157 Escalate see page 154 Cancel Process see page 169 Acknowledge see page 169 Approval Process Root Ticket Cancel Process Acknowledge As the Approval Process owner you have the authority to cancel an Approval Process when necessary When you choose to cancel an Approval Process click Cancel Process and a Confirmation pop up window opens Confirmation Are you sure you want to Cancel Process Click Yes to cancel the current Approval Process and the Executing bar appears When done the ticket and it s tree no longer exist When you first open the Approval Root ticket you will find that the Acknowledge button is disabled It will only be enabled when all the Approver tickets belonging to the ticket tree will be reviewed and each request either rejected or approved Ticket Properties Form Windows Internet Explorer DER http flocalhost 8080 eurekify tms ui wicket bookmarkablePage com eurekify tms web template Default TicketPagegticketId 1649 lt i
67. Found Customize Chapter 11 Running Self Service Tasks 247 Defining a New Role 10 Enter a Type use autocomplete 11 Enter an Organization name use autocomplete 12 Enter an Organization 2 name use autocomplete 13 Enter an Organization 3 name use autocomplete 14 Create a Rule Click Add Rule for assistance in constructing a rule Request New Role Definition Business Area Fifth Ave Branch Universe Portal Business Process New Corporate Role Definition Defining a new corporate role definition security officer Request Description The description is displayed on the approver ticket Role Name Security Officer Senior manager in charge of local IT Description Owner 54672910 Type Organizational Role Organization IT Security Organization 2 Branch Organization 3 Corporate Rule Organization IT Security After entering role information click Next to proceed Cancel 15 Click Next The Definitions for Role Name Role Name screen opens More information Filtering a Data Table see page 24 Constructing a Rule see page 248 Definitions for Role Name New Role Name see page 250 Consiructing a Rule The Eurekify Portal provides you with the Add Rule utility to assist you in constructing a rule for the new role you are requesting 248 Portal User Guide Defining a New Role This screen has the following text boxes and functions Field Use autocomplete to select
68. Guide Add New Role Ticket Tree The Select Accountable Task ticket follows standard Eurekify Portal ticket guidelines In this section you will find information specific to the Select Accountable Task ticket lt Ticket Title gt Task Title Select Accountable to Role Role Name For example Select Accountable to Role Corporate Security Description Instructions To continue please choose an accountable user to Corporate Security role GENTKT039 The More Details gt gt lt lt Less Details option provides far more information than in other parent tickets In this case you can see here a full list of the ID numbers for all the users that you or the Self Service manager requested to enroll in this role This section covers the following topics Select Accountable Function m Select Accountable Ticket General Functions Select Accountable Ticket Advanced Functions m View Violations More information The Ticket Properties Form see page 83 Select Accountable Function see page 286 Select Accountable Ticket General Functions see page 288 Select Accountable Ticket Advanced Functions see page 289 View Violations see page 290 Chapter 12 Role Definition Tickets 285 Add New Role Ticket Tree Select Accountable Function This purpose of the Select Accountable Task ticket is to select the role s manager the user who will act as the Approver whenever a request is made that is connected to this
69. Guide Min Score Specifies a threshold for including information in the report This filter is applied to the audit card specified by the Audit Card parameter Audit criteria with a score lower than the threshold are not included in the report Use this filter to exclude audited conditions that are not prevalent or significant in the specified configuration From Alert ID To Alert ID Specifies a range of Alert IDs to include in the report The drop downs show existing Alert ID values in the audit card specified by the Audit Card parameter Alert Type Specifies an analytical alert that is used as a filter Only alerts of the type specified are included in the report The drop down shows all the standard analytical alerts that are present in the audit card specified by the Audit Card parameter From Date To Date Specify a time based filter for audit card data The report includes only analytical alerts that were recorded in the specified time frame This filter is applied to the audit card specified by the Audit Card parameter Use the following parameter with the Policy Verification Report for business rules Policy Specifies a Business Policy Rule BPR file used to filter report data Only alerts related to the specified BPR are included in the report The drop down shows all BPR files in the CA Eurekify Role amp Compliance Manager database Use the following parameters with the Role Modeling Methodologies Comparison report
70. In Progress Campaign 620 E resource Certification Flag Lee Resource1 New Angel Ben DOMAIN Ange Ben Resource Certification Godheart Dan Resourcel New B resource Certification Keren Cindy Resource1 New E resource Certification Allen Sherman Resourcel New Click Restart Campaign in the campaign s Ticket Properties Form to restart a campaign that had been manually stopped An email notification is generated and sent to all the campaign s Approvers 120 Portal User Guide Campaign Management Functions Start Approval Processes The approval process is the procedure whereby links which were rejected during a campaign can be re examined and a final decision can be reached as to whether to confirm the rejection or to approve the link The purpose of a campaign is to audit and certify entity links Once a campaign is over either because all the approvers have audited all the entity links in their Campaign Approver tickets or because the campaign was manually stopped it is necessary to review all the rejected links once more as the final step in the certification process To start the approval process 1 Click Start Approval Processes in the Campaign Management section of the campaign s owner ticket A warning screen opens Confirmation Are you sure you want to Start Approval Processes 2 Click Yes to confirm The Executing bar appears More information Approval Process Tickets see
71. NTSILV WinNT 91236370 L Reassigned to Herman Barbara ticketId 914 UNXMARKT Solaris26 Server 89123140 office2003 2003 WinNT MS EI E office2003 oo Kanali MS outlook WinNT MS email 91236370 2003 WinNT MS office2003 91236370 Chapter 8 Campaign Approver Tickets 143 Auditing Links The target user can view the reassignment details as a ToolTip marked by i which is located in the column UserName Organization OrganizationType Comment Rolen Dave 98383770 Rolen Dave Finance Corporate Steiven Pat 45489940 Steiven Pat System Management Corporate More Cathrine 97774230 More Cathrine Finance Corporate Yoham Anne 93872110 Yoham Anne Silicon Valley Branch Branches E Capel Linda 98383830 Capel Linda Application Development Corporate TicketId 900 Note You can reassign all the links listed in a specific link table at once by clicking the column label for that link table Important Do not click the column label E unless you want to reassign all the links to one single user If the reassignment process generates a new ticket i e the target user did not have an Approver ticket as part of the current campaign it is called a Campaign Reassigned Approver ticket and the reassignment details will be posted above the Approver Progress bar in the target Approver s new ticket Ticket Properties Form Windows Internet Explorer Ce http localhost 8080 eurekify tms ui wicke
72. New Role Approver ticket supplies you with all the data you need to make the decision whether to approve or reject the Role definition request The Approver ticket also provides you with the required functionality to assist you in the process More information Reject see page 184 Approve see page 183 New Role Approver Tickets General Functions see page 298 New Role Approver Tickets Advanced Functions see page 299 Chapter 12 Role Definition Tickets 297 Add New Role Ticket Tree New Role Approver Tickets General Functions 298 Portal User Guide The Self Service provisioning Approver ticket provides the following General functionality Close Closes the ticket Save Saves the changes made to the ticket Delegate Transfers the ticket tree to another manager Escalate Transfers the ticket tree to another manager Consult Allows you to request a consult from one or more managers When you activate this service a View Consult Results button appears in the Advanced functions section of the Ticket Properties Form Approve Approve the Self Service request Reject Reject the Self Service request More information Delegate see page 157 Escalate see page 154 Consult see page 178 Approve see page 183 Reject see page 184 Add New Role Ticket Tree New Role Approver Tickets Advanced Functions The Approver ticket provides the following Advanced functionality Add Comment Manually add a comme
73. Opens the current ticket s parent s ticket View Initiators View of list of the users who launched this ticket View Children Opens a table which provides you with information concerning all the nodes leaves that are located below the current ticket For the Request Parent ticket this means that you can view information concerning the link s Approver tickets View Role Opens the Role s card In this case the review is limited to the role and you cannot access the users cards More information Add Comment see page 87 View Transaction Log see page 90 Add Attachment see page 89 View Parent see page 163 View Initiators see page 162 View Children see page 163 View Entity see page 165 Update Role Ticket Tree Self Service Request Update Role Approver Ticket When a Self Service multi user request of the type Manage My Team s Roles is generated and the number of users exceeds the Eurekify Portal s threshold an Update Role Approver ticket is generated in the first stage of the Approval Process Once the role manager approves the enrollment of the users listed in the ticket in the role a new set of Approver tickets is generated This second set of sub trees consists of parent child pairs of tickets where the parent ticket is a standard Link User Role Parent ticket and the child ticket is a standard Link User Role Approver ticket Update Role Ticket Id 1767 Owner Flag Lee DOMAIN Fia Previous Owner Statu
74. Pattern Privileges Pattern Details UGFINAR RACFPROD RACF22 RACFPROD RACF22 1 1 Details secmgr UNXMARKT Solaris26 UNXMARKT Solaris26 1 Details appidev UNXMARKT Solaris26 UNXMARKT Solaris26 Details UGSILVLAN NTSILV WinNT NTSILV WinNT Details UGADSYS Administration ROOT NOVELADM Novell4 NOVELADM Novell4 Details UGSAVELAN NTSAVE WinNT NTSAVE WinNT Details unixdev UNXMARKT Solaris26 UNXMARKT Solaris26 Details uarksys UNXMARKT Solaris26 UNXMARKT Solaris26 Details UGMTDBA RACFTEST RACF22 RACFTEST RACF22 Details ugrkgen1 UNXMARKT Solaris26 UNXMARKT Solaris26 Details Records per page 19 Y Test Compliance Suggest Resources After making your selection s you can test the compliance of your selections with the existing BPRs and policies Violations Violations First Second ii Rule Description Score Fifth av Fifth ave Only Applicative role people from Fifth peak poop Daag Role By 2 Ave allowed in Ave Roles Resources Fifth Ave Roles Herman Barbara 64646410 You can decide to make the request despite any violations or you can amend your selections 242 Portal User Guide Manage My Resources To link to additional resources 1 In the Manage My Resources screen scroll down to the Other Resources table Optional Click Find Resources to access the Select Resource filter screen Optional Click Suggest Resources to see the Eurekify Portal s recom
75. Pending a Ai Eurekify Rami 19 01 2009 per g ction 23 11 22 Herman Barbara Find Escalate Users Where Choose Field 71 contains Where Choose Field contains Where Choose Field contains Showing 1 to 30 of 140 UserName Cancel OrganizationType A 412345 Organization Email Title Rodney Sergio Moris Bill Rolen Dave Fred John Deer Alex Goid Wiliam Sharon Johnson Moos Steve Rojer Dave Steiven Pat Database Administrators System Management Finance System Management Fifth Ave Branch Human Resources Fifth Ave Branch Human Resources Stamford Branch System Management Corporate Corporate Corporate Corporate Branches Corporate Branches Corporate Branches Corporate 75676560 company com 47868650 company com 98383770 company com 86544420 company com 91238730 company com 84847310 company com 89123470 company com 87623450 company com 88490390 company com 45489940 company com DB Developer Developer Accountant Developer Branch Officer Clerk Psychologist Branch Officer Clerk HR Officer Branch Officer Clerk Security Admin Manager wa internet 100 The Find Escalate Users screen is divided into two sections The filter Located in the window s header The filter lets you narrow down the list of proposed approvers The propo sed users This table presents a pre filtered list of users who can receive the es
76. RACF Ron Mark 99883134 Ron Mark 99883134 office2003 2003 WinNT MS office2003 Ron Mark 99883134 Ron Mark 99883134 UGSILVLAN NTSILV WinNT Silicon V br User Lan Ron Mark 99883134 Ron Mark 99883134 e mail outlook WinNT MS email Ron Mark 99883134 Ron Mark 99883134 PUBLIC RACFPROD RACF22 Production RACF Moos Steve 87623450 Moos Steve 87623450 UGSILVLAN NTSILV WinNT Silicon V br User Lan Moos Steve 87623450 Moos Steve 87623450 PUBLIC RACFPROD RACF22 Production RACF More information Approval Process Tickets see page 151 Customizing a Data Table see page 22 Setting the Number of Records Per Page see page 23 Filtering a Data Table see page 24 Suggesting Entities see page 202 Test Compliance see page 200 236 Portal User Guide Manage My Resources Manage My Resources As a user you may find it necessary to request an update to your resources because of corporate changes resource changes or following an audit process The Manage My Resources screen allows you to manage your resources by generating a request to add new resources or by deleting existing resources Enterprise Role and Compliance Manager Home Ticket Queue Self Service gt Manage My Resources Assignments Business Area Dashboards Self Service Entity Browser Reports Administration Description Currently Enrolled Resources Remove Res Name 1 UGSAVESYS NTSAVE WinNT UGM
77. Reserved Build 08 11 26 01 206 Portal User Guide Manage My Team s Role Assignments Manage My Team s Role Assignments For the purposes of the Eurekify Portal your team is essentially the users that you were assigned to manage As a team manager you may find it necessary to update role assignments because of corporate changes personnel changes or following an audit process The Manage My Team s Roles MMT Role screen allows you to manage your team s roles by generating a request to enroll your team in one or more roles or by generating a request to enroll a specific user in one or more roles or by severing the link between selected users and their current roles The role management utility allows you to manually select a specific target role but it also provides you with a list of suggested roles and their pattern based behavior thus giving you the information necessary to make an informed choice The screen is divided into four sections General Provides descriptive information concerning the current action Users Your team members Select one or more users for the current action Currently Enrolled Roles The current roles linked to the selected users Other Roles Recommended roles for the selected users Chapter 11 Running Self Service Tasks 207 Manage My Team s Role Assignments Enterprise Role and Compliance Manager Home Ticket Queue Dashboards Self Service Entity Browser Reports Administration Self Servic
78. Sales Organization Sales 99883135 History 100 0 Min 40 40 El Resources 4 4 X gt Namel Name2 Name3 Violations Relationtype Description Managerid owner Location History m m Office2003 2003 WinNT sak j San v MS office2003 2003 WinNT Dual MS office2003 91236370 Mateo ca History approved e mail outlook WinNT MS 9 San email outlook WinNT Dual MS email 91236370 Mateo CA History E The comment is added to the Entity Table More information Add Comment see page 87 General CMA Ticket Functions Hide Selected The Campaign Manager Approver ticket provides the following functions Close Closes the ticket Save Saves the changes made to the ticket Save and Reassign Provides the option to reassign a link and save the change Hide Selected Hides the entities whose links have already been reviewed When active the Show all button appears Show All Reveals all the hidden links Chapter 8 Campaign Approver Tickets 147 General CMA Ticket Functions More information Reassigning a Link see page 142 Hide Selected see page 148 Hide Selected This feature hides the entities that have already been examined This function will only hide those entities whose entire list of links has been reviewed As any manager can have many entities that need to be reviewed this option makes it easier to see which entities have links that have not be
79. Settings rsss ras rsss sE aa EEEE EEEE EE RE EE R EE EE RR E E EE EE RRR 368 Accessing the Common Properties Settings Page ccc cece cent eee e eens 370 Creating a New Property Key 0 ccc ccc eee eee nen e nett rerne eens 371 Editing a POP CE YK CY tect ie ett e tt da ect ad hae athe lan cht cane 372 Eurekify Configuration Settings 0 cee ence ronn eee eee eee e eens 374 RACIT Operations c000c0ccsedececoaeenes eas ooee bese EE ooaeeads eae eeee OEE E EEE TOERE 376 TPG by 3 Li ranean et eC ie Cs ere es 376 Synchronize IR ACT RR an e N ox doa ia eda MAS aw Sa ad aw a a ew Se a a Sa aw 377 TMS AGIMINISERACION s ces sess eee co ce wen teretere eaa Sova wate sous satiate ans eet eran eae Seas ee oe a i 378 System Checkup rororo 564 5446648659546 558655 504 94 S9SG SASS EG DEE GEG TA BGE BSS BASES ASSES ADEA GRES TS 379 Chapter 16 About Security amp Permissions 381 SECUN lt 4 4 40 4ccun exc EE ed oade te eee ec oe ee ede ee oe aed Severs deeded oe aoe decade 381 TUN SECURE OM 1 TTT 382 Authentication SettingS 0 ccc eee nn eee een een eet een ete e eens 383 EG CTY DUN OI esa eera nc ct E tr tote ett et et ta eh dl tel atta ala 383 PSU eln THT 384 Eurekify Configuration Structure 0 ytst Esa NEEE EEEE EREEREER EEEE EEEIEE 384 HIE 387 Portal Structure XML soc0ceeedee toes etsd tas thee ee ca teas Bhs RES RSS ESS REARS NSA RES 389 Chapter 17 Troubleshooting 391 Eurekify Sage Error Messages
80. Task definitions m Role definitions Enterprise Role and Compliance Manager Home Ticket Queue Dashboards Self Service Entity Browser Reports Administration Self Service gt Request a New Role Definition Request Description The description is displayed on the approver ticket Rolewames fT S SE New Role Description Description owr A we S Organization Organization2 o SO organiation3 SCS S re After entering role information click Next to proceed Next Cancel Chapter 11 Running Self Service Tasks 245 Defining a New Role 246 Portal User Guide The Task Definitions area includes the following fields Universe Select the Universe you wish to work with The new role will be associated with this universe s configuration The users table and the available resources provided in the Definitions for Role Name New Role screen depend on the universe Business Area General information descriptive This information appears in the Description field of the ensuing Self Service Approval Root ticket Business Process General information descriptive This information appears in the Description field of the ensuing Self Service Approval Root ticket Request Description Provide a concise and meaningful description of the new role and its purpose The role definitions area includes the following fields Role Name The name of the new role concise and descriptive Description Desc
81. Update Role Approver Tickets Advanced Functions The Approver ticket provides the following Advanced functionality Add Comment Manually add a comment to the ticket Add Attachment Add an attachment or URL to the ticket View Transaction Log The transaction log provides a history of the ticket related actions executed since the creation of the ticket View Parent Opens the current ticket s parent s ticket View Initiators View of list of the users who launched this ticket View Violations View the list of violations View Entity Opens the entity s card Two buttons are provided one for each side of the link under review View Consult Results This button appears only when the Consult service has been activated More information Add Comment see page 87 Add Attachment see page 89 View Transaction Log see page 90 View Initiators see page 162 View Parent see page 163 View Entity see page 165 View Violations see page 290 View Consult Results see page 186 Chapter 12 Role Definition Tickets 309 Chapter 13 Introducing the Entity Browser The Entity Browser enables you to locate any entity associated with any available Universe and configuration Entities are m Users Roles m Resources This section contains the following topics Main Window see page 311 Specific Entity browser see page 313 Main Window The Entity Browser s main window provides you with a search o
82. User Request to delete role 1946 B Organization Database Administrators Characteristic New Pending Action Role 100 0 Consult User Request to delete role Pendin 1947 B Organization Database Administrators Characteristic New g Action Role 100 0 Consult User Request to delete role 1948 Organization Database Administrators Characteristic Archived Completed Role 100 0 Consult User Request to delete role Organization Database Administrators Characteristic Archived Completed Role 100 0 Entity Browser Enterprise Role and Compliance Manager Home Ticket Queue Dashboards Self Service Ticket Queue gt New Tickets Entity Browser Consult User Request to delete role Pendin Organization Database Administrators Characteristic New Roan Role 100 0 State Status 180 Portal User Guide Reports Reports Administration Type Received Delete 49 01 2009 Link 00 18 41 User Role Delete 59 01 2009 User Role 11 45 31 Delete Link 22 01 2009 User Role 11 45 31 Delete 59 01 2009 Link 11 52 06 User Role 22 01 2009 aa 52 06 User Role i Delete 23 01 2009 Link 120251 User Role T Administration Delete 22 01 2009 0 Link User 77 a Role 12 02 31 Owner Cooper Amos DOMAIN Cooper Amos Orr Taylor Goid Wiliam Orr Taylor Orr Taylor Herman Barbara Children Type Received Owner Herman Barbara Approval Process Approver Tickets The ticket itself is id
83. Violations screen opens in a separate browser window Click X to close the Violations window 6 Click Submit The Requests screen opens Enterprise Role and Compliance Manager _ eureXify Home Ticket Queue Dashboards Self Service Entity Browser Reports Administration Logout AD1 EAdmin Person ID Name Privilege Violations Rodney Sergio 75676560 Rodney Sergio 75676560 Organization Database Administrators Characteristic Role 100 0 Min 40 Davis Brett 75675330 Davis Brett 75675330 Title DB Developer Characteristic Role 50 Davis Brett 75675330 Davis Brett 75675330 Organization Database Administrators Characteristic Role 100 0 Min 40 Doll Charles 89653230 Doll Charles 89653230 Organization Database Administrators Characteristic Role 100 0 Min 40 224 Portal User Guide Manage My Role Assignments More information Approval Process Tickets see page 151 Customizing a Data Table see page 22 Setting the Number of Records Per Page see page 23 Entity Card and Data Table Tabs see page 26 Test Compliance see page 200 Suggesting Entities see page 202 Introducing the Requests Table see page 257 Chapter 11 Running Self Service Tasks 225 Manage My Team s Resources Manage My Team s Resources For the purposes of the Eurekify Portal your team is essentially the users that you were assigned to manage As a team manager you may find it necessary to update
84. Yes and the Executing bar appears When done the approver ticket s status is Approved and the ticket is archived The user whose privileges were altered by this decision receives a ticket and email notifying him of the change In the case of a role resource or role role hierarchy link the designated role resource managers are informed Enterprise Role and Compliance Manager eure ify Ticket Queue Dashboards Self Service Entity Browser Reports Administration Logout DOMAIN Angel Ben State Status Children Type Received Owner Previous Owner Request to delete role Organization System Delete M a Pending Link 29 01 2009 alana Characteristic Role 100 0 Min 40 New Action eer 09 15 10 Role Angel Ben DOMAIN Angel Ben Chapter 9 Approval Process Tickets 183 Approval Process Approver Tickets More information Approval Process Info Tickets See page 188 Reject As an approver it is your task to approve or reject the request to delete a link between two entities When you choose to reject such a request click Reject and a Confirmation pop up window opens Confirmation 2 Are you sure you want to Reject Click Yes and the Executing bar appears When done the approver ticket s status is Rejected and the ticket is archived The user whose privileges were altered by this decision receives a ticket and email notifying him of the change In the case of a role resource or role role hierarchy link the design
85. You can also apply the Audit Card to a campaign as a kind of filter which will place restrictions over which entity links are displayed in the Approver tickets and which are not In this case in addition to selecting an Audit Card in the relevant field in the Add Campaign screen you will also have to select one of the available options Only use links from Audit Card The Campaign Approver tickets will only display links that are listed in the Audit Card This is very useful if you wish to run a campaign that reviews only links that have been determined to be violations of system rules Only use links not in Audit Card The Campaign Approver tickets will only display links that are not listed in the Audit Card This is very useful when the Audit Card represents authorized violations and by filtering them out you are saving time as you do not want the approvers to re examine and certify these links Start Approval Process from DNA There is a possibility to create an AuditCard in the CA Eurekify Role amp Compliance Manager Sage DNA module that reflects changes between two configurations the pre configuration and the post configuration along the lines of master and model and then submit the audit card for approval to the Eurekify Portal As a result an approval ticket tree will be generated similar to what happens when performing Self Service tasks However as opposed the Self service originated approval tickets and Campaign ori
86. a New Universe see page 340 Editing a Universe see page 344 Deleting a Universe see page 345 Setting a Universe The Universe Settings Table The Universes table displays a list of available universes their description and the options of editing or deleting an existing universe A Create New button allows you to generate a new universe Universe Settings Universes hd Name Description Demo For demonstration purposes Delete Delete Admin_Basic first time Portal run 1 2 Eurekify Built in Eurekify Universe 3 4 Portal For Portal Manual Delete Delete The universe s ID number Name The universe s name Description The universe s description Edit Provides the option of editing the universe definitions Delete Provides the option to delete a universe To access the Universe settings table 1 On the Administration menu click Settings The available options list appears Administration gt Settings Settings Connector Settings Universe Settings Properties Settings Common Properties Settings Audit Properties Settings 2 Click Universe Settings The Universe list appears Chapter 15 Using Administration Functions 339 Setting a Universe Creating a New Universe 340 Portal User Guide It is recommended that you create a new universe the first time you run the Eurekify Portal You will use this universe in order to run the first import and audit procedures So
87. a property with a null empty key failed to authenticate user invalid user name password failed to connect to authentication service please contact system Field loginpage userauthentication failed sageadmin errcode loginpage userauthentication failed sagebatch e rrcode loginpage userauthorization failed errcode internalerrorpage label infoil errcode internalerrorpage label info2 errcode sagemaster headers foundconflicts errcode sagemaster headers countduplicates errcode selfservice error loading bpr errcode selfservice error finding bpr errcode selfservice error finding universe errcode selfservice error starting approval errcode selfservice validate descriptionrequired errcode selfservice validate nouserisselected errcode selfservice validate norequestsmade errcode selfservice validate missingraciconfigurations er rcode selfservice validate errorgettingraciconfiguratio ns errcode selfservice validate missingaccountablefor errco de selfservice validate racierrorfor errcode settings headers editimportexportpage error err code settings headers edituniversepage error errcode changeapproval child remove user role info title Code prt008 prt009 prt010 prt011 prt012 sgm001 sgm002 sls001 sls002 sls003 sls004 sls005 sls006 sls007 sls008 sls009 sls010 sls011 ste001 ste002 tkt001 Eurekify Sage Error Messages Description administrator incorrect pass
88. add links to your favorite ones Enterprise Role and Compliance Manager Home Ticket Queue Dashboards Self Service Entity Browser Reports Administration ID Title State Status Children Type Received Owner Previous Owner Eurekify 835 amp User Review User Certification Open Pending 9 Campaign 21 12 2008 Admin AD1 Action 12 51 21 EAdmin Audit Basic Alerts Manage My Team s Role Assignments Role Modeling Methodologies Comparison Manage My Team s Resources Assignments Policy Verification Report Certification Progress Report Chapter 5 Presenting the Home Page 67 The Business Processes Bar To generate a list of Business Process links 1 In the Business Process navigation bar header click Q The Select Links for Business Process screen opens in a separate browser window Select Links for My Business Processes A Manage My Team s Role Assignmen Manage My Roles Assignments Manage My Team s Resources Assic Manage My Resources Assignments Request a New Role Definition Request Changes to a Role Definitic 2 Inthe Available Links left hand panel select one or more using Ctrl Shift of the business process links 3 Click S to transfer the selected link s to the Selected Links pane 4 Optional To change the order of the listed links in the Selected Links pane select a link and click 0K 5 To remove a business process link from the Selected Links pane select the link and click amp 6 When you have
89. and confirmed during the Approval Process by the link s entity managers For example when a link between a user and a role that has been rejected both the user s manager and the role s manager have to confirm that this link should be rejected Only then is the decision final Users whose links are rejected will be informed of the rejection 1Y X Progress Violations PersonID UserName aaa a 4 7 Sy 7 Free Georgia Marketing S ooo 0 9 a j Devin Roger Marketing Roles 3 E Resources 6 7 X Namel Name2 Name3 Violations Relationtype Description Marketing Sun Server o inh le 69 UNXMARKT Solaris26 Direct m m m Public UNXMARKT Solaris26 iy py aie DE E Marketing Sun Note You can reject all the links listed in a specific link table at once by clicking the column label X for that link table To reject a user link 1 In the Ticket Properties Form click next to the user you want to audit The associated Roles and Resources tables appear 2 Click the check box in the x column next to the user s role s and or resource s that you want to reject 3 Click Save 4 The selected links have been rejected and the relative progress made is reported on the Approver Progress bar The system default accepts the rejection as final only after the Approval Process Note Replace user in the above procedure with either resource or role for instructions on how to reject Role links or Resource links Chapter
90. appear for users that are linked to the role defined in Eurekify properties as the system administrator role The default out of the box option is sage admin role Eurekify Admin Role More information About Security amp Permissions see page 381 Eurekify Properties see page 409 The Ticket Properties Form The Ticket Properties Form When you click on a ticket listed in the ticket queue the Ticket Properties Form for that ticket opens in a separate browser window The content of this screen depends on the type of ticket you are viewing Ticket Properties Form Windows Internet Explorer BAE cm http localhost 8080 eurekify tms ui wicket bookmarkablePage com eurekify tms web template DefaultTicketPage ticketId 465 he Campaign Ticket Id 465 Owner Eurekify Admin AD1 Previous Owner Status Pending Action lt Due Date 01 01 2009 00 00 00 Priority Normal lt Severity Medium lt State open v Modified Date 16 12 2008 18 41 40 Date Created 16 12 2008 18 37 42 Title User Certify Dec 2008 User Certification Description User Certification Campaign for the end of 2008 Universe Portal Campaign Type USER Auto Generate Permissions true Configuration Model2_ConfigWithRoles Link Filter Direct Dual Audit Card Entity Filter No Filter Attachments Comments Campaign Management Start Campaign top Campaign air start Carnpai Internet R100 The screen presents
91. are Remove or Add Violations Presents the number of violations associated with the specific request Click on the number to view further details At this point the Eurekify Portal supplies you with two functions Back To return to the previous screen and edit your selections Submit Sends your request to the Eurekify ERCM for processing The Generating Tickets progress bar appears In the case of provisioning type Self Service tasks if no errors are found a Self Service ticket tree will be generated and placed in your ticket queue For each request listed in the Request table one branch appears in the Self Service ticket tree Enterprise Role and Compliance Manager eurekify Home Ticket Queue Dashboards Self Service Entity Browser Reports Administration Logout AD1 EAdmin Ticket Queue gt Open New Done Tickets ID Title State Status Type Received Owner Previous Owner Approval 19 01 2009 Eurekify Root 00 18 29 Admin Eurekify Admin AD1 EAdmin Eurekify 1 01 2009 Admin AD ie EAdmin Eurekify Admin AD1 EAdmin Eurekify Admin AD1 EAdmin 1752 Bink of Team to Role s Approval Root Request New In Progress 1753 E a Request to add user to role association role Title DB Link User 19 01 2009 New In Progress Developer Characteristic Role 50 use Role 00 18 29 Request to remove user to role association Delete 1754 a role Organization Database Administrators New In Progress Link User
92. attempts to log in the user and password are sent to the Active Directory server for authentication When sending the user login and password data it is recommended that this data be encrypted The security parameter located in the eurekify properties file is sage security disable ss ADAuthentication true When this is set to True SSL authentication is disabled SSL or Secure Sockets Layer technology enables encryption of sensitive information during transactions When the parameter is set to False that is SSL encryption is enabled you have to also supply the keystore file sage security eurekify keyStore file The keystore file is a database that stores the private and public keys necessary for SSL encryption and decoding Chapter 16 About Security amp Permissions 383 Permissions Permissions When security is enabled every action a user attempts is checked against the users permissions For this purpose Eurekify cfg provides a set of resources that govern the various permissions It should be noted that the option that allows an Approver to view the contents of an Approver ticket even if the Administrator did not give the Approver the appropriate permissions sets up resources to handle this issue in the background These permissions are limited to the specific campaign s requirements There are no permission filters for Delegate Escalate More information Eurekify Configuration Structure see pa
93. batchtask startjob errcode error update ticket errcode error campaignnamenotfound errcode page recordnotfound message errcode page internalerror infol errcode page internalerror info2 errcode page expirederror infol errcode Code tms009 tms010 tms011 tms012 tms013 tms014 tms015 tms016 tms017 tms018 tms019 tms020 tms021 tms022 tms023 tms024 tms025 tms026 tms027 tms028 tms029 Eurekify Sage Error Messages Description fail to revoke ticket 0 missing job tickets 1 fail to revoke ticket 0 with job tickets 1 there are 2 activity tickets outside the ticket tree fail to create commands 0 1 fail to start job for ticket 0 ticket has already reference for job 1 fail to commit activity checkjobticketexists in job 1 of ticket 0 check tms port in workpoint wftms web service fail to connect to workpoint url 0 info 1 no ticket parent fail to find consulting users 0 fail to create consulting tickets 0 fail to update field 0 with value 1 in ticket type 2 the ticket was updated by another user please reopen ticket validation fail for value 0 cannot be longer then 1 fail to parse date 0 6 fail to run batch actionname action 0 of job 2 failed retry count 1 cannot update the ticket id campaign 0 not found 0 was not found in 1 an error has occurred for more information please view the log fi
94. controls the lifecycle of the individual link under its purview Ticket Properties Form Windows Internet Explorer DER http localhost 8080 eurekify tms ui wicket bookmarkablePage com eurekify tms web template DefaultTicketPage8ticketId 1162 N Delete Link User Resource Ticket Id Owner Eurekify Admin AD1 Previous Owner In Progress Due Date 29 12 2008 18 46 30 Priority Low Severity P Open Modified Date 22 01 2009 17 44 41 Date Created 29 12 2008 13 46 30 Title Request to remove user to resource association resource UGMPMRK RACFPROD RACF22 Production RACF user Garr Jim 77371120 Description Request to remove user to resource association resource UGMPMRK RACFPROD RACF22 Production RACF user Garr Jim 77371120 Request was submitted on Universe Portal from User Review vi Model2_ConfigwithRoles 77371120 UGMPMRK RACFPROD RACF22 Add Comment Add Attachment View Transaction Log View Parent View Initiators View Children gt gt La Internet 172 Portal User Guide Rejected Link Parent Ticket In this section you will find information specific to the Rejected Link Parent ticket It is important to remember that Approval Process tickets are based on specific campaigns lt Ticket Title gt Delete Link Entity1 Entity2 For example Delete Link User Resource Title Request to remove Entity1 to Entity2 association Entity1 Entit
95. data by accessing additional data from a human resources database This data may include for example user addresses which were not available from the primary source of information For further information see Chapter 4 of the CA Eurekify Role amp Compliance Manager Sage DNA Data Management User Guide Remote system login password The password is not saved within the system settings Provide it at this point Max duration time seconds Provide an estimate of how long the import process takes This is useful when you know how long it should take and therefore a longer import time indicates that there is a problem You do not have to know exactly how long it takes You can provide an estimate The import process will end when the time specified is over Connector Java Class Select the Java Class that matches the converter you will be using to import the data from the system s endpoints Sbt classes enable the connection between the Eurekify Portal which was written in Java and the Eurekify Sage DNA which is not Workflow process name Select the default import process You can use the bundled Workpoint BPM engine to generate additional workflow processes Ticket Type Tickets are work items that can be viewed in the Ticket Queue Select the default ticket type Chapter 15 Using Administration Functions 351 Setting Connectors Priority Set the priority level The available options are m Low Normal m Rush
96. database Eurekify Sage DNA N Please close the Configuration and reopen from the database Eurekify Sage Error Messages 13 Click OK 14 Repeat steps 9 through 13 for the model configuration file You can now list the new master and model configuration files when creating or editing a Universe Appendix A Duplicating a Configuration 407 Appendix B Eurekify Properties This section contains the following topics Sample Properties File see page 409 tms delegate filter see page 415 tms escalate filter see page 415 tms campaign campaign type reassign filter see page 416 Sample Properties File An example of a Eurekify properties file eurekify portal name Eurekify Portal sleepDelay 2500 sage master configuration Eurekify sage admin login AD1 EAdmin sage admin password eurekify sage batch login AD1 EBatch sage batch password eurekify sage admin role Eurekify Admin Role sage batch role Eurekify Batch Role Appendix B Eurekify Properties 409 Sample Properties File 410 Portal User Guide sage v32 homeDir C Program Files Eurekify Eurekify Sage Client Tools V3 2 Software sage v32 DMFile EurekifySageDM V32 exe sage v32 DNAFile EurekifySageDNA V32 exe sage v32 connecters workingDirectory C Program Files Eurekify Eurekify Sage Client Tools V3 2 Software workingDin sage v32 connecters oracleConnectorHomeDir C Program Files Eurekify Eurekify Sage Client Tools V3
97. different set of tickets is generated The system threshold is set in the Eurekify properties file and is governed by the property filter Approvals configuration updateRole minimumLinks 4 The ticket tree in this case is constructed as follows Stage 1 Ticket Description 2 Approval Root ticket This ticket is identical to other Approval Process Approval Root tickets see page 166 2 Self Service Main Request An Update Role parent ticket Parent Ticket Approver Ticket The Role Approver ticket This is an Update Role approver ticket It is sent to the Role manager It contains all the requests to add a link between the new role and other entities For more information see Self Service Request Update Role Approver Ticket see page 307 Enterprise Role and Compliance Manager eure k ify Home Ticket Queue Dashboards Self Service Entity Browser Reports Administration Logout AD1 EAdmin Ticket Queue gt Open New Done Tickets gt ID Title State Status Children Type Received Owner Previous Owner H l P 1765 E Gy Link of Team to Role s Approval Root Request Open In Progress 1 pores 19 g Eurekify Admin fth av A N Update 19 01 2009 Eurekify Admin P 1766 E amp Update Role Fifth av Applicative role Open In Progress 11 Role 16 48 55 AD1 EAdmin Flag Lee Update 19 01 2009 oA eo Archived Approved 0 Role 16 49 24 DOMAIN Flag gt 1767 Role Approver Update Role Fifth av Applicative Lee role 300 Portal User G
98. each configuration 428 Portal User Guide Entities Relationships Configuration File This section describes the entities that participate in this configuration The first set of lines identifies the users one line per user in the following format User lt Eurekify Sage UserlID gt lt SA User ID gt The Eurekify Sage User ID is used to describe the rank of the user in the users database file with the first number being O thus the fourth user in the database will have a Eurekify Sage User ID of 3 The second set of lines identifies resources one line per resource in the following format Res lt Eurekify Sage Resource ID gt lt User Group Name gt lt Resource Name gt lt Resource Type gt The Eurekify Sage Resource ID is the rank of the resource in the resources database file with the first number being 0 The third set of lines in this section identifies roles if existing one line per role in the following format Role lt Eurekify Sage Role ID gt lt Role Name gt lt Description gt lt Organization gt lt Owner gt Eurekify Sage provides automatic serial numbering of roles If a configuration is created from an EUA and roles are being imported the Role Engineer can choose a specific numbering scheme as long as the numbers are unique and the Role Name is unique This section consists of the following types of line formats User Resource Permission User Res lt Eurekify Sage User ID gt
99. ernn 250 Updating Role DeEfinitiOns lt 44 0 H rE H deca HR RRR EE 255 Introducing the Requests Tabl v X R ER eke R RRR N whee Whey KN ORE R Oke eee ey eke Sees 257 Chapter 12 Role Definition Tickets 261 Role Definition Approval Root Ticket 0 0 ccc ennn rnrn rnnr rrer rererere 267 Approval Root Ticket General Functions Role Definition 0 cece eee ee eee 269 Approval Root Ticket Advanced Functions Role Dernitioni 2c eee eee 270 Role Definition Main Request Parent Ticket 0 cc cece cece cece ene ene t nee n eee 271 Main Parent Ticket General Functions Role Dennitioni 0 c eee eee eee eee 275 Main Parent Ticket Details Section 276 Main Parent Ticket Advanced Functions Role Definition 0 0 cece cece eee ene 277 Add New Role Ticket Tree 0 cece ccc r rran eee e nent eee eee tenes 280 Select Accountable Ticket Add New Role 0 cee cece ete cee cent e eee neees 284 8 Portal User Guide Role Approver Ticket Add Role 0 0 ccc cece cence ent nee teen tne t eens 291 Self Service Request New Role Parent Ticket 0 ccc cece ce cence cnet eee eens 294 Self Service Request New Role Approver Ticket 297 Update Role Ticket Tree ce ce ce ne eee e nee nent rore eee e eee eeeeeeeeee 300 Self Service Request Update Role Parent Ticket 303 Self Service Request Update Role Approver Ticket 0 ccc ccc eee cece eet e eee neee 307
100. field Create New Import Import client name Description Universe Settings XML file Mapping XML file Enrichment settings file Remote system login password Max duration time seconds Connector Java Class Workflow process name Ticket Type Priority Severity Save Cancel Choose One Choose One missing name field GENCST001 missing description field GENCSTO02 missing universe field GENCST004 was unable to find the settings XML file null GENCST005 was unable to find the settings XML file null GENCSTO05 missing password field GENCST008 error parsing MaxDuration field please use integer values GENCSTO10 missing connector client dass to use GENCST011 choose One _ Choose One SAGE Normal missing Work flow Process GENCSTO12 missing ticket type GENCSTO13 Note The sentences in red are error messages Data Table Features When appropriate the Eurekify Portal displays data in table format data table This is true for entity for example user role resource data and for tickets that are generated as you work with the Eurekify Portal There are several features that repeat themselves for most of the data tables that you access while working with the Eurekify Portal Chapter 2 Using The Eurekify Portal Interface 21 User Interface Customizing a Data Table The Customize option is available for both Entity tables where it appea
101. finished making your selections click OK The selected links appear in the Home page Business Processes navigation bar More information Running Self Service Tasks see page 197 68 Portal User Guide Chapter 6 Tickets and the Ticket Queue Tickets have a unique place in the CA Eurekify Role amp Compliance Manager Eurekify Portal tickets are work items and they are used to transfer data run campaigns certify roles update privileges and more The Ticket Queue menu provides a series of filtered display options allowing you to view filtered lists of tickets in table format in the Ticket Queue window The available filtering options provided by the Ticket Queue menu are Open New Done Tickets New Tickets m Over Due Approver Tickets Campaign Tickets Archived Tickets Administrators can see their own tickets and also tickets assigned to their team s campaign tickets that are associated with campaigns they created and approval process tickets associated with the same campaigns Other users who do not have administration rights can see only their own tickets where they are listed as the ticket Owner Specific ticket data and functionality can be accessed by clicking on a specific ticket and opening its Ticket Properties Form in a separate browser window The data functions and options available to the user from within a Ticket Properties Form depends on the ticket type Tickets in general encompa
102. for the various Approval Process tickets share many of the same functions m Add Comment m Add Attachment m View Transaction Log The following Advanced functions are described in this section View Initiators R View Parent View Children View Entity where entity is either user role or resource The following table provides a summary of all the Advanced functions available for the various Approval Process tickets Advanced Functions Ticket Type Approval Root campaign Approval Process owner ticket Delete Link Entity1 Entity2 Rejected Link Parent ticket Add Comment Add Attachment View Transaction Log View Children View Statistic Add Comment Add Attachment View Transaction Log View Parent View Initiators View Children a View Entity1 Chapter 9 Approval Process Tickets 161 Advanced Approval Process Ticket Functions Ticket Type Advanced Functions m View Entity2 Delete Link Entity1 Entity2 Approver ticket x Add Comment m Add Attachment a View Transaction Log a View Parent a View Initiators a View Violations a View Entity a View Entity2 a View Consult Results toggle More information Advanced Ticket Functions see page 85 View Initiators The View Initiators button opens the View Initiators list in a separate browser window This list in table format provides the sequence f users who that launched this post campaign Approver Process ticket For example you
103. gt lt tag id EntityBrowser gt lt type gt internal lt type gt lt label gt Entity Browser lt label gt lt data gt com eurekify web entitybrowser EurekifyBrowserPage lt data gt lt checkPermission gt true lt checkPermission gt lt tag gt lt tag id Reports gt lt type gt mark lt type gt lt label gt Reports lt label gt lt checkPermission gt true lt checkPermission gt lt tag id ConfigReports gt lt type gt internal lt type gt lt label gt Configuration Reports lt label gt lt checkPermission gt true lt checkPermission gt lt tag id ConfigurationProperties gt lt type gt report lt type gt lt label gt Configuration Properties lt label gt lt data gt com eurekify web reports parameters universeconfigurationreports ConfigurationPropertiesParametersPage lt data gt lt checkPermission gt true lt checkPermission gt lt tag gt lt tag id ConfigurationUsersAttributes gt lt type gt report lt type gt lt label gt Configuration Users Attributes lt label gt lt data gt com eurekify web reports parameters configurationattributes users ConfigurationUsersAttributesParametersPage lt data gt lt checkPermission gt true lt checkPermission gt lt tag gt lt tag id ConfigurationRolesAttributes gt lt type gt report lt type gt lt label gt Configuration Roles Attributes lt label gt lt data gt com eurekify web reports parameters configurationattributes roles ConfigurationRolesAttribut
104. has been updated is informed of the change s As the ticket that was the origin of the modification of the universe s configuration can be of various types the list of users can be longer or shorter depending on whether one user has more than one role a user is both the Approval Process owner and the user affected by the change or if the ticket was delegated escalated during the process Info tickets General Info Ticket Functionality Info tickets provide you with the following General functionality Close Closes the ticket Save Saves the changes made to the ticket Delegate When you want to share the info ticket s information you can transfer the ticket to another manager Escalate When you want to share the info ticket s information you can transfer the ticket to another manager Acknowledge Click after reading the information provided by the info ticket The info ticket is archived More information Delegate see page 157 Escalate see page 154 Chapter 6 Tickets and the Ticket Queue 93 Info tickets Delegating an Info Ticket This function lets you transfer the info ticket to another manager thus sharing important information Once you have transferred the selected ticket to the new ticket owner the original ticket is archived and will no longer appear in your list of active tickets Only the current ticket owner can delegate a ticket When a ticket is delegated a new ticket is generated with th
105. in this chapter it is important to remember that every ticket has a unique ticket ID number that can be used to differentiate between tickets of the same type that deal with the same issue but have different functionality or purpose This section contains the following topics Role Definition Approval Root Ticket see page 267 Role Definition Main Request Parent Ticket see page 271 Add New Role Ticket Tree see page 280 Update Role Ticket Tree see page 300 Role Definition Approval Root Ticket The Self Service Approval Root ticket is the root ticket that appears in the ticket queue belonging to the manager administrator who submitted the Self Service request When expanded you can view the tickets generated for the specific Role Definition Approval Process Enterprise Role and Compliance Manager _ eurekify Home Ticket Queue Dashboards Self Service Entity Browser Reports Administration Ticket Queue gt Open New Done Tickets ID Title State 2220 B Gadd Role Approval Root Request Open In Progress t AD1 EAdmin Approval 01 02 2009 Root 00 29 04 Eurekify Admin New 01 02 2009 Eurekify Admin 2221 E Gi New Role Corporate Security Open In Progress Add Role 00 29 05 AD1 EAdmin 01 02 2009 00 29 17 2223 Role Approver New Role Corporate Security Archived Approved Add Role Kam 2222 Select Accountable to Role Corporate Security Archived Completed Task Eurekify Admin Cooper Amos DOMAIN Cooper Amos
106. listed in the configuration s RACI presentation under Accountable this means that a specific user becomes accountable for a specific entity Therefore if you are listed as an entity manager you will receive Approver tickets when an administrator runs an Approval Process involving your assigned entity Self Service managers have overall control of the approval process They can transfer responsibility of the process to another manager or cancel the process when necessary As the Role manager for the role that is under review you are tasked with reviewing the changes requested by the Self Service manager Approval Processes that include adding links between a role and other entities will generate a Role Approver ticket This ticket summarizes all the requests that are concerned with adding links between your role and other entities Only if you approve the requests will the Eurekify Portal generate the Entity Approver tickets for theses requests The reason for this is that the system approves only requests regarding links that have been approved by the managers of both of the linked entities Therefore if you do not approve the request to add links the system considers the request to be denied Title State Status Children Type Received Owner Approval 01 02 2009 Root 13 12 04 Update 01 02 2009 Eurekify Admin Role 13 12 04 AD1 EAdmin r Cooper Amos Update 01 02 2009 an bod DOMAIN Coop Role 13 12 08 Amos Cooper Amos DOMAIN Coop
107. lt checkPermission gt lt tag gt lt tag id PrivilegesStatisticsReportForUsers gt Appendix C Portal Structure KML 421 Sample Portal Structure XML lt type gt report lt type gt lt label gt Privileges Statistics For Users Report lt label gt lt data gt com eurekify web reports parameters universeconfigurationreports PrivilegesStatisticsForUsersParametersPage lt data gt lt checkPermission gt true lt checkPermission gt lt tag gt lt tag id PrivilegesStatisticsReportForRoles gt lt type gt report lt type gt lt label gt Privileges Statistics For Roles Report lt label gt lt data gt com eurekify web reports parameters universeconfigurationreports PrivilegesStatisticsForRolesParametersPage lt data gt lt checkPermission gt true lt checkPermission gt lt tag gt lt tag id PrivilegesStatisticsReportForResources gt lt type gt report lt type gt lt label gt Privileges Statistics For Resources Report lt label gt lt data gt com eurekify web reports parameters universeconfigurationreports PrivilegesStatisticsForResourcesParametersP age lt data gt lt checkPermission gt true lt checkPermission gt lt tag gt lt tag id AuditBasicAlerts gt lt type gt report lt type gt lt label gt Audit Basic Alerts lt label gt lt data gt com eurekify web reports parameters auditalerts AuditBasicAlertsParametersPage lt data gt lt checkPermission gt true lt checkPermission gt lt tag gt lt tag
108. lt Eurekify Sage Resource ID gt User Role Permission User Role lt Eurekify Sage User ID gt lt Eurekify Sage Role ID gt Role Resource Permission Role Res lt Eurekify Sage Role ID gt lt Eurekify Sage Resource ID gt Role Hierarchy Permission Role Role lt Eurekify Sage Role ID of parent role gt lt Eurekify Sage Role ID of child role gt Appendix D Eurekify Sage Configuration Data Formats 429 Glossary Approved Audit Card An Audit Card where all the listed violations have been approved It can be used during an audit to prevent repeated notices of violations that have already received approval Audit Card A file with the extension aud It is generated by the DNA It contains a list of violations or out of pattern situations Each entry is a violation connected to an entity or to a link It is possible to edit an Audit Card in the DNA module adding instructions to either fix a violation or approve one For further information see the CA Eurekify Role amp Compliance Manager DNA User Manual Children Ticket type specific The number of children listed for any campaign ticket denotes the number of Approvers assigned to the campaign The number of children listed for an Approver ticket is the number of entities the specific approver has to audit where entities refers to the campaign type user role or resource certification Configuration A Eurekify proprietary data structure that holds a snapshot of the def
109. nent nent nee ee ree 48 Reassigning Links to Another Approver 0 0 c cece cece cece teen eee tent ee nn 51 Starting the User Campaign ence ene n rrena rnnr e teenies 55 Checking the Campaigns Progress 0 ccc cece ene nee eee ene eee eeeeeees 56 Contents 5 Sending Reminders to the APprovers 0 ccc ccc ee eee ence nen eee teen eens 57 Examining a User s LINKS cartrons reran iad Maediaedene tied dosti dias chatted Coeds 59 Starting the Approval ProceSS e 60 Chapter 5 Presenting the Home Page 63 TNE Tickets PAM Gi ots cerceec tac acters caren tient wnt wy area dow hana cee eet Rare eel ee wet ear tet 64 The Reports Bar i064 444c446464 644 244485 645 25 GR EEE EL ERE LGA OSES EEIS EEE REE ELERE EARLE EROS 65 The Business Processes Bar ssccesccn cscs even eee a gee he eee ee gee RERE EE Hee ee aa 8 New wee wee RE E we 67 Chapter 6 Tickets and the Ticket Queue 69 Ticket LifeCycle resne H ae a N RN NN N ae R E Y 71 Ticket BA 0 72 Tek CES CACC sce te ace a s e E E swe aceen alan som alice saree EE E wontebarnen alae wee em ela ten EE ESSE 74 Ticket Statis eee Sa ce ace et eae te Beck a cet Res ete leek it ete Pech ft ts tl Ra ae ee act 75 Ticket Tables 2 23 00ice0assweele sacexnsin E EEEE E E EEE EE REE sacar dae EE EE DEERE ERAR 76 Main Screen Layout soccorre aranaren a eee ae eee eed eee DE E GUR EGRE EE E E E a 77 Main Screen Operations 4 064s44 444464deee44as4seeu aged A P RRR RRR RR
110. o Oo S S A Anm H Ph HY Hh HL A An hh LH HH Find Resources Test Compliance Suggest Resources After making your selection s you can test the compliance of your selections with the existing BPRs and policies Violations Violations First Second Third Rule Description Role Mgr 1 Only people in role Finance can access the listed the TSS mgr resource Role Mar 1 Only people in role Finance can access the listed the TSS mgr resource Role Mar 1 Only people in role Finance can access the listed the TSS mar resource Role Mgr 1 Only people in role Finance can access the listed the TSS mgr resource Only people in role Finance can access the listed the TSS mgr resource Organization Finance Characteristic Role 100 0 Min 40 Moos Steve 87623450 UGFINMGR TSSCREDIT TSS50 Top Secret on MVSCREDIT Only people in role Finance can access the listed the TSS mgr resource Organization Finance Characteristic Role 100 0 Min 40 Ron Mark 99883134 UGFINMGR TSSCREDIT TSS50 Top Secret on MVSCREDIT Only people in role Finance can access the listed the TSS mgr resource Organization Finance Characteristic Role 100 0 Min 40 Goid Wilam 84847310 UGFINMGR TSSCREDIT TSS50 Top Secret on MVSCREDIT Only people in role Finance can access the listed the TSS mgr resource Organization Finance Characteristic Role 100 0 Min 40 Sterling Kent 8
111. of entities total number of users roles or resources that the approvers have to approve depending on the campaign s focus Campaign ticket ID When the Don t wait for ticket processing option has been enabled you will see the following message on screen Campaign Requested Your request was sent to execution a mail message will be send upon completion Note Any entity that does not have a manager will be assigned to the campaign administrator s approver ticket To start the campaign you have to go to your Ticket Queue 332 Portal User Guide Adding Campaigns More information Setting a Universe see page 338 Introducing Audit Cards see page 334 Introducing the Privileges to Certify Options see page 333 Campaign Approver Tickets see page 131 Introducing the Privileges to Certify Options As you can see in the Add Campaign screen the Eurekify Portal identifies three types of links m Direct links m Indirect links m Dual links You can select to examine one or more types of links during your campaign Direct Links Refer to an immediate connection between entities This is the most often examined type of link and the most important Indirect Links Refer to a link that goes through an intermediary For example a role is linked directly to both a resource and a user There is no direct link between the user and the resource The link between the user and the resource is an in
112. on the Audit Card data Comment Allows you to assign a comment to a specific link The Link Entity table columns are also predetermined They depend on the entity being presented in the specific table However several columns appear in all Link Entity tables Violations Records violations based on the Audit Card data History Presents the history of the link between the main entity and the entity listed in the selected row Comment Allows you to assign a comment to a specific link Approving a Link Once a link is approved and the ticket is saved the audit process for this entity link is over 1y X Progress Violations PersonID UserName Organization OOo ma 4 7 Free Georgia 93833870 Free Georgia Marketing_Dept ooo 0 9 Devin Roger 88382990 Devin Roger Marketing_Dept El Roles 3 w X Name Violations Relationtype Description Type Organization Rule oa Title Product Manager a Characteristic Title Product Characteristic Role 50 Role 50 Org Role Manager Title Product Manager Organization Marketing_Dept Characteristic LT Characteristic Role 100 0 Direct 0 Org Role Marketing Dept Organization Marketing Note You can approve all the links listed in a specific link table at once by clicking the column label for that link table Chapter 8 Campaign Approver Tickets 139 Auditing Links To approve a user link 1 In the Ticket Properties Form click next to the user you wish to audit
113. page 151 Chapter 7 Running Campaign owner Tickets 121 Campaign Management Functions Archive This feature allows you to completely shut down a campaign by transferring it to your archived tickets While a campaign that has been manually stopped can be restarted an archived campaign cannot be rerun By archiving a campaign while it is running you also close down the ability to run approval processes on any links that have already been processed and rejected during the time the campaign was active Archiving a campaign after it has been completed but before the Approval Processes have been run will prevent any possibility of running an approval process based on this campaign s rejected links To archive a campaign 1 Click Archive in the campaign s Ticket Properties Form to manually archive a campaign A warning pop up opens Confirmation Are you sure you want to Archive Yes No 2 Click Yes The campaign is archived and completely shut down 122 Portal User Guide Campaign Management Functions View Campaign Progress The progress of the campaign is measured by the number of links that need to be audited by the various campaign approvers and have already been approved or rejected The View Campaign Progress function opens a separate browser window where you can see a listing of all the campaign s approvers and view the progress they have made graphically numerically and in percentages Campaign Pr
114. page 154 Cancel Process see page 169 Rejected Link Parent Ticket Rejected Link Parent Ticket Advanced Functions The Rejected Link Parent ticket provides the following Advanced functionality Add Comment Manually add a comment to the ticket Add Attachment Add an attachment or URL to the ticket View Transaction Log The transaction log provides a history of the ticket related actions executed since the creation of the ticket View Parent Opens the current ticket s parent s ticket View Initiators View of list of the users who launched this ticket View Children Opens a table which provides you with information concerning all the nodes leaves that are located below the current ticket For the Reject Link Parent ticket this means that you can view information concerning the link s Approver tickets View Entity Opens the entity s card Two buttons are provided one for each member of the link under review The View Children function shows you the two Approver tickets associated with this parent ticket Add Comment Add Attachment View Transaction Log lt lt Close Children View Resource ion Owner Type Status Title Select Goodman Bruce Pending User Approval Request to delete resource UGMPMRK RACFPROD RACF22 DOMAIN Goodman Bruce Keren Cindy DOMAIN Keren Cindy Select Approver A ction Production RACF from user Garr Jim 77371120 Pending Resource Approval Request to delete resource UGMPMRK RACFPROD RAC
115. purposes of understanding what the Eurekify Portal is suggesting the following table explains the logic behind these patterns Matching rights The CA Eurekify Role amp Compliance Manager looks at the current user s resources which correlate according to a given with the selected role s assigned resources and suggests to enroll the current user in the selected role The equivalent in the CA Eurekify Role amp Compliance Manager DNA In Out of Pattern User matching HR Pattern The CA Eurekify Role amp Compliance Manager looks for users that are similar to the current user in terms of human resources attributes and then looks at the common limited by a pre selected threshold roles linked to those users and suggests to add some of the common roles to the current user The equivalent in the CA Eurekify Role amp Compliance Manager DNA In Out of Pattern Propose new roles for users by Human Resources Privileges Pattern A generalized form of Matching Rights The CA Eurekify Role amp Compliance Manager looks at the current user s resources and compares them to the resources that other users have and based on a pre determined level of pattern matching suggests to add some of the roles that the other users have to the current user The equivalent in the CA Eurekify Role amp Compliance Manager DNA In Out of Pattern Propose new roles for users by Privileges Matching Rule The CA Eurekify Role amp Complia
116. role Dok http localhost 8080 eurekify tms ui wicket interface 9 i Task s SS s 8s Ticket Id 2244 Owner Eurekify Admin Previous Owner Pending Action Low Severity Modified Date 01 02 2009 13 04 15 Date Created 01 02 2009 13 01 40 Ticket Properties Form Windows Internet Explorer Due Date Minimal v Open w Select Accountable to Role Manage Human Resources To continue please choose an accountable user to Manage Human Resources role GENTKT039 Select Accountable More Details gt gt Ms LE Internet Done 100 At first the Role Accountable field is empty located under More Details gt gt The Continue button is disabled until a user is selected When you click Select Accountable the Choose Accountable for New Role screen opens in a separate browser window Browse Tickets Windows Internet Explorer http localhost 8080 eurekify tms ui wicket interface 15 hoose Accountable to New Role Where Choose Field 4 Where Choose Field contains and Where Choose Field v contains Showing 1 to 30 of 140 UserName Organization Database O Rodney Sergio Administrators System Management contains 4 4172345 Title DB Developer OrganizationType Email Corporate 75676560 company com Moris Bill Corporate 47868650 company com Developer Rolen Dave Fred John O Deer Alex Goid Wili
117. see page 357 Error Ticket generated when system error occur For more Ticket State 74 Portal User Guide information see Troubleshooting see page 391 The following lists the various possible ticket states New Indicates a new ticket that hasn t yet been opened by the user Open Indicates that the ticket has been opened Hidden Indicates a ticket that is not visible to its assigned user Done Indicates that the action referred to by the ticket has been completed Archived Indicates that the ticket has been archived Canceled Indicates that the ticket was canceled Ticket Status Ticket Life Cycle The following lists the various possible ticket statuses Active Indicates that the ticket is active Completed Indicates that the links listed in the ticket have been audited Delegated Indicates that the ticket was delegated by a more junior manager Done Indicates that the ticket s job has been completed Escalated Indicates that the ticket was reassigned to a more senior manager In Progress Indicates that the ticket is being processed None Indicates that there is an error related to this ticket so it cannot be processed Pending Action Indicates that the ticket is waiting for a user to take action Reassigned Indicates that a link approval has been sent to another entity manager Rejected Indicates that a link has been rejected Chapter 6 Tickets and the Ticket Queue 75 Ticket Tables Ticke
118. sendExternalMails true approvals configuration max ticket property length 2000 format date display dd MM yyyy HH mm ss Sample Properties File Appendix B Eurekify Properties 413 Sample Properties File bpr risk low 30 bpr risk med 50 bpr risk high 70 browser universe default Demo1 default role types Business Role Organizational Role Functional Role Application Role Technical Role Location Role Provisioning Policy Role approvals configuration webservice retry count 3 approvals configuration webservice retry delay seconds 30 tms workflow retry delay seconds 120 reports baseUrl http localhost 8080 viewer frameset __report report 414 Portal User Guide tms delegate filter tms delegate filter Description Property Example Description Property Example Description Used for filtering the delegate option user list Comprises three options Default delegate filter tms delegate fliter tms delegate filter GFilter Organization owner Organization Ticket type filter tms delegate filter TicketType SAGE ChangeApprovalParentTicket tms delegate filter TicketType SAGE ChangeApprovalParentTicket GFilter Organization cookingdept Ticket name filter Property tms delegate filter LinkUser Role Example tms delegate filter LinkUser Role GFilter Email ssimhi eurekify com The name property if defined takes precedence over type which in turn takes precedence over the
119. submitted on Universe Demo1 from Link of Team to Role s lt lt Less Details Model_ConfigWithRoles 75676560 Organization Database Administrators Owner Note Rami Sas Eurekify Rami Escalated to Herman Barbara La Internet 154 Portal User Guide General Approval Process Ticket Functions A comment is generated stating that the ticket has been Escalated to current owner This comment appears in both the old ticket and in the new ticket When viewed in the original ticket owner s Archive screen Ticket Queue Archived tickets the old ticket and the new ticket create a hierarchal tree in which the original ticket the Status is set to Escalated is the root ticket and the new ticket is the next node Enterprise Role and Compliance Manager Home Ticket Queue Dashboards Self Service Entity Browser Reports Administration Ticket Queue gt hved Tickets Logout Eurekify Rami ID Title State Status Children Type Received Owner User Approval Request to delete role Delete 1778 E G Organzation Database Administrators Characteristic Archived Escalated Link User Role 19 01 2009 Rami Sas Role 100 17 47 43 Eurekify Rami Delete Link User Role User Approval Request ti lete role S organeati base Administrators Characteristic New Pending Role 100 ii 19 01 2009 Rami Sas ction 23 11 22 S Herman Barbara Eurek Rami When the escalated ticket is viewed in the Approval Process owner s Ticket Qu
120. that have access to IT 45489940 Organization2 Enterprise Organization3 Corporate Create Date Approval Date 09 05 2007 10 36 00 Approval Status Approved Expiration Date Showing 1 to 10 of 66 441234567 gt Person ID Organization Type 145489940 Steiven Pat System Management Corporate 47868650 Moris Bill System Management Corporate 52656727 Rodman Adam System Management Corporate 54672910 Cooper Amos IT Security Corporate 57644540 Alex Patrick Application Development Corporate 58723810 Miles Buyer Purchasing Corporate 164646410 Herman Barbara Operations Corporate 65656540 Pheonix Wiliam Application Development Corporate 67283470 Angel Ben System Management Corporate 67565330 Schwarts Barry Human Resources Corporate Customize Filter Chapter 2 Using The Eurekify Portal Interface 31 User Interface The Role Card includes separate lists under discrete tabs of the following linked information in table format Users Provides a list of all the users linked to this role Resources Provides a list of all the resources linked to this role Sub Roles Provides a list of sub roles This is a hierarchal link of the type role to role Users who are members of the parent role the current role are automatically members of the sub role listed in this table and therefore provisioned with all the sub role s privileges Parent Role Provides a list of parent roles This is a hierarchal link of the type role to role Users who are m
121. the Campaign Management section It presents the list of attached files and or links and any available comments concerning the campaign Attachments X Google comments Received Owner X 16 12 2008 22 58 41 Eurekify Admin Note The Approvers have not begun The Advanced section of the Campaign Ticket Properties Form shows the attached file URL and a comments table Next to the attachment you can see an X Click X to delete the attachment The Comments table provides the following information Received Provides the date when the comment was generated Owner The name of the user who generated the comment Note The content of the comment Next to each comment you can see an X Click X to delete the comment General Campaign Ticket Functions The Campaign section of the Ticket Properties Form contains all the campaign ticket and campaign data Owner Eurekify Admin AD1 Previous Owner 01 01 2009 00 00 00 Priority Normal X Severity Medium gt Modified Date 16 12 2008 22 59 01 Date Created 16 12 2008 18 37 42 In Progress Open User Certify Dec 2008 User Certification User Certification Campaign for the end of 2008 Close Delegate Escalate Universe Portal Campaign Type USER Auto Generate Permissions true Configuration Model2_ConfigWithRoles Link Filter Direct Dual Audit Card Entity Filter No Filter Attachments X Google omments Received Owner Note X 16 1
122. the same resource The user in this case does not have any kind of link to the role in question Link or Entity Link Refers to a connection between two entities The possible links are user role m user resource m role resource m role role hierarchy Links can be categorized as direct links dual links or indirect links Mapping xml A mapping details XML file located in the lt Eurekify home directory gt lt Converter directory gt Use the Eurekify DM module to update Master configuration The original configuration downloaded from the production computer The master configuration presents the real world definitions Model configuration A copy of the master configuration The audit process is run on the model configuration and the resulting updated set of configuration files is compared by the Eurekify Sage DNA system to the original master configuration files The differences are then uploaded to the production computer RACI A RACI diagram or RACI matrix is used to describe the roles and responsibilities of various teams or users It is especially useful in clarifying roles and responsibilities in cross functional departmental projects and processes Within the Eurekify Portal this is the source of the Approvers mentioned in this manual They are listed in the Accountable configuration file 432 Portal User Guide Role to Role Link Ticket Universe Violations The RACI diagram divides tasks into four partic
123. ticket generated and ticket sent to the campaign owner when a campaign is created This ticket tree comprises the campaign ticket and all the campaign s Approver tickets For more information see Running Campaign owner Tickets see page 101 Approver ticket Campaign Manager A ticket sent to a user role or resource manager Approver depending on the campaign type It contains the list of entity links that the entity s manager Approver has to approve Each individual link can be approved rejected or reassigned by the ticket owner to another approver For more information see Campaign Approver Tickets see page 131 Info ticket Link Gives notice and supplies relevant information about Entity1 Entity2 specific situations in the ticket life cycle for Delete Link example the termination of an approval process Entity1 Entity2 For more information see Info tickets see page 91 Approval Process Approval Root A ticket generated after a campaign is stopped or Root ticket completed This ticket tree includes the Approver tickets associated with the campaign s rejected links that are being sent for review to the managers of the linked entities For more information see 72 Portal User Guide Name Rejected Link Parent ticket Approval Process Approver ticket Consult ticket Self Service Approval Process Root ticket Self Service Request Parent ticket Self Service Approver Ticket Self Service Consult tick
124. to the Eurekify Portal This is necessary since the users listed in the universe s configuration may need to access the portal to perform self service tasks users or approval tasks managers or certifications tasks managers This process is also important when new users have been added to the universe s configuration As all persons in an organization probably already have accounts on the organization s main authorization authorities such as for example Active Directory the best way to update Eurekify configuration is from this source which actually is one or more of the end points already imported to ERCM and residing as a configuration universe within its database To check the Eurekify configuration for new users when creating a new Universe 1 On the Administration menu click Eurekify Configuration Settings Administration gt Furekify Configuration Settings Eurekify Configuration Settings Update Eurekify configuration with universe users 2 Click Update Eurekify configuration with universe users The Update Eurekify Master with Universe Users screen opens Update Eurekify Master With Universe Users Select Universe J Eurekify Configuration Settings 3 Select a Universe from the drop down list 4 Click Select An appropriate notice appears when the process is completed For example Update Eurekify Master With Universe Users Select Universe Portal v New users No records were found
125. type of software or a role can represent a hierarchal business structure component such as Manager Privileges Using the CA Eurekify Role amp Compliance Manager to build and maintain a corporate role model requires the flexibility to approach this issue from two points of view The first is by planning the corporate roles and defining them accordingly based on the organizational structure and other human resources related attributes The second is by mining existing corporate security and privileges information and structuring roles in a bottom up approach to match the enterprise privileges requirements The Eurekify Portal allows you to define new roles on the fly When the need arises to define a new role whether following an audit or in the course of an enterprise s life cycle you can do so directly and quickly The procedure comprises two screens Request New Role Definition Definitions For Role Name New Role Name More information Request New Role Definition Screen see page 245 Definitions for Role Name New Role Name see page 250 Defining a New Role Request New Role Definition Screen The first step in defining a new role is to define its characteristics and general definitions For example for a new role called Security Officer you have to provide the role name corporate definitions and rules that will govern this role The Request New Role Definition screen is divided into two sections
126. you open the View Violations window in a separate browser window Click Close to close the window You can use this utility to view a list of the violations connected with the link s under review http localhost 8080 eurekify tms ui wicket bookmarkabl E BX le http flocalhost 8080 eurekify tms ui wicket bookmarkablePage 83popuppagemap_Popu J View Violations Name Description license Only 5 people may access role ADMNMGR licensing v a internet R 100 The View Violations table has three columns Name The violation title Description Provides the details of the violation Score The score as listed when the BPR was first generated Click View Violations to view the View Violations screen in a separate browser window Click Close to close the browser window Add New Role Ticket Tree Role Approver Ticket Add Role Add Role Ticket Id Due Date The second stage of the Add New Role Approver Process starts after you have selected an user as the role s accountable and clicked Continue A Role Approver ticket is generated This Approver ticket is sent to the new role s manager It contains a table listing all the links that were requested during the Request New Role Definition task 2223 Owner Cooper Amos DOMA Previous Owner Pending Action v 01 02 2009 05 35 53 Priority Low gt Severity Minimal Open C Modified Date 01 02 2009 00 37 11 Date Created 01 02 2009 00 35 53 Role
127. 0 09 05 2007 10 36 00 Approved 82653450 304 Portal User Guide Update Role Ticket Tree Use this ticket s functionality when you wish to transfer the specific link s sub tree to the management of another user or to cancel this specific review You can use the options in the ticket s Advanced section to access additional information concerning the current ticket and the rest of the tickets in the sub tree More information The Ticket Properties Form see page 83 Update Role Ticket General Functions The Self Service Request Update Role Parent ticket provides the following General functionality Close Closes the ticket Save Saves the changes made to the ticket Delegate Transfers the ticket tree to another manager Escalate Transfers the ticket tree to another manager Cancel Process Allows you to manually stop the Approval Process at any stage More information Delegate see page 157 Escalate see page 154 Cancel Process see page 169 Chapter 12 Role Definition Tickets 305 Update Role Ticket Tree Update Role Parent Ticket Advanced Functions 306 Portal User Guide The Request Parent ticket provides the following Advanced functionality Add Comment Manually add a comment to the ticket Add Attachment Add an attachment or URL to the ticket View Transaction Log The transaction log provides a history of the ticket related actions executed since the creation of the ticket View Parent
128. 0 10 Details Novell HR Application 10 10 Details RACF Developers 10 10 Details Title Accountant Characteristic Role 50 10 10 Details Find Roles Test Compliance Suggest Roles Records per page 19 Click Suggest Entity to activate this service as part of a provisioning task The table in which it is located changes and contains following columns Service Added Columns Suggest Roles Four pattern columns plus a Details column Suggest For Provisioning task screens Resources Two pattern columns plus a Details column m For Role Definition task screens The Enrolled column Suggest Users The Enrolled column 204 Portal User Guide General Self Service Functions In a Provisioning task screen click a highlighted link in the Details column and further information about the users and how they match the specific role resource appears in a separate browser window UGFINAR RACFPROD RACF22 Person ID UserName Organization OrganizationType Country Herman l 64646410 Barbara Operations Corporate US HR Pattern Herman Privileges 64646410 Operations Corporate US pattern Barbara Chapter 11 Running Self Service Tasks 205 General Self Service Functions Click inthe upper right hand corner to close the window The Enrolled column which appears in Role Definition task screens provides the number of selected users resources linked to this resource user Enterpri
129. 0 2 Find Reassign Users Where UserName Eo contains Herman and Where Choose Field x contains and Where Choose Field y contains Default Filter Organization OrganizationType Email Location Title Operations Corporate 64646410 company com coo E internet R100 Select a user from the list Click OK The selected links have been reassigned and the relative progress made is reported on the Approver Progress bar You see the icon gt next to the reassigned link in the entity table Note Replace user in the above procedure with either resource or role for instructions on how to reassign Role links or Resource links More information Filtering a Data Table see page 24 Eurekify Properties see page 409 Chapter 8 Campaign Approver Tickets 145 Auditing Links Adding Comments to Links The Approver ticket s Entity Link table provides you with the option to add comments next to specific links L X T Progress Violations PersonID UserName Organization OrganizationType Comment Hooo 2 6 Joe Dassin 99883136 Joe Dassin Sales Corporate E T You can add comments next to the main entity collapsed table or next to a specific link in the expanded entity table PersonID UserName Organization OrganizationType Comment Joe Dassin i A posi 2 6 09883136 Joe Dassin Sales Corporate pase resources E Roles 2 v X b Name Violations Relationtype Description Type Organization Ru
130. 005 cmp006 cmp007 cmp008 cmp009 cmp010 cst001 cst002 cst003 cst004 cst005 cst006 Eurekify Sage Error Messages Description please select a campaign please select the by field parameter please select audit card please select sorting method please choose filtering type send reminders was aborted mail event is not active update mailing parameter tms configuration mail events in eurekify properties errors found no universes available missing campaign description missing end date due date must be in the future configuration must be selected raci not available for 0 campaign 0 already exists user 0 has no access to campaign 1 missing name field missing description field duplicate name name already in use missing universe field was unable to find the settings xml file 0 was unable to find the mappings xml file 0 Chapter 17 Troubleshooting 393 Eurekify Sage Error Messages Field settings strings ie errors missingenrichment err code settings strings ie errors missingpassword errco de settings strings ie errors missingmaxduration er rcode settings strings ie errors errorparsingmaxdurati on errcode settings strings ie errors missingconnectorclient class errcode settings strings ie errors missingworkflowproces s errcode settings strings ie errors missingtickettype errc ode dashboard compliance error noname errcode dashb
131. 1 372 417 R RACI s 31 33 38 45 48 131 151 261 284 325 338 340 374 376 377 389 417 Reassign e 136 142 147 409 Reminder e 57 117 125 Reports e 19 35 37 63 65 417 436 Portal User Guide S Scheduler lt 357 361 363 417 Search e 79 80 Security e 271 284 294 Self Service e 15 35 36 39 60 67 69 72 261 267 271 280 284 288 289 290 292 294 295 298 300 303 305 307 308 337 384 Severity lt 83 108 350 354 State s 71 74 83 108 118 Status lt 36 71 75 80 83 94 96 108 118 127 154 157 163 T Ticket Queue s 15 27 35 36 39 48 55 64 69 71 72 76 79 80 82 94 96 107 111 112 114 118 131 134 151 154 157 166 168 188 261 269 325 350 354 357 360 378 TMS Administration s 378 Transaction Log e 85 90 98 126 149 161 170 175 185 191 270 277 289 293 296 299 306 309 363 U Universe s 15 30 31 33 37 38 41 43 45 110 123 131 151 166 172 188 261 267 294 311 325 338 339 340 344 345 350 354 366 374 376 377 386 403 417
132. 12 2008 13 59 02 Date Created 29 12 2008 13 46 29 Title User Review Approval Root Request Description Approval Root Request Request was submitted on Universe Portal from User Review lt lt Less Details onfiguration Name Model2_ConfigWithRoles 4 Done LE internet R100 In this section you will find information specific to the Approval Root ticket type It is important to remember that Approval Process tickets are based on specific campaigns The following fields give you the basic information concerning the current Approval Process lt Ticket Title gt Approval Root Title Campaign Title Approval Root Request Description A description of the ticket It includes the details of the request Request submitted on Universe Universe name from Campaign Title This section covers the following topics The Approval Root ticket s General functions The Approval Root ticket s Advanced functions More information Rejected Link Parent Ticket see page 172 The Ticket Properties Form see page 83 Chapter 9 Approval Process Tickets 167 Approval Process Root Ticket Approval Root Ticket General Functions 168 Portal User Guide The Approval Root ticket provides the following General functionality Close Closes the ticket Save Saves the changes made to the ticket Delegate Transfers the ticket tree to another manager Escalate Transfers the ticket tree to another manager Start Process
133. 2 Software Converters Oracle OlIMConvert sage v32 connecters oraclelmportJarName importFromOIM jar sage v32 connecters oracleExportUarName exportToOIM jar sage v32 connecters BMCConnectorHomeDir C Program Files Eurekify Eurekify Sage Client Tools V3 2 Software Converters BMC BMCConvert sage v32 connecters BMCImportUarName importFromBMC jar sage v32 connecters BMCExportJarName exportToBMC jar sage v32 connecters IBMConnectorHomeDir C Program Files Eurekify Eurekify Sage Client Tools V3 2 Software Converters ITIM46 ITIMConvert sage v32 connecters IBMImportJarName importFromITIMClient jar sage v32 connecters IBMExportUarName exportTolTIMClient jar sage v32 connecters IBMJavaExecutable c java1 4 java exe sage v32 connecters CAConnectorHomeDir C Program Files Eurekify Eurekify Sage Client Tools V3 2 Software Converters CA CAConvert sage v32 connecters CAlmportJarName importFromCA jar sage v32 connecters CAExportUarName exportToCA jar debug log gui std sage batch debugMode log sage sageBaseUn http localhost 8080 eurekify tms sessionTimeoutAlert 1200000 tms test user tms debug false tms defaultDueDateDelay 10 tms configuration realpath tms findUsersPage rowsPerPage 30 tms findUsersPage containsPrefix tms ticketQueue rowsPerPage 20 tms ticketQueue maxChildren 20 tms ticketQueue maxTitleLength 100 tms distinctMaxValues 100 tms attachment uploadSize 5000 tms attachment uploa
134. 2 2008 22 58 41 Eurekify Admin The Approvers have not begun Chapter 7 Running Campaign owner Tickets 111 General Campaign Ticket Functions This section also provides the following functions Close Closes the Ticket Properties Form browser window Save Saves any changes made to the campaign ticket Delegate Allows you to delegate the campaign to a more junior manager Once this is done the campaign ticket will be relocated to your Ticket Queue archive Escalate Allows you to transfer the campaign to a more senior manager Once this is done the campaign ticket will be relocated to your Ticket Queue archive Delegating a Campaign This function allows you to delegate the campaign to another administrator Once you have selected the new campaign administrator the campaign s ticket is archived and will no longer appear in your list of active tickets When a campaign is delegated a new root ticket is generated with the new owner listed in the Owner field and the administrator who delegated the campaign is listed in the Previous Owner field Ticket Properties Form Windows Internet Explorer 7 http flocalhost 8080 eurekify tms ulf wicket bookmarkablePage com eurekify tms web template DefaultTicketPagesticketId 834 Owmer Cooper Amos Previous Owner Eurekify Admin AD1 Status pending Action 15 01 2009 00 00 00 Priority Normal Severity Medium State Open Modified Date 21 12 2008 12 29 28 Date Created
135. 20 TMS GU SAVE pressed 6 25 11 2008 21 30 31 TMS Gun SAVE pressed 8 25 11 2008 21 48 37 TMS Gun SAVE pressed 10 25 11 2008 21 48 57 TMS GUI SAVE pressed 12 25 11 2008 21 49 05 TMS GUI SAVE pressed 14 25 11 2008 21 49 14 TMS GUI SAVE pressed 16 25 11 2008 21 49 38 TMS sun SAVE pressed 18 26 11 2008 09 36 25 TMS GUI SAVE pressed 20 26 11 2008 09 36 32 TMS sUn SAVE pressed Records per page 10 Y To view transactions in the Transaction Log table 1 On the Administration menu click TxLog Page The Transaction Log screen opens 2 Optional Filter the data you want to view in the Transaction Log table Select a field from the Column drop down box and enter the field content 3 Click OK The requested transaction logs appear in the Transaction Log table 4 Optional Click Delete All to delete all the transactions currently saved by the system More information Setting the Number of Records Per Page see page 23 Chapter 15 Using Administration Functions 365 Cache Manipulation Cache Manipulation Using the Eurekify server s cache improves performance This is achieved by uploading the current Universe and configuration data to the cache Accessing the server s cache is much faster than accessing the hard drives so users can receive information more quickly than if they had to receive content from the server hard drives This section covers the following topics m Loading the cache m Clearing
136. 26 a resource UGADGEN1 Administration New In Progress User 23 02 52 Admin AD1 ROOT NOVELADM No Resource mas EAdmin Request to remove user to resource association Delete Link Eurekify 1927 lel resource purchase UNXMARKT Solaris26 Marketing Archived Completed User Admin AD1 Sun Resource EAdmin Request to remove user to resource association Delete Link Eurekify 1928 a resource ugrkgen1 UNXMARKT Solaris26 Marketing New In Progress User Admin AD1 Sun Resource EAdmin Request to remove user to resource association Delete Link 54 01 2009 Eurekify 1929 amp resource UGMPBR RACFPROD RACF22 Production New In Progress User 33 02 52 Admin AD1 RACF Resource sas EAdmin Request to remove user to resource association Delete Link 01 2009 Eurekify 1930 E resource UGMPBR RACFPROD RACF22 Production Archived Completed User 33 02 52 Admin AD1 RACF Resource ere EAdmin 1923 B amp User campaign with Audit Card Approval Root Request Open In Progress 21 01 2009 23 02 52 21 01 2009 23 02 52 The number of sub trees for any Approval Process Root ticket is listed in the Ticket Queue s Children column Each sub tree consists of a Rejected Link Parent ticket and two Approver tickets one for each of the entities that make up the rejected link that is being reviewed Enterprise Role and Compliance Manager Home Ticket Queue Dashboards Self Service Entity Browser Reports Administration Logout AD1 EAdmin
137. 270 277 289 293 296 299 306 309 Connector s 38 45 72 340 346 348 350 354 357 361 417 Consult s 72 153 161 177 185 186 261 292 293 298 299 308 309 Converter e 350 354 Customize s 79 D Delegate 24 71 93 94 111 112 153 157 168 174 177 190 269 275 288 292 295 298 305 308 357 359 384 Direct Link s 333 DM client tool s 346 350 354 DNA client tool s 19 44 45 325 337 346 350 354 367 374 376 384 403 Due Date s 83 108 325 E Email e 48 409 Index 435 Entity Browser e 15 35 37 311 313 314 315 316 417 Escalate e 71 93 96 111 114 153 154 168 174 177 190 269 275 288 292 295 298 305 308 357 359 384 Eurekify cfg s 325 374 384 385 386 Export Connector e 46 346 348 354 F Filter e 24 79 80 110 142 363 368 372 384 386 387 G Gfilter e 386 H Home Page s 17 19 35 63 65 67 350 354 417 Import Connector s 41 346 348 350 Indirect Link s 333 Info ticket s 64 72 91 93 98 151 183 184 190 M Master 41 43 46 325 338 340 374 403 Model s 41 43 46 131 151 261 338 340 403 P Permissions e 39 82 110 325 382 Properties 38 55 64 69 71 72 76 82 83 85 87 89 90 94 96 107 108 110 111 112 114 117 118 119 122 125 126 127 128 131 134 136 142 149 150 153 154 157 161 162 163 166 171 177 267 271 292 298 300 308 325 368 370 37
138. 29 a G Security child role Organization I New In Progress 1 Role 00 38 36 ee pit Approval Request to add role Corporate Security p Cooper Amos r ending Link 01 02 2009 P gt 2240 E foe provides resources to users who are involved New Action 0 Role Role 00 38 50 ienaat Cooper Amos Request to add role to resource association x Link Role 01 02 2009 2230 B resource public role Corporate Security New In Progress 1 Resource 00 38 36 iaia 4 Cooper Amos Request to add role to resource association Link Role 01 02 2009 2231 a L baee PUBLIC role Corporate Security New In Progress 1 Resource 00 38 36 e Resource Approval Request to add resource Link Keren Cindy P 2236 PUBLIC RACFPROD RACF22 Production RACF to New pene 0 Role ted low DOMAIN Keren role Corporate Resource Cindy Cooper Amos 2232 a a Request to add role to resource association New In Progress 1 Link Role 01 02 2009 DOMAIN Cooper resource UGMTSYS role Corporate Security Resource 00 38 36 Amos IKII The Link Entity Role parent and approver tickets are standard tickets More information Introducing the Requests Table see page 257 Self Service Request New Role Parent Ticket see page 294 Self Service Request New Role Approver Ticket see page 297 Chapter 12 Role Definition Tickets 283 Add New Role Ticket Tree Select Accountable Ticket Add New Role One of the advantages of the CA Eurekify Role amp Compliance Mana
139. 33 36 39 48 57 59 64 69 71 72 76 85 92 118 121 123 127 128 131 134 136 142 147 148 149 150 151 153 161 162 163 165 166 169 175 176 185 186 188 261 267 271 277 278 280 284 286 290 291 292 293 294 296 297 298 299 300 306 307 308 309 325 333 376 384 417 Approver Ticket s 36 69 72 76 131 134 136 142 151 176 261 280 291 297 300 307 417 Approver Ticket lt 36 Approver Ticket lt 69 Approver Ticket lt 72 Approver Ticket lt 76 Approver Ticket e 131 Approver Ticket lt 134 Approver Ticket lt 136 Approver Ticket e 142 Approver Ticket e 151 Approver Ticket e 176 Approver Ticket e 261 Approver Ticket lt 280 Approver Ticket lt 291 Approver Ticket lt 297 Approver Ticket lt 300 Approver Ticket 307 Approver Ticket s 417 Archive s 94 96 117 118 122 154 157 Attachment e 89 98 126 161 170 175 185 191 270 277 289 293 296 299 306 309 B BPR 290 C Campaign Ticket s 36 48 69 76 87 89 108 119 126 127 131 417 Campaign Ticket lt 36 Campaign Ticket lt 48 Campaign Ticket 69 Campaign Ticket lt 76 Campaign Ticket lt 87 Campaign Ticket lt 89 Campaign Ticket lt 108 Campaign Ticket lt 119 Campaign Ticket lt 126 Campaign Ticket lt 127 Campaign Ticket lt 131 Campaign Ticket lt 417 Comment e 57 87 94 96 98 125 126 136 149 154 157 161 170 175 185 191
140. 355 Setting Connectors To create a new export connector 8 9 10 11 12 13 In the Connector pane click Create New Enter the name of the new Export Connector Provide a clear and concise Description of the export connector Select the Universe from the drop down list Enter the name and location of the Settings XML File You can locate the file using your systems file browser and copy the name and path from the Address bar and paste it in the text box Enter the name and path of the Mapping XML File You can locate the file using your systems file browser and copy the name and path from the Address bar and paste it in the text box Enter the Remote system login password for accessing the endpoint Provide an upper estimate in seconds for the Max duration time Select the appropriate Connector Java Class Select the default Workflow process name Select the default import Ticket Type Select the Priority Select the Severity When the new export connector is created it appears in the Connector Settings Exports table 356 Portal User Guide Setting Connectors Running a Connector The Eurekify Portal provides two methods for importing exporting data from the source servers Manual Select a connector and click Run This will start the download upload process immediately Automatic Create a job through the Job Scheduler The import export will run as programmed by you You will receive an email notifyi
141. 3810 Miles Buyer Purchasing Corporate 91724340 Hope Collin Finance Corporate 95477810 Ester Roger Operations Corporate 45489940 Steiven Pat System Management Corporate Customize Records per page 10 7 To see which resources are used by the selected users click here Suggest Resources the results are in the Resources table es Ba 250 Portal User Guide ck Test Compliance Copyright C 2008 Eurekify All Rights Reserved Build 08 11 26 01 Note table are users that are accountable to you RACI This screen is divided into three sections m Resources m Users m Role Hierarchy which can expand into two sections m Parent Roles Defining a New Role The users marked with a green dot next to their name in the Users m Children Roles Role Hierarchy Find Parent Rol Organization Human Resources RACF Public access Organization Applicetion Development Title Operator Sales Team Organization Database Administrators Organization System Management Organization Stamford Branch Title Branch Manager Organization Marketing_Dept SAV Active Directory Domain Users Active Directoty Branch Users BASIC ROLE Fifth av Applicative role Novell HR Application Organization Application Development Organization Database Administrators Organization Fifth Ave Branch Organization Fina
142. 4 Step 3 Importing Entity Data see page 45 Step 4 Generating Master Model Configurations see page 45 Step 5 Creating a Campaign see page 46 Step 6 Exporting Entity Data see page 46 Chapter 3 Getting Started 41 Introducing Entities and Links Introducing Entities and Links 42 Portal User Guide Throughout this guide we describe entities and links Entity refers to the users roles and resources that are the subject of the security review certification and attestation processes that are run using the Eurekify Portal A link is a connection between two or more entities The Eurekify Portal recognizes three categories of links Direct links An uninterrupted connection between two entities For example a user to resource link Indirect links A non direct connection between two or more entities For example A user is linked to a specific role and the role is linked to a specific resource The link between the user and the resource is an indirect link Dual links Refers to the case when both a direct link and an indirect link exist For example A user is linked directly to a specific resource and at the same time the user is linked to a role that is linked to the same resource Direct links and dual links are examined during the various review processes for example during campaigns or when assigning a role to a specific corporate team Indirect links are listed for the completeness of the i
143. 44 S48 498844 48SSS9E AER AA RANAR 28 Men B is ostama iaei wa aa EEEE an saa aaa de anwar EA EE saa AE EE dean eas Saar AE E REE E A A ES 35 HOME casa seca E E T E E E E E T 35 Ticket QUeUe TT 36 Dashboards Menu tv scene onten cues eso A es Gee E EAE A 36 Self Service M nu a KKR RE T R E A A AE SE FREGEO RS FACES BEE KR R PEER EOGABETA EA EE GE BE SE 36 Entity Browse vcs ccscec le eee ete eset semen een ence te a eon alee ee eee alee als senor ee ae eee els aoe elses eee 37 Reports Tl HU 37 Administration T 38 User Interface for Non Administrators 0 0 ccc ccc eee tenet rreren errr 39 Chapter 3 Getting Started 41 Introducing Entities and Links 0 ccc rnrn rrr n errereen erarnan 42 Step 1 Creating a UNIVerse 6 R 5 R R R R E E R R R dae tae E EE E E E R E dae ENEE EE 43 Step 2 Creating Import Connectors errn cent r rnern nennen 44 Step 3 Importing Entity Data lt S 65 5 X 5 5 Z X N R Z R R R RR RKR RRR RR RRR RRR RRR RRR RRR RR RR 45 Step 4 Generating Master Model Configurations 0 ccc ccc cece teen ene eas 45 Step 5 Creating a Campaign 02 s sese edeuseodoees T N RR AA tase sane desea R R 46 Step 6 Exporting Entity Datai i c 0 sccetesecascddaxieavh saviaeebsoecasedGaveeese a daskesee deeded 46 Chapter 4 Showcasing the Eurekify Portal 47 Running a Campaignh A Case Study access tannin tte arn anne nin wana wheat VR N 48 Defining a New User Campaign 00 ccc ccc cnt e
144. 494448 114 Campaign Management Functions e c e e e K e K Ke KeK 117 Running the Campaign e enn ene aarne eraron eet n etn e ees 118 View Campaign Progress 005 500s00es ee see eevee ee eee eevee E eeb ee eeeeeeeeeees 123 Send REMINGer suc d 9 KK ween wang Mama enn la eae ed a xe SW a eee ee ee ee 125 Campaign Ticket Advanced Functions R R ccc ttit cece ce cece RRR RRR RRR e 126 6 Portal User Guide VIEW eiis SI carat tee a a a ae ee ts ee athe eae ee 127 Campaign Approver TicketSi 22 4 R T R bcd R C64 POSS AERA EES GE BEES BASES BE ME Ho 128 Chapter 8 Campaign Approver Tickets 131 CMA Ticket Properties Form ce e e e c e ccc cc cc ss sssr EESE ESEE e eee teen teen ESEESE ES 134 PAVBTe La Leyelgy GI a S seems e E E E sai T Ne Ca nee Ee Eaten 136 Presenting the Entity Links Table e cence tne e nen tne teens 136 PDP s Ts AEN cess epee aces eee ws ee sees eases ose ee aa a RSE I SE Re Rees a naa as 139 R jecting a KT c6 sig sped bind a aa shed Gmc be shed cde shed beh cb a a ahd Grn bid odd bu dog E a Seba anc 141 R assigning a Link ssc aes dn ania een cen tests twos See ee ais ows a eek Ow a dei ee ae 142 Adding Comments to LINKS 0 ccc enn cnet eet e ete t nnn tenn eens 146 General CMA Ticket FUNCTIONS 22 4904 40 2594e4440s8404eS aS4404 5949454449 SAN SETS SS d Seas tad 147 Hide Selected ar Ta E ciel cn ie aa nw ei nats Wace aes weak eee wn ee eae he cee 148 Advanced CMA Ticket
145. 6023090 UGFINMGR TSSCREDIT TSS50 Top Secret on MVSCREDIT You can decide to make the request despite any listed violations or you can amend your selections Important Remember that when selecting multiple users all resource related choices apply equally to all the users If at any point you alter the selected users click Get Resources again Chapter 11 Running Self Service Tasks 235 Manage My Team s Resources To link resources to selected users 1 In the Manage My Team s Resources screen scroll down to the Other Resources table 2 Optional Click Find Resources to access the Select Resource filter screen 3 Optional Click Suggest Resources to see the Eurekify Portals recommendations 4 Select one or more resources to link to the chosen users 5 Optional Click Test Compliance to review your selections and check for possible violations The Violations screen opens in a separate browser window Click X to close the Violations window 6 Click Submit The Requests screen opens Enterprise Role and Compliance Manager Home Ticket Queue Dashboards Self Service Entity Browser Reports Administration gout an Barbara Person ID Name Goid Wiliam 84847310 Goid Wiliam 84847310 UGSILVLAN NTSILV WinNT Silicon V br User Lan Sterling Kent 86023090 Sterling Kent 86023090 UGSILVLAN NTSILV WinNT Silicon V br User Lan Sterling Kent 86023090 Sterling Kent 86023090 PUBLIC RACFPROD RACF22 Production
146. 72910 Role provides resources to users who are involved with security Resources To Add 89213720 public UNXMARKT Solaris26 Parent Roles To Add Organization IT Security 54672910 91236370 89123140 84847310 PUBLIC RACFPROD RACF22 UGMTSYS RACFTEST RACF22 View Initiat View Parent Children gt gt Add Attachment saction Log lt gt Chapter 12 Role Definition Tickets 273 Role Definition Main Request Parent Ticket In this section you will find information specific to the Request Parent tickets generated for Self Service provisioning requests lt Ticket Title gt According to source of the request either Add Role or Update Role Title Title Role For example New Role Corporate Security Description Description Role For example Update Role Organization Marketing_Dept Use this ticket s functionality when you wish to transfer the approval process tree to the management of another user or to cancel the approval process You can use the options in the ticket s Advanced section to access additional information concerning the current ticket and its parent and child tickets Click the ticket title to open the Ticket Properties Form in a separate browser window Ticket Properties Form Windows Internet Explorer BEE http localhost 8080 eurekiFy tms ui wicketiinterface 8 v Owner Eurekify Admin AD1 Previous Owner Status In Progress E 01 02 2009 05 29 04 Priority Low lt Sever
147. 8 Campaign Approver Tickets 141 Auditing Links Reassigning a Link The Eurekify Portal allows managers to choose to reassign a link listed in their CMA ticket for review to another Approver Therefore you as an Approver ticket owner can reassign any link listed in your Approver tickets When the reassignment process is completed a notice is sent automatically to both your email inbox and to the Approver who was reassigned the link Campaign owners can also decide to reassign links listed in specific Approver tickets so that they will now appear in the newly assigned entity manager s ticket The Approver who was reassigned the link will see the relevant ticket in his her ticket queue When you click the Save and Reassign button any changes already made to the ticket are saved Then the Find Reassign Users screens opens in a separate browser window Browse Tickets Windows Internet Explorer a http flocalhost 8080 eurekify tms ui wicket interFace TUET Find Reassign Users Where Choose Field Oow contains Where Choose Field v contains Where Choose Field v contains OK Showing 1 to 30 of 140 44412345 gt UserName Organization OrganizationType i 1 Title Rodney Sergio Database Administrators Corporate 75676560 company com DB Developer Moris Bill sacral Corporate 47868650 company com Developer Rolen Dave Finance Corporate 98383770 company com Accountant Fred John aa Corporate 86544420 compan
148. 847310 Add Resource UGMTSYS RACFTEST RACF22 Test RACF UGMTSYS RACFTEST RACF22 Test RACF Remove User Devin Ro 8382990 Devin Roger 88382990 Remove User Garr Jim 77371120 Garr Jim 77371120 UGADGEN2 Administration ROOT NOVELADM Novell Active UGADGEN2 Administration ROOT NOVELADM Novell4 Active Remove Resource Directory Admin2 Directory Admin2 The next step is to submit all the requests for review by the relevant entity managers This process is known as an Approval Process Self Service role definition tasks are focused on the system s roles and the possibility of enrolling users in those roles assigning them various resources and creating hierarchal connections between different roles or on the possibility of severing an existing link between a role and another entity Therefore during the Approval Process review tickets are generated for both the role and the linked user resource role hierarchal This process is started by the manager who made the Self Service request the Self Service Manager When an instruction to begin an Approval Process is given the CA Eurekify Role amp Compliance Manager generates a hierarchal Approver Process ticket tree While for most Self Service provisioning tasks the ticket tree is generated at once and the task managers and link approvers can work with their tickets directly Self Service Role Definition task tickets are generally generated in stages 262 Portal User Guide
149. 9 10 9 10 Details Characteristic Role 100 0 Min 40 10 10 Details 9 Organization Finance aaa Role 100 0 Min 10 10 10 10 Details 19 Novell HR Application Genet Role 40 0 Min 10 10 10 10 Details LY RACF Developers rins 100 0 Min 10 10 10 10 Details 10 10 10 10 10 10 Details Organization IT Security Title Accountant Characteristic Role 50 10 10 10 10 Details Find Roles Test Compliance Suggest Roles Records per page 10 7 After making your selection s you can test the compliance of your selections with the existing BPRs and policies Violations Violations First Second Third Rule Description Score Fifth av Applicative license Only 5 people Only 5 people may role Role By 2 may access role access role ADMNMGR 100 E Resources ADMNMGR licensing licensing You can decide to make the request despite any listed violations or you can amend your selections Important Remember that when selecting multiple users all role related choices apply equally to all the users If at any point you alter the selected users click Get Roles again 216 Portal User Guide Manage My Team s Role Assignments To link roles to selected users 1 In the Manage My Team s Roles screen scroll down to the Other Roles table Optional Click Find Roles to access the Select Role filter screen Optional Click Suggest Roles to see the Eurekify Portal
150. 94 Self Service Request New Role Approver Ticket see page 297 Approve see page 183 Reject see page 184 Update Role Approver Tickets General Functions see page 308 Update Role Approver Tickets Advanced Functions see page 309 Update Role Approver Tickets General Functions 308 Portal User Guide The Self Service provisioning Approver ticket provides the following General functionality Close Closes the ticket Save Saves the changes made to the ticket Delegate Transfers the ticket tree to another manager Escalate Transfers the ticket tree to another manager Consult Allows you to request a consult from one or more managers When you activate this service a View Consult Results button appears in the Advanced functions section of the Ticket Properties Form Approve Approve the Self Service request In this case this leads to the second stage of the Approval Process where the user review Approval Process sub trees are generated and the Approver tickets are sent to the user managers Reject Reject the Self Service request Note It is important to remember that when reviewing an Update Role Approver ticket you can either accept the request for ALL listed users enrolling all of them or you can reject the request for ALL users Update Role Ticket Tree More information Escalate see page 154 Delegate see page 157 Consult see page 178 Approve see page 183 Reject see page 184
151. ADM Novel4 TESTDEV RACFPROD RACF22 UGMPDB2 RACFPROD RACF22 Records per page 19 Y The Other Resources section provides the following options Add A column of check boxes one per resource Select one or more Res Name 1 Click any highlighted resource name listed in this column to open its Resource Card Customize Allows you to determine the columns that will appear in the Other Resources table Records per page Select the number of records that will appear in the Other Resources table Find Resources Opens the Select Resource filter screen to assist you in locating specific resources Test Compliance Checks whether the selections made in the Other Resource table comply with existing policies and BPRs Business Practice Rules Suggest Resources Provides a list of possible resources based on the CA Eurekify Role amp Compliance Manager pattern recognition technology Chapter 11 Running Self Service Tasks 241 Manage My Resources This table presents you with several options R You can manually select one or more resources to which you wish to enroll m You can use the Find Resources filter option to find specific resources and then make a selection from the filtered list of resources R You can click Suggest Resources and use the information provided by this feature to find resources to which you should enroll Other Resources Showing 1 to 10 of 74 4 472345678 Add Res Name 1 Res Name 2 Res Name 3 HR
152. Add Comment see page 87 Add Attachment see page 89 View Transaction Log see page 90 View Children see page 163 View Statistics see page 171 Approval Process Root Ticket View Statistics The View Statistics button opens the View Statistics list in a separate browser window This list in table format presents the statistics concerning how many of the child tickets Reject Link Parent ticket in this case have one of three state status combinations Any ticket that has already been processed will not be listed here http localhost 8080 eurekify tms ui wicket bo SEE http localhost 8080 eurekify tms ui wicket bookmarkablePage 196popup VY View Statistic Status Number of tickets Cancel In Progress 1 New In Progress 12 Open In Progress 4 Total 17 Close Fr ee Internet To view the ticket s statistics information 1 Click Advanced at the bottom of the Ticket Properties Form 2 Click View Statistics The View Statistics table appears in a separate browser window 3 Click Close to close the View Statistics window Chapter 9 Approval Process Tickets 171 Rejected Link Parent Ticket Rejected Link Parent Ticket The Rejected Link Parent ticket is a management ticket generated by the Eurekify portal for every rejected link that has to be reviewed during an Approval Process procedure While the Approval Root ticket controls the lifecycle of the whole tree the Rejected Link Parent ticket
153. Administration Functions 367 Properties Settings Properties Settings The Properties Settings utility gives you access to the system property file Eurekify properties allowing you to create new property keys and access and edit the values of existing property keys For ease of use properties that are considered to be common properties such as of the type properties headers commonProperties are listed separately under the Settings sub menu as Common Properties Settings This utility functions in the same way as the general Properties Settings utility Enterprise Role and Compliance Manager Home Ticket Queue Dashboards Self Service Entity Browser Administration gt Settings gt Properties Settings Properties L Reports eure Administration Logout AD1 EAdmin Showing 1 to 20 of 111 Type Edit Eurekify_home_properties file Edit Eurekify_home_properties_file Edit Eurekify_home_properties_file Edit Eurekify_home_properties_file Edit Eurekify_home_properties_file Edit Eurekify_home_properties_file Edit Eurekify_home_properties_file Edit Eurekify_home_properties_file Edit Eurekify_home_properties_file Edit Eurekify_home_properties_file Edit Eurekify_home_properties_file Edit Eurekify_home_properties_file Edit Eurekify_home_properties_file Edit Eurekify_home_properties_file Edit Eurekify_home_properties_file Edit Eurekify_home_properties file Edit Eurekify_home_properties_file Edit Eurekify_home_
154. Allen Sherman First User Audit 2009 a Close Save and Reassign Hide Selected Reassigned From Allen Sherman DOMAIN Ilan Sharoni Approver Progess 0 13 0 7 X Progress Violations PersonID UserName Organization OrqanizationType Comment a Hhoog 71 Sterling Kent 86023090 Sterling Kent Human Resources Corporate E B 000 78 Bean Frank 99883110 Bean Frank Purchasing Corporate E Attachments comments Add Attachment View Initiators View Transaction Log More information Campaign Approver Tickets see page 131 Reassigning a Link see page 142 54 Portal User Guide Running a Campaign A Case Study Starting the User Campaign To start the campaign Nancy opens her campaign owner ticket by clicking the ticket s title in the Ticket Queue The ticket s Ticket Properties Form screen opens Ticket Properties Form Windows Internet Explorer 7 http localhost 8080 eurekify tms ui 2wicket bookmarkablePage com eurekify tms web template DefaultTicketPagesticketId 2281 Campaign Ticket Id Owner Katz Nancy DOMAIN Previous Owner Status Pending Action Due Date 21 02 2009 00 00 00 Priority Normal v SELF Medium lt State open 8 Modified Date 4 02 2009 21 39 59 Date Created 14 02 2009 21 12 3 Title First User Audit 2009 User Certification Description Running the first Silicon Valley user certification campaign Unive
155. Approver New Role Corporate Security Role Approver New role Corporate Security onfiguration Name Model2_ConfigwithRoles DOMAIN Cooper Amos Corporate Security Rule Organization2 Organization Type Owner Description Organization34 Organization IT Security null null Enterprise IT Security Organizational Role 546729102 Role provides resources to users who are invoh 89213720 54672910 91236370 89123140 84847310 Organization IT Security public UNXMARKT Solaris26 PUBLIC RACFPROD RACF22 UGMTSYS RACFTEST RACF22 Parent Roles To Remove Organization2 Organization Type Owner Description Organization IT Security null null Enterprise TT Security Organizational Role 54672910 Role provides resources to users who are involved with security Resources To Add Parent Roles To Add public UNXMARKT Solaris26 Organization IT Security PUBLIC RACFPROD RACF22 UGMTSYS RACFTEST RACF22 Add Comment Add Attachment View Transaction Log View Initiators View Role a lt a Once the role manager approves the link requests listed in this ticket stage three of the Add New Role Approval Process begins and a new set of Approver tickets is generated This includes one sub tree for every requested link that consists of parent child pairs of tickets where the parent ticket is a standard Link Entity Role Parent ticket and the child ticket is a standard Link Entity Role Approver ticket The Role Appro
156. CA Eurekify Role Compliance Manager Portal User Guide r4 1Ck3 This documentation and any related computer software help programs hereinafter referred to as the Documentation is for the end user s informational purposes only and is subject to change or withdrawal by CA at any time This Documentation may not be copied transferred reproduced disclosed modified or duplicated in whole or in part without the prior written consent of CA This Documentation is confidential and proprietary information of CA and protected by the copyright laws of the United States and international treaties Notwithstanding the foregoing licensed users may print a reasonable number of copies of the documentation for their own internal use and may make one copy of the related software as reasonably required for back up and disaster recovery purposes provided that all CA copyright notices and legends are affixed to each reproduced copy Only authorized employees consultants or agents of the user who are bound by the provisions of the license for the product are permitted to have access to such copies The right to print copies of the documentation and to make a copy of the related software is limited to the period during which the applicable license for the Product remains in full force and effect Should the license terminate for any reason it shall be the user s responsibility to certify in writing to CA that all copies and partial copies of the D
157. Characterist Role Request to remove user to role association Delete amp role Organization Database Administrators New In Progress Link User Characterist Role Request to remove user to role association Delete H a role Organization Database Administrators New In Progress Link User Characterist Role 19 01 2009 00 18 29 19 01 2009 00 18 29 258 Portal User Guide Introducing the Requests Table When generating a new role or updating an existing one other tickets will be generated as needed 1 Optional Click Back to return to the previous screen to amend your selections 2 Click Submit to generate the Self Service request tickets The Requests Sent screen appears S Enterprise Role and Compliance Manager Xify Home Ticket Queue Dashboards Self Service Entity Browser Reports Administration Logout AD1 EAdmin Requests sent for approval ticket ID 1765 The Requests Sent screen lists the new ticket ID the ID of the ticket owner s root ticket You can view the new ticket tree in the Ticket Queue More information Running Self Service Tasks see page 197 Role Definition Tickets see page 261 Chapter 11 Running Self Service Tasks 259 Chapter 12 Role Definition Tickets This chapter is designed for managers who can run Self Service based Approval Processes and for entity managers who may receive Approver tickets as part of the Self Service approval process Self Serv
158. Entity Type Specifies the entity the report will cover by Field Specifies a data field used to filter participants The drop down shows all data fields defined for the selected entity type in the specified configuration file s Select an attribute and existing values are listed Click a value to use it as a filter From Date Specifies the report s start date Changes to selected entities since this date are included in the report Show Current Links Includes existing links to other entities in the report Chapter 14 How to Generate Reports 321 Display a Report s Index Display a Report s Index Some reports are indexed by the data field used to filter and sort the report You can use this index to navigate the report in your browser To display a report s index click S A navigation pane appears on the left of the screen Change Report Parameters You can regenerate the report with different parameter settings This is useful if the scope of the report is not what you planned or if you wish to compare parallel subsets of information for example different locations or business units To regenerate the report 1 Click the Show Parameters link on the left of the report display The parameters dialog for this report opens with current settings displayed Change any parameter settings you wish and click OK The same report is generated using the new settings Note The previous version of the report is ove
159. F22 Action Production RACF from user Garr Jim 77371120 Approver You can access the corresponding Approver tickets by clicking Select in the ticket s row Chapter 9 Approval Process Tickets 175 Approval Process Approver Tickets More information Add Comment see page 87 Add Attachment see page 89 View Transaction Log see page 90 View Initiators see page 162 View Parent see page 163 View Entity see page 165 View Children see page 163 Approval Process Approver Tickets 176 Portal User Guide When an Approval Process is set it motion following a campaign the Approver tickets are sent to all the relevant entity managers As an Approver your job is to either approve or reject the request to reject a link between two specific entities The Approver ticket supplies you with all the data you need to make the decision and with the required functionality to assist you in the process Ticket Properties Form Windows Internet Explorer el http flocalhost 8080 eurekify tms uij2wicket bookmarkablePage com eurekify tms web template DefaultTicketPagesticketId 1758 1758 Owner Cooper Amos DOMAJ Previous Owner 19 01 2009 05 18 41 Priority Low lt Severity Minimal Modified Date 22 01 2009 10 35 58 Date Created 19 01 2009 00 18 41 Title User Approval Request to delete role Organization Database Administrators Characteristic Role 100 0 Min 40 from user Davis Brett 75675330 Descripti
160. FUNCIONS lt 020 0404 E RRR deat EEST INTETT eens sede ee geasges 149 View Initiator S is44 44 44s00540esde4a 4oesGeed deeded EERO E EEE desde tostdesddeawds 150 Chapter 9 Approval Process Tickets 151 General Approval Process Ticket Functions 0 ccc ccc cece rnnr eee eee teenies 153 ESCalate lt 46 X K a Sos4 40544464 bdo ESE OSS GRE SARE REESE EPHE EE R A A LEME GRAS R A TR OS 154 Delegate cccia cram dansaada cand weeameee sane dared waarmee va aaa a area wae awe 157 More Details Less Details 0 0 0 RRR RRR RRR RRR eee eee E ai 160 Advanced Approval Process Ticket FUNCtIONS 0 ete ee een eee ete eee eens 161 MGW INIGIAtOLS x2 eenn cen neeanennednseeeenton cern ste eneen sta setae see Beer eee en een eee nets 162 VIEW PAFEnt sii 6 Z E RE loess os SOSSS SSA ERGATA AGES SSSSSTSSSETESTS 163 View ess 1 OR sce oe veer ee ce eee cte cael cet tel te arte te Gol be a leet hace cde ihe ee hate ilies od 163 View Entity 2 0 0 enn enn nee n ene eee teen bene ete ete ete eeas 165 Approval Process Root Ticket s 42 iecstgavdeeveowd Gavdeavhdoed Gawd E ENNE EASE O ANRE EEO EER 166 Approval Root Ticket General Functions 0 ccc ccc cece teen aranne nrnna 168 Approval Root Ticket Advanced Functions 0 cece cece cece teen ene e eens 170 Rejected Link Parent Ticket 0 ccc ccc ce ne ee eee e ent nee e eee e teen ene eaee 172 Rejected Link Parent Ticket General Functions 0 0
161. Field Is Any Value X And Any Field Is Any Value And Any Field Includes Advanced Search Get roles for which Iam O Responsible C Accountable C Consultant Informed Role No Records Found Customize Chapter 11 Running Self Service Tasks 255 Updating Role Definitions This is a search screen with built in filters and a RACI based advanced search feature Note The universe s model configuration is listed in the upper right hand corner of the Select Role screen Once you have successfully constructed a search pattern a list of roles is displayed in the Role table Enterprise Role and Compliance Manager eureXify Home Ticket Queue Dashboards Self Service Entity Browser Reports Administration Logout DOMAIN Herman Barbara Configuration Model2_ConfigWithRoles Organization M Is Application Development X Any Field E s Any Value X Any Field v Includes Advanced Search Get roles for which I am Responsible L Accountable L Consultant Informed Role Name Description Type Organization Organization Application Development Characteristic Role 100 0 Min 40 Org Role Application Development Customize To update an existing role 1 Click Request Changes to a Role Definition on the Self Service menu The Request Role Update screen opens Select a Universe from the drop down list Click OK The Select Role
162. Joe Dassin Sales Corporate g Roles 2 Resources 4 View Transaction Log LE internet Chapter 8 Campaign Approver Tickets 137 Auditing Links Three columns in entity table contain check boxes with icons in the column header Sometimes a fourth icon appears in a row The icons associated with the entity tables are as follows Icon Description Expands the nested links tree showing the entities linked to the original entity For example in a user certification campaign Approver ticket each user is linked to roles and resources Clicking on the will reveal the linked Roles and Resources in separate tables Additional information A The Approve checkbox column Click this checkbox to approve a link x The Reject checkbox column Click this checkbox to reject a link gt The Reassign checkbox column Click this checkbox to reassign a link E Collapses the link tree Click to expand the entity tree and see all the entity tables for the entities linked to this entity Approver Progess 0 8 0 1y X gt Progress Violations RoleName Description Organization Type Comment Organization IT Security Characteristic Role Characteristic Role 100 0 F S ges Min 40 25 lt a 6 T security Org Roe E Bu w X d Name Violations Relationtype Username Organization Organizationtype Country History Comment Flag Lee 91236370 Direct Flag Lee IT Security Corpo
163. MAIN Garr Jim Hope Collin DOMAIN Hope Collin Cooper Amos DOMAIN Cooper Amos Keren Cindy DOMAIN Keren Cindy Yoham Anne DOMAIN Yoham Anne Herman Barbara DOMAIN Herman Barbara o Steiven Pat A campaign owner can see all the tickets generated by the campaign and can therefore follow the campaign by navigating the 103 Chapter 7 Running Campaign owner Tickets Info tickets Note A campaign has to be manually started by the campaign owner When you create a campaign and the campaign ticket is first created its state is listed as New After you open the ticket for the first time its state is changed to Open There are various actions a campaign owner can take prior to starting a campaign for example escalate a campaign The Approver tickets are listed as Hidden until you start the campaign Once you start the campaign the approvers can see the campaign tickets in their own ticket queue A campaign can be manually stopped by the campaign owner and later restarted if necessary The campaign owner can choose to archive a campaign ticket when he she is done with it The status column provides additional information When you first create a campaign the status is Pending Action After you manually start the campaign the status changes to In Progress As the campaign owner you can open any ticket that appears in your campaign tree You can therefore open Approver tickets and reassign the processes links en
164. Min 40 from user Rodney Sergio 75676560 Description User Approval Request to delete role Organization Database Administrators Characteristic Role 100 0 Min 40 from user Rodney Sergio 75676560 Request was submitted on Universe Demo1 from Link of Team to Role s ss Details Model_ConfigWithRoles 5676560 Organization Database Administrators Owner Note Rami Sas Eurekify Rami Escalated to Herman Barbara ir Internet 96 Portal User Guide Info tickets A comment is generated stating that the ticket has been Escalated to current owner This comment appears in both the old ticket and in the new ticket When viewed in the original ticket owner s Archive screen Ticket Queue Archived tickets the old ticket and the new ticket create a hierarchal tree in which the original ticket the Status is set to Escalated is the root ticket and the new ticket is the next node Enterprise Role and Compliance Manager Home Ticket Queue Ticket Queue gt Archived Tickets Dashboards Self Service Entity Browser Reports Administration Logout Eurekify Rami ID Title State Status Children Type Received Owner Delete Archived Escalated Link User Role Delete Link User Role User Approval Request to delete role ization Database A 19 01 2009 Rami Sas P ies BG Organzation Database Adminstrators Characterstic a E era Request to delete role tabase Administrators Characteristic New Rami Sas
165. Model2_ConfigWithRoles Link Filter Direct Dual Audit Card Entity Filter No Filter The General section of the Campaign Ticket Properties Form contains the following fields Universe The name of the universe on which the campaign is being run Campaign Type There are three possibilities User A campaign in which the approvers certify the entitlements of the user under their management The certification is in regard to the user s roles and resources Improper entitlements can be rejected Role A campaign in which the approvers certify the connection of the roles under their management The certification is in regard to the role s linked users and resources The certification also examines role to role hierarchal links Improper entitlements can be rejected Resource A campaign in which the approvers certify the connection of the resources under their management The certification is in regard to the resource s linked users and roles Improper entitlements can be rejected Auto Generate Permissions True or False When true the campaign overrides the system permissions and automatically provisions the campaign permissions Audit Card The name of the Audit Card Entity Filter The entity filter More information Adding Campaigns see page 325 110 Portal User Guide General Campaign Ticket Functions Advanced Campaign The Advanced section appears below the campaign ticket s General section and above
166. New Jn Progress Link User 01 02 2009 Request to add user to role association 2235 aA Role 00 38 36 role Corporate Security user 54672910 and me popes Link User 01 02 2009 es Request to add user to role association bi 2 Role 00 38 36 role Corporate Security user 91236370 New In Progress Link User 01 02 2009 S Request to add user to role association d a Role 00 38 36 role Corporate Security user 89123140 New In Progress Link User 01 02 2009 Request to add user to role association Kag 2 Role 00 38 36 role Corporate Security user 84847310 New In Progress Link Role 01 02 2009 Request to add role to role association parent E 2 Role 00 38 36 role Corporate Security child role Organization I New In Progress Request to add role to resource association Link Role 01 02 2009 2230 a resource public role Corporate Security Resource 00 38 36 Copyright C 2008 Eurekify All Rights Reserved Build 08 11 26 01 New In Progress i gt mp m State Status Children Type Received Owner Approval 01 02 2009 Root 14 05 45 Eurekify Admin Update 01 02 2009 Eurekify Admin Role 14 05 45 AD1 EAdmin Allen Sherman w a vaa ween o ute bis DRE Allen Sherman DOMAIN Iian Sharoni Allen Sherman DOMAIN Iian Sharoni Allen Sherman DOMAIN Ilan Sharoni Allen Sherman DOMAIN Ilan Sharoni Request to remove role to resource association Remove Allen Sherman 256 m 2 Administratio
167. POPR RACFPROD RACF22 UGMTOPR RACFTEST RACF22 UGSILVSYS NTSILV WinNT UGSTAMSYS NTSTAM WinNT e mail outlook WinNT office2003 2003 WinNT unixoper UNXMARKT Solaris26 E Oo E o m o o Oo Oo UGMTSYS UGSYS TESTDEV UGMPMINI UGSAPPUR secmgr TESTDEV UGMPDB2 Test Compliance UGADMGR Administration ROOT NOVELADM Novell4 Res Name 2 NTSAVE NOVELADM RACFPROD RACFTEST NTSILV NTSTAM outlook 2003 UNXMARKT UGADGEN1 Administration ROOT UGADGEN2 Administration ROOT Suggest Resources Res Name 3 WinNT Novel4 RACF22 RACF22 WinNT WinNT WinNT WinNT Solaris26 Description Fifth Av br System Admin Active Directory Manager Production RACF Test RACF Silicon V br System Admin Stamford br System Admin MS email MS office2003 Unix operator Res Name 2 RACFTEST TSSCREDIT RACFTEST RACFPROD NOVELADM SAPPROD UNXMARKT NOVELADM RACFPROD RACFPROD Copyright C 2008 Eurekify All Rights Reserved Build 08 11 26 01 Chapter 11 Running Self Service Tasks ManagerID Owner 91236370 67283470 77292450 77292450 91236370 91236370 91236370 91236370 89123140 Kity Herman Barbara Location Houson TX Portland OR Irvine CA Irvine CA Houson TX Houson TX San Mateo CA San Mateo CA San Mateo CA 4 412345678 gt Res Name 3 RACF22 TSS50 RACF22 RACF22 Novel4 SAPR3 Solaris26 Novel4 RACF22 RACF22 Records per page 10 237 Manage My Re
168. Portal provides you with two databases to store your update key values DB_dynamic_properties The change is immediate You do not have to wait for the server to go offline to update the property values DB_static_properties The change will take place the next time that the server is restarted To edit a property key 1 Optional In the Eurekify Properties page enter a name of a property key or part of one in the filter text box located below the Properties table Click Apply Filter The Properties table presents only keys that match your filter criteria 2 Click Edit next to the property key that you want to change The Edit Property screen opens 3 Enter a Property Value in the text box 4 Select a database Type from the drop down list 5 Click Save The updated property appears in the Properties screen table Chapter 15 Using Administration Functions 373 Eurekify Configuration Settings Eurekify Configuration Settings 374 Portal User Guide The Eurekify master configuration handles user access to the Eurekify Portal A user has access to the Eurekify Portal only if they are listed in the Eurekify configuration Eurekify cfg which is actually the configuration of internal CA Eurekify Role amp Compliance Manager permissions When you add a new Universe to the system prior to updating the RACI configurations you have to make sure that all the users associated with the Universe via the configuration have access
169. RN N 79 Administrator View USER VIEW sc sewer 9 9 E N NT N ST T R etal al Wek nae wee nee ae ea 82 The Ticket Properties Form 0 ccc eee eee eee teen eee eee e eee e eee teens 83 General Ticket FUNCTIONS csser srant ranee EE EE EE E EE EEE EEE S EEE EEEE EEES 85 Advanced Ticket Functions 00 cece cece rnnr rererere rrr eee eeaes 85 Os ete 2 3 ssena ev ne hts Va exces oa es SA eas Bos A ew ey Re a oe oe eee 91 RECEIVING AN Info Ticket sr sesso E 9 KR 9699 Ben SRR SSRR RR BORER RR EE E Bek BR RR EEE ER SERRE TEE 92 General Info Ticket Functionality 0 ccc ccc errero orreee n ene t nee e eens 93 Delegating an Imro TiCkets cine csi bee eee eh A N NK ce hc ee N 94 Escalating an Info Ticket 0 0 0 enn n earran t etn eee teen e eens 96 Advanced Info Ticket Functionality e e ccc ccc cece cece e reenso rrer rense 98 Chapter 7 Running Campaign owner Tickets 101 eTel Ge lt bal 0 UT 107 Ticket Data Campaign eee ee eee eee ete ete ete etn ete et neenes 108 General Data Campaign oi 24 icandaivineres ERRER REER Syioenesaueaesee Soeeaaewes 110 Advanced Campaign 0 ccc ccc cc ce ee nen ene eee ene ee eee eee e eee eeeeeees 111 General Campaign Ticket Functions 0 ccc ccc cece eee e nee n tne eroro rre 111 Delegating a CampalgM 2 05 conn tenet stare te AER AH AE R setae te sates ete NAR RS 112 Escalatinga Campaign 4464446464445 444 4544444664848 844 844 644445494544 8448464844448
170. TicketPagestticketId 2302 Campaign Manager Approver a Ticket Id 2302 Owner Katz Nancy DOMAINY Previous Owner Status Pending Action Due Date 21 02 2009 00 00 00 Priority Normal Severity Medium State Open lt Lo KT rearen E Modified Date 14 02 2009 22 20 45 Date Created 14 02 2009 21 12 38 User Certification Katz Nancy First User Audit 2009 User Certification Katz Nancy First User Audit 2009 ye and Reassign Hide Selected 0 40 0 1 7 X T Progress Violations PersonID UserName Organization OrganizationType Comment Yoham Anne 93872110 Yoham Anne Silicon Valley Branch Branches O 81 Katz Nancy 97373330 Katz Nancy Silicon Valley Branch Branches Kistor Steve 93988710 Kistor Steve Silicon Valley Branch Branches Taskoni Bob 97847110 Taskoni Bob Silicon Valley Branch Branches View Initiators View Transaction Log Internet To see further details about the links to be reviewed Nancy expands the links assigned to her t Properties Form Windows Internet Explorer flocalhost 8080 eurekif y tms uilwicket bookmarkablePage com eurekify tms web template Default TicketPagetticketId 2302 Campaign Manager Approver Ticket Id 2302 R Katz Nancy DOMAIN Previous Owner Status pending Action Normal Severity Medium lt State Open E User Certification Katz Nancy First User Au
171. Tickets see page 131 Nancy approves or rejects the various links The other Approvers assigned to this campaign also review the links assigned to them More information Campaign Approver Tickets see page 131 Starting the Approval Process 60 Portal User Guide When all the approvers have approved or rejected the links assigned to them or when the campaign is manually ended the campaign owner can start the Approval Process The purpose of the Approval Process is to review the links rejected during a campaign This time the review is performed by the links two managers While campaigns are focused on one entity user role or resource the Approval Process sends the rejected link to the managers of both ends of the link For example if the rejected link is a user role link then the relevant user manager and the relevant role manager will receive tickets as part of the Approval Process Only if both managers agree to reject the link will the link be severed within the universe s configuration files To start the Approval Process Nancy clicks Start Approval Process in her campaign owner ticket The Eurekify Portal requests confirmation of the request to start an Approval Process Confirmation Are you sure you want to Start Approval Processes After clicking Yes the Eurekify Portal generates the Approval Process tickets Following an Approval Process a user may find that roles or resources that were once
172. Two types of tickets are generated for a campaign Campaign owner tickets Campaign Approver tickets When a campaign is first created a campaign ticket is generated This is the campaign owner ticket This ticket appears in the campaign owner s Ticket Queue Enterprise Role and Compliance Manager Home Ticket Queue Dashboards Self Service Entity Browser Reports Administration Logout AD1 EAdmin Admin View 465 a User Certify Dec 2008 User Certification New Action 9 Campaign 18 37 42 AD1 EAdmin State Status Children Type Received Owner Previous Owner Pending 16 12 2008 Eurekify Admin Chapter 7 Running Campaign owner Tickets 101 Info tickets The campaign owner ticket is structured as a tree where the top level that is the root ticket is the owner s ticket and the branches leaves are the approvers tickets The Children column when visible in the campaign s root ticket row provides the number of Approvers assigned to a specific campaign A campaign owner can also be an approver but it is not required If there are entities that do not have assigned managers their links will be sent to the campaign administrator for approval Customize Admin View Refresh gt ID Title 465 user Certify Dec 2008 User Certification 466 468 487 User Certification Eurekify Admin User Certify Dec 2008 User Certification Herman Barbara User Certify Dec 2008 User Certification Purple Mary
173. User Certify Dec 2008 User Certification Goodman Bruce User Certify Dec 2008 User Certification Cooper Amos User Certify Dec 2008 User Certification Schwarts Barry User Certify Dec 2008 State New Hidden Hidden Hidden Hidden Hidden Hidden User Certification Katz Nancy User Certify Dec 2008 Hidden 102 Portal User Guide Status Pending Action Pending Action Pending Action Pending Action Pending Action Pending Action Pending Action Pending Action Pending Type Received Owner 16 12 2008 18 37 42 16 12 2008 18 37 43 Campaign Campaign Manager Approver Campaign Manager moe Approver ETS 16 12 2008 anager 18 37 44 Approver Campaign Manager a Sg Approver Campaign Manager trung Approver Campaign 16 12 2008 Manager 18 37 44 Approver Campaign Manager aoa Approver Campaign 16 12 2008 Eurekify Admin AD1 EAdmin Eurekify Admin AD1 EAdmin Herman Barbara DOMAIN Herman Barbara Purple Mary DOMAIN Purple Mary Goodman Bruce DOMAIN Goodman Bruce Cooper Amos DOMAIN Cooper Amos Schwarts Barry DOMAIN Schwarts Barry Katz Nancy DOMAIN Katz Nancy Levi Jay Info tickets As the campaign proceeds and links are approved or rejected reminders are sent and other tasks are performed changing the content of the tickets and or their State and Status campaign s ticket tr
174. WD Tite State Status Children Type Received Owner 755 E G Resource certification User Certification Archived Delegated 1 Campaign ae Eurekify Admin s AD1 EAdmin 21 12 2008 12 29 06 21 12 2008 12 28 38 Eurekify Admin AD 834 E Resource certification User Certification Open Pending 9 Campaign EAdmin Action Cooper Amos Campaign Manager Approver Campaign Herman Barbara Manager 21 12 2008 DOMAIN Herman Pending User Certification Eurekify Admin Resource kaa Action certification Hidden Cooper Amos 758 User Certification Herman Barbara Resource Hidden Pending When the delegated ticket is viewed in the Approval Process owner s Ticket Queue when applicable the old ticket and the new ticket create a new sub tree within the original Approval Process tree in which the original ticket Status is set to Delegated is the parent ticket ID Title State Status Children Type Received Owner Previous Owner Delete Open None T SSH 2889 User Role T Approval 21 01 2009 Root 18 27 19 Delete Cooper Amos unk 2 0 2009 E Resource Amos Delete Cooper Amos j ie 21 01 2009 DOMAIN Cooper Resource Amos Delete Cooper Amos LK 24 1 2009 COMAN Cooper Resource Amos Delete Cooper Amos fi rad EEE Tailor Janet DOMAIN Cooper Resource Amos User Approval Request to delete resource Delete E office2003 2003 WinNT MS office2003 from New Pending vi ae Tailor Janet user Keren Cindy wae Resourc
175. _ConfigWithRoles 93833870 UGADGEN2 Administration ROOT NOVELADM Novell4 Add Comment Add Attachment View Transaction Log View Parent View Initiators View Children gt gt View User View Resource Chapter 9 Approval Process Tickets 165 Approval Process Root Ticket Click View User View Resource View Role to see the entity s card in a separate browser window More information The Entity Card see page 28 Approval Process Root Ticket The Approval Root ticket is the root ticket that appears in the Ticket Queue belonging to the manager administrator who started the Approval Process When expanded you can see a set of sub trees one for each rejected link that has to be reviewed Enterprise Role and Compliance Manager Home Ticket Queue Dashboards Self Service Entity Browser Reports Administration Ticket Queue gt Open New Done Tickets State Status Children Type Received Owner Approval 21 01 2009 Eurekify Root 23 02 52 Admin __ Request to remove user to resource association Delete Link 54 01 2009 Eurekify 1924 resource UGADGEN2 Administration Open In Progress User 23 02 52 Admin AD1 ROOT NOVELADM No Resource psz EAdmin Request to remove user to resource association Delete Link 4 01 2009 Eurekify 1925 B 2 resource UGMPBR RACFPROD RACF22 Production Archived Completed User 33 02 52 Admin AD1 RACF Resource at EAdmin Request to remove user to resource association Delete Link 94 91 2009 Eurekify 19
176. a field name Value Enter a value or use autocomplete to provide an appropriate value Add Lets you add another constraint to the rule Remove Removes the last added constraint Cancel Cancels the rule construction Rule Construction Field Value OrganizationType Branches Note Adding a rule is optional Not every Role has to be rule based To construct a rule 1 Click Add Rule in the Request New Role Definition screen The Rule Construction screen opens Enter a Field name Enter a Value Optional Click Add to add additional constraints Repeat step 2 to step 4 as necessary Click OK Oh CON ae T The constructed rule appears in the Rule text box in the Request New Role Definition screen Chapter 11 Running Self Service Tasks 249 Defining a New Role Definitions for Role Name New Role Name Now that you have requested a new role you can start assigning users and resources to the newly constructed role Roles can be linked to users resources and to other roles in a hierarchal relationship as either a parent role or a child role The Definitions for Role Name New Role Name screen provides you with a fast and easy way to select which links your new role will have When you have completed your selections you can test those selections for violations If you are satisfied with the results click Submit located below the entity tables to generate a request for a new role definition The request can be ch
177. acteristic Archived Completed Role 100 0 You can check this ticket s Transaction Log to view what decision was made in this case http localhost 8080 eurekify tms ui wicket bookmarkablePage 92popupp BE X le http localhost 8080 eurekify tms ui wicket bookmarkablePage 92popuppagemap_Popupwindow com eurekil Y View Transaction Log Date User Action Message 22 01 2009 12 15 17 DOMAIN Herman Barbara GUI Approve pressed 22 01 2009 12 15 17 DOMAIN Herman Barbara ConsultActionCmd Approve action was selected 182 Portal User Guide Approval Process Approver Tickets To consult on a ticket 1 Click Consult in the ticket s Ticket Properties Form The Find Consult Users screen opens in a separate browser window 2 Select one or more names from the list You can use the filter option to reduce the number of records listed in the table 3 Click OK The Executing bar appears A new ticket is generated for each consultant listed The new ticket s will now appear in the consultant s Ticket Queue 4 Click View Consult Results to view the results of the consultation More information Filtering a Data Table see page 24 Approve As an approver it is your task to approve or reject the request to delete a link between two entities When you choose to approve such a request click Approve and a Confirmation pop up window opens Confirmation 2 Are you sure you want to Approve Yes No Click
178. age Data Manager modules and know how to access them to obtain required data file names and locations and to generate necessary files For more information see the CA Eurekify Role amp Compliance Manager Sage DNA User Manual and the CA Eurekify Role amp Compliance Manager Sage Data Manager User Manual The user interface menus and options are fully described in this chapter Not all users will have full administrative privileges and therefore not all the described options will be available for all users This section contains the following topics User Interface see page 19 Menu Bar see page 35 User Interface for Non Administrators see page 39 User Interface To open the CA Eurekify Role amp Compliance Manager Portal follow the instructions in Opening the Eurekify Portal see page 17 The Eurekify Portal Home Page opens Enterprise Role and Compliance Manager __eureXify Home Ticket Queue Dashboards Self Service Entity Browser Reports Administration Logout ADI EAdmin P gt mp Title State Status Children Type Received 227 Link of Team to Role s Approval Root Request New In Progress a Las rd 92 Link of Team to Role s Approval Root Request New Tn Progress Approval 24 12 2008 Eurekiy E GL of Team to Role s Approval Root Request Open None Approval Eaa d Eurekfy Admin ADL EAdmin E 2 User campaign for demo UserCertification Open n Progress 11 Campaign 25 21 2008 22 41 50 1 E 2 basic ResourceC
179. ageUser PersonID Portal Filter45 Campaign automatic filter FILTER A type resource sageUser PersonID Portal Filter46 Campaign automatic filter FILTER gt type user A type resource sageUser PersonID Portal Filter47 Campaign automatic filter FILTER gt type role A type resource sageUser PersonID Portal Filter48 Campaign automatic filter FILTER PersonID 93872110 Portal Filter49 Campaign automatic filter FILTER user 93872110 Portal Filter50 Campaign automatic filter FILTER user 93872110 Portal FilterS1 Campaign automatic filter FILTER 386 Portal User Guide Permissions The following columns provide important information when the resource s type is Filter Res Name 1 The resource name Res Name 2 The Universe name Res Name 3 Filter number Description A description of the filter Type The resource s type Filter1 A Gfilter For example gt type role A type user sageUser PersonID More information Gfilters see page 387 Gfilters This section explains the syntax of the filter used in the Filter type resources The filtering is based on LDAP filtering of Sage entities The Sage LDAP filter is designed implicitly define a set of Sage entities users roles or resources The filter is based on the standard LDAP filter format with some minor adjustments Chapter 16 About Security amp Permissions 387 Permissions Filter Format 388 Porta
180. agemaster gt lt type gt internal lt type gt lt label gt Update Eurekify configuration with universe users lt label gt lt data gt com eurekify web sageMaster UpdateSageMasterPage lt data gt lt checkPermission gt true lt checkPermission gt lt tag gt lt tag gt lt tag id Checkup gt lt type gt internal lt type gt lt label gt System Checkup lt label gt lt checkPermission gt false lt checkPermission gt lt tag id MailCheckup gt lt type gt internal lt type gt lt label gt SMTP Checkup lt label gt lt data gt com eurekify web checkup CheckupPage lt data gt lt checkPermission gt true lt checkPermission gt lt tag gt lt tag gt lt tag gt lt portal gt Sample Portal Structure XML Appendix C Portal Structure XML 425 Appendix D Eurekify Sage Configuration Data Formats Eurekify Sage uses three separate but related files in text based comma separated format to represent a configuration These files are m Users database file Resources database file Configuration file The users and resources database files contain the basic features of users and resources The configuration file contains the dynamic parts of a configuration that is the roles and relationships connections This section contains the following topics Users Database File see page 427 Resource Database File See page 428 Configuration File see page 428 Users Database File Each u
181. ake place following a review process Note When you click Get Resources in the Users section a list of resources that are not linked to the currently selected user s appears in the Other Resources table In addition to managing the resources currently linked to the members of your team you can also request that the system provide a list of recommended resources for your selected users This list of resources will be displayed in the section Other Resources Other Resources 44412345678 gt Res Name 1 Res Name 2 Res Name 3 UGMTSYS RACFTEST RACF22 UGSYS TSSCREDIT TSs50 TESTDEV RACFTEST RACF22 UGMPOPR RACFPROD RACF22 UGMPMINI RACFPROD RACF22 UGSAPPUR SAPPROD SAPR3 secmor UNXMARKT Solaris26 UGADGEN2 Administration ROOT NOVELADM Novell4 TESTDEV RACFPROD RACF22 UGMPDB2 RACFPROD RACF22 Customize Records per page 19 Find Resources Test Compliance Suggest Resources Chapter 11 Running Self Service Tasks 233 Manage My Team s Resources 234 Portal User Guide The Other Resources section provides the following options Add A column of check boxes one per role Select one or more to link the selected users to additional resources Res Name 1 Click any highlighted resource name listed in this column to open its Resource Card Customize Allows you to determine the columns that will appear in the Other Resources table Records per page Select t
182. al summary of possible violations of Business Policy Rules BPRs Typically several audit cards affiliated with the same configuration file are selected for display on the dashboard Use these graphs to compare the impact of different BPR rulesets and to identify business policies that generate significant violations in the role configuration To populate the dashboard scroll to the bottom of the page select an audit card from the CA Eurekify Role amp Compliance Manager database and click Add to include the audit card s BPR alerts in the dashboard s graphs Note The compliance dashboard accepts only audit cards that contain alerts related to Business Policy Rules BPRs Only BPR related alerts are graphed pattern based alerts in the audit card are ignored Chapter 10 How to Use Dashboards 195 Chapter 11 Running Self Service Tasks The Eurekify Portal s Self Service feature provides local managers with the ability to do their own provisioning and or provision their team members on the fly by adding or removing links between themselves their team members and the corporation s roles and resources The Self Service tasks include the ability to create new roles or update existing one only available to managers with appropriate permissions Each task involves the functionality of one or more screens which will be documented in this chapter In Adding Campaigns we stated that managers do not update entity links during campaign
183. am Sharon Johnson Moos Steve Rojer Dave Steiven Pat Finance System Management Fifth Ave Branch Human Resources Fifth Ave Branch Human Resources Stamford Branch System Management Corporate Corporate Branches Corporate Branches Corporate Branches Corporate 98383770 company com 86544420 company com 91238730 company com 84847310 company com 89123470 company com 87623450 company com 88490390 company com 45489940 company com ODENIN Ann 8 internet Accountant Developer Branch Officer Clerk Psychologist Branch Officer Clerk HR Officer Branch Officer Clerk Security Admin Manager 286 Portal User Guide Add New Role Ticket Tree The Choose Accountable for New Role screen is divided into two sections The filter Located in the window s header The filter lets you narrow down the list of proposed approvers The proposed users This table presents a pre filtered list of users who can become Approvers This list can be filtered to aid in finding a specific user After selecting a user as the role s Approver the Continue button is enabled The new role manager is listed under the More Details section of the Select Accountable Task ticket onfiguration Name Model2_ConfigWithRoles Role Accountable DOMAIN Cooper Amos Corporate Security Rule Organization2 Organization Type Owner Description Organization3 Organization IT Security null null Enterprise IT Securi
184. ame Description Type Organization Rule Owner Add Basic role for all users that 3 3 100 BASIC ROLE have access to IT Org Role Enterprise No Rule 82922230 Database Organization Database Administrators Administrators 2 3 66 Title DB Developer Characteristic Role 50 Org Role Title DB Developer Title DB Developer 77371120 i Organization Database Characteristic Role 100 0 3 3 100 Admin rs Min 40 Org Role 99883135 In the case of multiple user selection you can m Select the Remove check box next to a role thereby severing the link between the users and the selected role m Select the Add check box next to a role to which only some of the selected users were enrolled thereby linking all the chosen users to the selected role The Currently Enrolled Roles table provides the following options Add A column of check boxes one per role Select one or more The check boxes next to roles that are already linked to all selected users will be disabled Remove A column of check boxes one per role Check one or more to remove the link between the selected users and the selected roles Enrollment This column appears only when selecting multiple users Numerically displays of users enrolled total of users selected for example 2 3 means that two of the three selected users are enrolled to this role This column also provides the value as a percentage for example
185. ampaign Ticket Data Campaign Ticket Data In the Ticket Queue select a campaign ticket The campaign s Ticket Properties Form opens in a separate browser window Owner Eurekify Admin AD1 Previous Owner In Progress 01 01 2009 00 00 00 Priority Severity Medium Open Modified Date 16 12 2008 22 59 01 Date Created 16 12 2008 18 37 42 User Certify Dec 2008 User Certification User Certification Campaign for the end of 2008 Universe Portal Campaign Type USER Auto Generate Permissions true Configuration Model2_ConfigWithRoles Link Filter Direct Dual Audit Card Entity Filter No Filter Attachments X Google omments Received Owner Note X 16 12 2008 22 58 41 Eurekify Admin The Approvers have not begun The window presents the Campaign Ticket Data in four sections Ticket data In this section you can find the basic ticket data Functions Provides the general campaign ticket functionality General Provides general data concerning the campaign Advanced Lists the attachment and comments More information Ticket Data Campaign see page 108 General Data Campaign see page 110 Advanced Campaign see page 111 Chapter 7 Running Campaign owner Tickets 107 Campaign Ticket Data Ticket Data Campaign The Ticket Data section consists of the fields located at the top of the campaign s Ticket Properties Form status n Prooress Open Eu
186. anage My Roles Screen This section allows you to manage the current resources enrollment for your selected users The options available to you depend on how many users you have selected for the current action In the case of single user selection click Get Resources and you will receive the list of resources linked to your chosen user Currently Enrolled Resources Remove Res Name 1 Res Name 2 Res Name 3 Description ManagerID Owner Location o PUBLIC RACFPROD RACF22 RACFPROD RACF22 Production RACF 77292450 Irvine CA UGADGEN1 Administration ROOT NOVELADM Novel4 NOVELADM Novel Active Directory Admin1 67283470 Portland OR UGADMGR Administration ROOT NOVELADM Novell4 NOVELADM Novel4 Active Directory Manager 67283470 Portland OR UGHR RACFPROD RACF22 RACFPROD RACF22 Production RACF 77292450 Irvine CA e mail outlook WinNT outlook WinNT MS email 91236370 San Mateo CA office2003 2003 WinNT 2003 WinNT MS office2003 91236370 San Mateo CA public UNXMARKT Solaris26 UNXMARKT Solaris26 Marketing Sun Server 89123140 San Mateo CA 230 Portal User Guide Manage My Team s Resources In this case the only option available to you in this section is to click the Remove check box next to a resource thereby severing the link between the user and the selected resource If you choose more than one user the Currently Enrolled Resources table will present an additional column Enrollment Currently Enrolled Resources
187. anagement Corporate 47868650 company com Developer C Rodney Sergio Corporate 75676560 company com DB Developer Rolen Dave Finance Corporate 98383770 company com Accountant Fred John System Management Corporate 86544420 company com Developer Deer Alex Fifth Ave Branch Branches 91238730 company com Branch Officer Clerk Goid Wiliam Human Resources Corporate 84847310 company com Psychologist Petel Fifth Ave Branch Branches 89123470 company com Branch Officer Clerk Moos Steve Human Resources Corporate 87623450 company com HR Officer Rojer Dave Stamford Branch Branches 88490390 company com Branch Officer Clerk m e Steiven Pat System Management Corporate 45489940 company com LE internet R 100 178 Portal User Guide Approval Process Approver Tickets The Find Consult Users screen is divided into two sections The filter Located in the window s header The filter lets you narrow down the list of proposed approvers The proposed users This table presents a pre filtered list of users who can receive the request to provide a consultation This list can be filtered to aid in finding a specific user You can select more than one user to consult with After selecting the first user to consult with the Consult button toggles to become the Consult More button The View Consult Results is added to the ticket s Advanced functions Ticket Properties Form Windows Internet Explorer DER L http localh
188. ant Privileges to Certify check boxes Direct Dual Indirect Clear the check boxes you want to disable Optional Select the Only use links from audit card check box 11 Optional Select the Only use links not in audit card check box Note Be sure to select either Only user links from audit card check box or the Only use links not in audit card check box You can select to ignore both options but you cannot enable both Recommended Select the Automatically provision campaign permissions check box Optional Select the Don t wait for ticket processing check box Click Create the Campaign Chapter 15 Using Administration Functions 331 Adding Campaigns The campaign has been created and a ticket will be generated If the Don t wait for ticket processing option has been disabled you will see a percentage progress bar on screen and when the campaign ticket is ready the Campaign Settings Completed screen opens Campaign setting completed To start the campaign go toTicket Queue Campaign Name Role Review Campaign Type RoleCertification Universe Portal Configuration Model2_ConfigWithRoles Audit Card Number of approvers 15 Number of Roles 30 Ticket ID 1111 This screen signals that the campaign generation has been completed and contains the following Campaign name Campaign type m Universe Configuration Audit Card Number of approvers as generated according to the RACI model Number
189. arketing_Dept Customize Filter Fifth Av Br Team Iterated Characteristic Role 44 4 Min 40 Basic role for all users that have access to IT Characteristic Role 100 0 Min 40 Characteristic Role 100 0 Min 40 Characteristic Role 100 0 Min 40 Characteristic Role 100 0 Min 40 Characteristic Role 85 7 Min 40 Characteristic Role 100 0 Min 40 Characteristic Role 100 0 Min 40 4 4223 gt Organization Fifth Ave Branch Company Enterprise Application Development Database Administrators Fifth Ave Branch Finance Human Resources IT Security Marketing Dept Records per page Chapter 2 Using The Eurekify Portal Interface 33 User Interface Resource cards also include separate lists under discrete tabs of the following linked information in table format Roles Provides a list of roles that are linked to this resource Users Provides a list of all the users linked to this resource RACI Provides the name of the user who is held accountable for this role This is the user who will be listed as the Approver when this role is being audited or when a change has been requested for this role Domain Users NTSILV WinNT Active Directory Configurtion Model2_ConfigWithRoles_A nameS Domain Users NTSILV WinNT Description Active Directory ManagerID Owner 91236370 Oo Houson TX Name Organization Organization Type DOMAIN Flag Lee A Flag Lee IT Security
190. as the first two To filter a data table 1 Click Filter A Filter lt Entity gt screen opens in a separate browser window Filter Roles Where Any Field VAH G Any Value And Any Field v Is Any Value X And Any Field v Includes 2 Select the fields and their values from the drop down lists Enter text in the Includes box if necessary Note The Autocomplete feature is active for the lt Field Dependent Content gt drop down list You can also start typing a value and the list will automatically scroll down to it 3 Click OK The current table will now be filtered according to the selections you made Chapter 2 Using The Eurekify Portal Interface 25 User Interface Entity Card and Data Table Tabs Rule Description Reviewer The Eurekify Portal presents data in a very concise and easy to use manner To facilitate this the information is sometimes broken up into several parallel tables and each table is located under a separate tab For example the Entity Browser shows the search results in three tables Users Roles and Resources and each one is located under a separate tab The active tab s label is bold while the other tabs are gray Entity Browser Universe Portal N Configuration Model2_ConfigwithRo i Users Roles Resources Showing 1 to 10 of 69 Person ID 4 Name 45489940 Steiven Pat 47868650 Moris Bill Tabs can also be found in Entity Cards Clic
191. at are unique to the various tickets will be described in the relevant sections Approval Root campaign owner Delete Link Entity1 Entity2 campaign owner m Delete Link Entity1 Entity2 Approver ticket Escalate This function lets you transfer the selected ticket to a more senior manager Once you have transferred the selected ticket to the new ticket owner the original ticket is archived and will no longer appear in your list of active tickets Only the current ticket owner can escalate a ticket When a ticket is escalated a new ticket is generated with the new owner listed in the Owner field and the manager who escalated the ticket s is listed in the Previous Owner field Ticket Properties Form Windows Internet Explorer L http localhost 8080 eurekiFy tms ui wicket bookmarkablePage com eurekify tms web template DefaultTicketPagesticketId 1824 1824 Owner Herman Barbara Previous Owner Rami Sas Eurekify Rai Status Pending Action 19 01 2009 22 47 43 Priority Low EI Minimal lt State open Modified Date 19 01 2009 23 25 29 Date Created 19 01 2009 23 11 22 Title User Approval Request to delete role Organization Database Administrators Characteristic Role 100 0 Min 40 from user Rodney Sergio 75676560 Description User Approval Request to delete role Organization Database Administrators Characteristic Role 100 0 Min 40 from user Rodney Sergio 75676560 Request was
192. ated role resource managers are informed Enterprise Role and Compliance Manager eure ify Home Ticket Queue Dashboards Self Service Entity Browser Reports Administration Logout DOMAIN Angel Ben State Status Children Type Received Owner Previous Owner Delete Pending Link 29 01 2009 Action User 09 15 10 Role Request to delete role Organization System 1979 Management Characteristic Role 100 0 Min 40 New from Angel Ben DOMAIN Angel Ben More information Approval Process Info Tickets See page 188 184 Portal User Guide Approval Process Approver Tickets Approver Tickets Advanced Functions The Approver ticket provides the following Advanced functionality Add Comment Manually add a comment to the ticket Add Attachment Add an attachment or URL to the ticket View Transaction Log The transaction log provides a history of the ticket related actions executed since the creation of the ticket View Parent Opens the current ticket s parent s ticket View Initiators View of list of the users who launched this ticket View Violations This is disabled for Approval Process tickets View Entity Opens the entity s card Two buttons are provided one for each side of the link under review View Consult Results This button appears only when the Consult service has been activated More information Add Comment see page 87 Add Attachment see page 89 View Transaction Log see page 90 Vi
193. ation User Certification User Certification User Certification User Certification User Certification User Certification Katz Nancy First User Audit Goodman Bruce First User Audit Allen Sherman First User Audit Purple Mary First User Audit Katz Nancy First User Audit Cooper Amos First User Audit Herman Barbara First User Audit Levi Jay First User Audit Entity Browser State New Hidden Hidden Hidden Hidden Hidden Hidden Hidden Hidden Status Pending Action Pending Action Pending Action Pending Action Pending Action Pending Action Pending Action Pending Action Pending Reports Administration Type Received 12 01 2009 Campaign 10 36 45 Campaign Manager ratr Approver Campaign Manager poate Approver 7 Campaign Manager 42 01 2009 Approver Campaign Manager 12 01 2009 Approver Campaign Manager 12 01 2009 Approver 7 Campaign Manager oe Approver Campaign 15 91 2009 Manager n a Approver 10 36 48 Campaign Manager 22 01 2009 Owner Katz Nancy DOMAIN Katz Nancy Katz Nancy DOMAIN Katz Nancy Goodman Bruce DOMAIN Goodman Bruce Allen Sherman DOMAIN Ilan Sharoni Purple Mary DOMAIN Purple Mary Katz Nancy DOMAIN Katz Nancy Cooper Amos DOMAIN Cooper Amos Herman Barbara DOMAIN Herman Barbara Levi Jay DOMA A campaign owne
194. ation Model2_ConfigWithRoles Link Filter Direct Dual Audit Card Entity Filter No Filter Attachments omments Owner Note X 21 12 2008 12 29 06 Eurekify Admin AD1 EAdmin Delegated to Cooper Amos Campaign Management Start Carnpaign Stop Campaign Restart Campaign Start Approval Proc View Campaign Progress Done Chapter 6 Tickets and the Ticket QUeue 85 The Ticket Properties Form Most non info type tickets have the following functionality Add Comments Click to add a comment to the ticket Add Attachments Click to add an attachment to the ticket View Transaction Log Click to view the ticket s transaction log Additional functions such as the option to view the ticket initiators view violations or view the relevant user depend on the ticket type Ticket Properties Form Windows Internet Explorer http localhost 8080 eurekify tms ui wicket bookmarkablePage com eurekify tms web template DefaultTicketPage ticketId 1189 Cooper Amos Domaj Previous Owner Status Pending Acton lt 219 Low v Severity Minimal m State Open v Modified Date 05 01 2009 14 05 15 Date Created 29 12 2008 13 47 2 Title User Approval Request to delete resource TESTDEV RACFTEST RACF22 Test RACF from user Keren Cindy 77292450 Description user Approval Request to delete resource TESTDEV RACFTEST RACF22 Test RACF from user Keren Cindy 77292450 Request was submitted on Universe Portal from U
195. available are no longer accessible If the user needs those resources to perform his her tasks they can ask their team manager to reassign the relevant roles or resources Running a Campaign A Case Study More information Approval Process Tickets see page 151 Running Self Service Tasks see page 197 Chapter 4 Showcasing the Eurekify Portal 61 Chapter 5 Presenting the Home Page The Eurekify Portal s home page displays your currently active tickets and provides easy access to your most frequently used reports and business processes Enterprise Role and Compliance Manager cU Home Ticket Queue Dashboards Self Service Entity Browser Reports Administration Logout AD1 EAdmin ID Title State Status Children Type Received Owner Previous Owner Eurekify 21 12 2008 12 51 21 Admin AD1 EAdmin Pending 835 Gi user Review User Certification Open Action 9 Campaign Audit Basic Alerts Manage My Team s Role Assignments Role Modeling Methodologies Comparison Manage My Team s Resources Assignments Policy Verification Report Certification Progress Report This section contains the following topics The Tickets Pane see page 64 The Reports Bar see page 65 The Business Processes Bar see page 67 Chapter 5 Presenting the Home Page 63 The Tickets Pane The Tickets Pane This panel provides you with a table containing a list of your tickets The tickets displayed in this pane are campaign
196. be assigned as approvers Users can become approvers for other users only if the Approver s name appears in the manager column of the Universe s Model configuration files for the specific user Users can become approvers for Roles and or Resources only if they are listed in the configuration s RACI presentation under Accountable that is a specific user becomes accountable for a specific entity Therefore if you are listed as an entity manager you will receive Approver tickets when an administrator runs a campaign targeting your entity Chapter 8 Campaign Approver Tickets 131 Campaign Approver Tickets As an approver your job is to review the links between the entity you are managing and the corresponding entity types The information appears in the CMA ticket as trees of links where the campaign s entity type and the linked entities are presented in a nested arrangement This means that if you are a role manager and you received a CMA ticket as part of a Role campaign you will see lists of roles that can be expanded to show the nested entity links with Users Resources Child Roles and Parent Roles Campaign Manager Approver Ticket Id 1122 Owner Keren Cindy DOMAIN Previous Owner Pending Action Y Due Date 15 01 2009 00 00 00 Priority Normal lt Severity Medium lt Hidden v Modified Date 25 12 2008 19 24 13 Date Created 25 12 2008 19 24 13 Title Role Certification Keren Cindy Role Review Description Role Ce
197. bel gt Connector Settings lt label gt lt data gt com eurekify web settings ConnectorsSettingsPage lt data gt lt checkPermission gt true lt checkPermission gt lt tag gt lt tag id UniversesSettings gt lt type gt internal lt type gt lt label gt Universe Settings lt label gt lt data gt com eurekify web settings UniversesSettingsPage lt data gt lt checkPermission gt true lt checkPermission gt lt tag gt lt tag id PropertiesSettings gt lt type gt internal lt type gt lt label gt Properties Settings lt label gt lt data gt com eurekify web properties PropertiesPage lt data gt lt checkPermission gt true lt checkPermission gt lt tag gt lt tag id CommonPropertiesSettings gt lt type gt internal lt type gt lt label gt Common Properties Settings lt label gt lt data gt com eurekify web properties CommonPropertiesPage lt data gt 424 Portal User Guide lt checkPermission gt true lt checkPermission gt lt tag gt lt tag id AuditPropertiesSettings gt lt type gt internal lt type gt lt label gt Audit Properties Settings lt label gt lt data gt com eurekify web properties AuditPropertiesPage lt data gt lt checkPermission gt true lt checkPermission gt lt tag gt lt tag gt lt tag id SageMaster gt lt type gt internal lt type gt lt label gt Eurekify Configuration Settings lt label gt lt checkPermission gt false lt checkPermission gt lt tag id UpdateS
198. calated approval task s This list can be filtered to aid in finding a specific user The names listed in the proposed users list are governed by several default property filters of the type tms escalate filter Chapter 6 Tickets and the Ticket Queue 97 Info tickets To escalate a ticket 1 Click Escalate in the ticket s Ticket Properties Form The Find Escalate Users screen opens 2 Select a name from the list You can use the filter option to reduce the number of records listed in the table 3 Click OK The Executing bar appears The original ticket is archived and its status is set to Escalated A new ticket is generated The ticket appears in the target user s Ticket Queue More information Add Comment see page 87 Filtering a Data Table see page 24 Eurekify Properties see page 409 Advanced Info Ticket Functionality Info tickets have standard advanced functionality Ticket Properties Form Windows Internet Explorer A http localhost 8080 eurekify tms ui wicket bookmarkablePage com eurekify tms web template Default TicketPage amp ticketId 1982 1982 Angel Ben DOMAIN Previous Owner Status pending Action Low Y Severity Minimal x State Open x 15 02 2009 16 09 10 Date Created 30 01 2009 11 36 42 Request to add role Organization Operations Characteristic Role 100 0 Min 40 to user Organization Operations Characteristic Role The
199. campaign will be able to view their Approver tickets and the approval process will not begin Starting the campaign creates the following changes Field Before Start Campaign State Campaign owner New Open Open ticket Status Campaign owner Pending Action In Progress ticket Approver tickets Hidden from Visible to approvers approvers Click Start Campaign in the campaign s Ticket Properties Form to get the campaign going All the campaign s Approvers will receive notice of the new campaign in the email designated by the Eurekify master configuration Campaign Management Functions Stop Campaign You as the campaign owner can wait for all the approvers to complete their review or you can manually stop the campaign A campaign that was manually stopped can later be restarted Ticket Properties Form Windows Internet Explorer 7 http localhost 8080 eurekify tms ui wicket bookmarkablePage com eurekify tms web template DefaultTicketPagetticketId 835 Campaign Ticket Id 835 Owner Eurekify Admin AD1 Previous Owner 15 01 2009 00 00 00 Priority Normal Severity Medium lt 21 12 2008 13 00 50 Date Created 21 12 2008 12 51 21 User Review User Certification Status pending Action v State Due Date Modified Date Open 9 End of year user audit Universe Portal Campaign Type USER Configuration Model2_ConfigWithRoles Link Filter Direct Dual
200. can find here the name of the campaign owner When a ticket has been delegated or escalated you can view the list of users who received ownership of the ticket http localhost 8080 eurekify tms ui wicket bookmarkablePage popuppagemap com eurekif E E le http localhost 8080 eurekify tms ui wicket bookmarkablePage popuppagemap com eurekify tms web common ViewParentsPage amp T Y iew Initiators UserName Organization OrganizationType Email Location Title Tailor Janet Operations Corporate 93773730 company com Operator Cooper Amos IT Security Corporate 54672910 company com IT Manager Cooper Amos IT Security Corporate 54672910 company com IT Manager Close F Internet The information provided by the View Initiators table is based on the campaign s configuration files 162 Portal User Guide Advanced Approval Process Ticket Functions To view the ticket s initiator list 1 Click Advanced at the bottom of the Ticket Properties Form 2 Click View Initiators The View Initiators table appears in a separate browser window 3 Click Close to close the View Initiators window View Parent Post campaign Approval Process tickets are set up as hierarchal trees The View Parent option provides you with quick access to the current ticket s parent ticket When you click View Parent in the Ticket Properties Form s Advanced functions section the parent ticket opens in a separate browser window For the Approval Proces
201. ce Corporate 84847310 Goid Wiliam Human Resources Corporate 86544420 Fred John System Management Corporate 75676560 Rodney Sergio Database Administrators Corporate 75464420 Cohen Steve System Management Corporate 86023090 Sterling Kent Human Resources Corporate 88311130 Goodman Bruce Marketing_Dept Corporate 67565330 Schwarts Barry Human Resources Corporate 99883110 Bean Frank Purchasing Corporate 89213720 Orr Taylor IT Security Corporate Customize Records per page 10 228 Portal User Guide Manage My Team s Resources The Users table displays a list of the users in the selected Universe s configuration files The members of your team are marked with a green dot next to their Name The Users table provides the following options Add A column of check boxes one per user Select one or more When you select multiple users all the changes you make will be implemented for all selected users Person ID Click any highlighted ID listed in this column to open the associated User s Card Get Resources Provides a table of Currently Enrolled Resources for the selected users Customize Allows you to determine the columns that will appear in the Users table Records per page Select the number of records that will appear in the Users table Find Users Opens the Select User filter screen to assist you in finding specific users Once you have selected the use
202. ces within the universe s configuration Currently Enrolled Resources Res Name 1 Res Name 2 Res Name 3 Description ManagerID Owner Location 240 Portal User Guide UGSAVESYS NTSAVE WinNT NTSAVE WinNT Fifth Av br System Admin 91236370 Houson TX UGADMGR Administration ROOT NOVELADM Novel4 NOVELADM Novell4 Active Directory Manager 67283470 Portland OR UGMPOPR RACFPROD RACF22 RACFPROD RACF22 Production RACF 77292450 Irvine CA UGMTOPR RACFTEST RACF22 RACFTEST RACF22 Test RACF 77292450 Irvine CA UGSILVSYS NTSILV WinNT NTSILV WinNT Silicon V br System Admin 91236370 Houson TX UGSTAMSYS NTSTAM WinNT NTSTAM WinNT Stamford br System Admin 91236370 Houson TX e mail outlook WinNT outlook WinNT MS email 91236370 San Mateo CA office2003 2003 WinNT 2003 WinNT MS office2003 91236370 San Mateo CA unixoper UNXMARKT Solaris26 UNXMARKT Solaris26 Unix operator 89123140 San Mateo CA In this case the only option available to you in this section is to click the Remove check box next to a resource thereby severing the link between you and the selected resource The Currently Enrolled Resources table provides the following options Remove A column of check boxes one per user Check one or more to remove the link between the selected users and the selected resources Res Name 1 Click any highlighted resource name listed in this column to open its Resource Card Depending on the type of action yo
203. ch configuration files will be audited Chapter 15 Using Administration Functions 325 Adding Campaigns 326 Portal User Guide The campaign owner is responsible for creating the campaign and must generate or verify the existence of m The Universe in which the campaign will run The RACI permissions for this Universe The campaign analyzes the user information in the context of the links between the users roles and resources defined for the corporation A campaign can focus on the links from the various viewpoints creating User Campaigns which focus on the users and their links or Role Campaigns which focuses on the roles and their links or Resource Campaign which focuses on the corporate resources and their links Each campaign is defined for a specific viewpoint A campaign is completed either when all the approvers have approved rejected the items they manage or when the campaign owner decides to arbitrarily stop the campaign The default workflow entails first running a campaign and collating all the rejected links and only afterwards are those links actually reviewed and either they are rejected severed or they are approved in spite of the problem that caused them to be rejected during the campaign Adding Campaigns The Certification Campaign screen is divided into three sections Settings Provides the campaign s unique settings Permissions Provides the ability to override the currently allocated permissions f
204. ck Mange My Role Assignments on the Self Service menu The Manage My Roles screen appears More informatio Customizing a Data Table see page 22 Presenting the General Section Manage My Roles Screen see page 220 Presenting the Currently Enrolled Roles Table Manage My Role Screen see page 221 Presenting the Other Roles Table Manage My Role Screen see page 222 219 Chapter 11 Running Self Service Tasks Manage My Role Assignments Presenting the General Section Manage My Roles Screen Manage My Roles Business Area Universe Portal Business Process Description The General section of the Managing My Roles screen contains the following fields Universe Select the Universe you wish to work with The users table and the available roles depend on the universe Business Area General information descriptive This information will appear in the Description field of the ensuing Self Service Approval Root ticket Business Process General information descriptive This information will appear in the Description field of the ensuing Self Service Approval Root ticket Description Provide a concise and meaningful description of the changes you intend to make to your roles Submit Click to submit your request for changes To enter the data in the Manage My Roles General section 1 Select a Universe from the drop down list The Currently Enrolled Roles table and the Other R
205. cket see page 94 Escalating an Info Ticket see page 96 Job Scheduling The Job Scheduling function enables you to set up automatic and repeated import export instances As each connector is assigned to a universe the data will be imported into uploaded from the Eurekify configuration files designated by the universe An appropriate ticket is sent to the administrator s Ticket Queue when the job is completed The screen is divided into two sections Job Scheduling Enter the relevant data in the fields in this section to create a new import export event Jobs A table listing all the recorded jobs and their description Enterprise Role and Compliance Manager Home Ticket Queue Dashboards Self Service Entity Browser Reports Administration Administration gt Job Scheduler Logout AD1 EAdmin Job Name Connector Start Date HH MM Repeat Hours Add Job Choose One v 1225 2008 Blo fo 24 Ada Jobs Job Name Description JobClass Start Time Previous Execution Next Execution Delete IMEX Weekly Basic import connector ImportExportScheduledJob 2008 12 25 02 00 00 2009 01 01 02 00 00 Delete 360 Portal User Guide Job Scheduling Scheduling a New Job To schedule a new import export event job you have to provide the following information Job Name Provide a concise and meaningful name Connector Choose one from the drop down list The type of job depends on the type of connector import expo
206. ckets adding a role or updating an existing role Chapter 13 The Entity Browser menu options Chapter 14 The Administration menu options Chapter 15 Security and permissions information Chapter 16 Eurekify Portal error messages This guide also includes several appendixes a glossary and an index Audience Audience This guide is intended for Role Engineers system administrators and organizational managers who are in charge of granting and certifying entitlements Role Engineers are typically well trained professionals familiar with the target organization This manual assumes that the Role Engineer has had professional training on CA Eurekify Role amp Compliance Manager Sage client tools and is familiar with the CA Eurekify Role amp Compliance Manager documentation that accompanied the client tools installation package System administrators should be familiar with the CA Eurekify Role amp Compliance Manager software downloading and uploading of users and resources databases role discovery and audit operations This guide is also intended for general administrators and organizational managers who are in charge of various processes and therefore have to access the portal in the course of their daily activities Other users will have limited access to the Eurekify Portal s options Familiarity with the Microsoft operating system and applications and relevant peripheral and remote equipment is also assumed More informatio
207. cription A description of the ticket It includes the details of the request Request was submitted on Universe Universe name from Campaign Title For example The request to delete role Organization System Management Characteristic Role 100 0 Min 40 from user Angel Ben 67283470 was approved and completed successfully Request was submitted on Universe Portal from Link of Team to Role s Use this ticket s functionality when you wish to transfer the specific info ticket to the management or attention of another user You can use the options in the ticket s Advanced section to access additional information concerning the current ticket More information The Ticket Properties Form see page 83 Chapter 9 Approval Process Tickets 189 Approval Process Info Tickets General Approval Process Info Ticket Functions The Rejected Link Parent ticket provides the following General functionality Close Closes the info ticket Save Saves the changes made to the ticket Delegate Transfers the info ticket to another manager Escalate Transfers the info ticket to another manager Acknowledge Click after reading the information provided by the info ticket The info ticket is archived Click Acknowledge to end the process The info ticket is archived Customize gt ID Title State Status Children Type Received Owner P 1970 1971 1973 1976 1977 Approval 26 01 2009 Root 17 12 39 Request to remove user to ro
208. d when you defined the Universe as manager fields and tags them as the system s Accountables The user manager data is taken from the configuration file s user database udb While any user can be accountable for multiple entities each entity has only a single person accountable for it Note Run the RACI utility before running a campaign otherwise the system won t have users identified as entity Accountables and the Eurekify ERCM won t be able to send the Approver tickets to the correct entity managers If you didn t run RACI you will either receive an error message or all the entities will be listed with the campaign owner for approval Note Update Eurekify users database before generating RACI for the universe Once a Universe is created it is necessary to create its RACI configurations The RACI configurations control the assignments of certification attestation or approval tasks to their respective Accountable person There are four RACI configurations one for each of R A C I ERCM automatically creates the A configuration based on the Owner or Manager fields of the Universe RACI Operations To create the RACI configurations 1 On the Administration menu click Create RACI The Create RACI configurations screen opens Create RACI Configurations Choose Universe Choose One Create RACI 2 Select a Universe from the drop down 3 Click Create RACI An appropriate notice appears when the process is completed
209. dFolder c Temp tms userColumns UserName Organization Organization Type Email Location Title Sample Properties File tms page customizeFields fields overDue id title state status childrenCount typeName creationDate owner previou seOwner tms configuration xml tickettypes info Ticket errTicket consultTicket demoTicket bugTicket tms Test Ticket campaig n certificationTicket campaign campaign Ticket campaign campaignApproverTicket tms configuration xml commands approvalCommands tmsCommands tms configuration xml properties tmsProperties approvalProperties tms variables testvar1 Zodiac testvar2 Alph tms workflow url http localhost 8080 msWPAdapter xfire TMSRequestsHandler wsdl tms campaign entityLinks Table maxRowPerPage 50 tms configuration mail user DemoV4 Eurekify com tms configuration mail password hasadna8 tms configuration mail server smtp eurekify com tms configuration mail serverPort 25 Appendix B Eurekify Properties 411 Sample Properties File tms configuration mail useSSL false tms configuration mail from TMS eurekify com tms configuration mail interval 100 tms configuration mail events create Ticket SAGE ApproverTicket create Ticket SAGE Info Ticket create Ticket SA GE EnrTicket onDelegate onCampaignReassign onCampaignNotification tms filter variable delimiter tms filter variable customDelimiter workpoint auditApprovalRootProcess reference AARP workpoint changeRoleResource reference ARRE
210. ddress the credit card number is invalid input is not a valid url inputO from labelO and input1 from label1 must be equal labelO and label1 must be equal user has 0 roles user has 0 resources role has 0 users role has 0 children role has 0 resources resource has 0 users resource has 0 roles please select at least one option for byfield field please select a configuration Field campaignname required errcode byfield required errcode auditcard required errcode sort required errcode campaignfilteroption required errcode campaign sendreminder error errcode campaign text campagin errors found errcode campaign error nouniversesavilable errcode campaign error missingcampaigndescription err code campaign error missingenddate errcode campaign error duedatemustbeinthefuture errc ode campaign error configurationmustbeselected err code campaign error racinotavailablefor errcode campaign error campaignalreadyexists errcode campaign error noaccess errcode settings strings ie errors missingname errcode settings strings ie errors missingdescription err code settings strings ie errors namealreadyexist errc ode settings strings ie errors missinguniverse errco de settings strings ie errors missingsettings errcod e settings strings ie errors missingmapping errco de Code arp003 arp004 arp005 arp006 arp007 cmp001 cmp002 cmp003 cmp004 cmp
211. default delegate property tms escalate filter Used for filtering the escalate option user list Comprises three options Descriptio Default escalate filter n Property tms escalate filter Example tms escalate filter GFilter Organization owner Organization Descriptio Ticket type filter n Property tms escalate filter TicketType SAGE ChangeApprovalParentTicket Example tms escalate filter TicketType SAGE ChangeApprovalParentTicket GFilter Organizat ion cookingdept Descriptio Ticket name filter n Property tms escalate filter LinkUser Role Example tms escalate filter LinkUser Role GFilter Email ssimhi eurekify com Appendix B Eurekify Properties 415 tms campaign campaign type reassign filter tms campaign campaign type reassign filter Used for filtering the reassign option user list Comprises three options Descriptio _Reassign filter n Property tms campaign campaign type reassign filter Example tms campaign userCertification reassign filter GFilter Organization owner Organization tms campaign roleCertification reassign filter GFilter Organization owner Organization tms campaign resourceCertification reassign filter GFilter Organization owner Organization 416 Portal User Guide Appendix C Portal Structure XML This section contains the following topics Sample Portal Structure XML see page 418 Appendix C Portal Structure KML 417 Sample Portal Structure XML Sa
212. direct link Indirect Links can be reviewed but they cannot be audited A campaign can list them for general knowledge but an Approver cannot approve or reject such a link Dual links Are cases where there is both a direct link for example between a resource and a user but there is also an indirect link going through a role During a campaign only the Direct link is audited The Indirect link is listed for general knowledge Chapter 15 Using Administration Functions 333 Adding Campaigns Introducing Audit Cards Audit Card SQL localhost sqlexpress sdb Model2_ConfigWithRoles cfg Read Only Audit1 aud Configuration SQL localhost sqlexpr DE Base Configuration Suspected Suspected Suspected Suspected Suspected Suspected Suspected Suspected Suspected Suspected Suspected Suspected CA Eurekify Role amp Compliance Manager provides a mechanism to identify and list suspicious users roles and resources in six categories m Suspect entities m Suspect connections Similar roles and role hierarchy Similar resources In out of pattern entities m Entities with many few connections An Audit Card file can be generated via the CA Eurekify Role amp Compliance Manager DNA client tool For further information see the section on Audit Card Generation and Management in the CA Eurekify Role amp Compliance Manager Sage DNA User Guide SQL sa localhost sqlexpress sdb Model2_ConfigwithRoles cfg Tu
213. dit 2009 User Certification Katz Nancy First User Audit 2009 Save and Reassign Hide Selected Approver Progess L 0 40 0 LNR T PersonID UserName Organization Yoham Anne 93872110 Yoham Anne Silicon Valley Branch a 81 Katz Nancy 97373330 Katz Nancy Silicon Valley Branch Ey Roles 3 Sf X D gt Name Relationtype Description Type Organization Rule Owner History Commen Organization Silicon Characteristic Role Valey Branch Siicon Valey Organtzation Siicon z D D Characteristic Role Orak CBOO n ORO grana Valey Branch 93872110 Hstoy Ef 100 0 Min 40 Jie randi Mariager Characteristic Role Ttie Branch Title Branch g E E E Character Role Pr Org Role Manager ue 67762440 History BASIC ROLE Basic role Basic role for all D D forall users that have users that have Org Role Enterprise No Rule 82922230 History Eg access to IT access to IT El Resources 8 v X Namel Name2 Name3 Violations Relationtype Description Managerid owner Location History UGSILVMGR NTSILV WinNT R Silicon V br D OO icon v br Manager NTSILV WinNT Direct inca 91236370 Houson TX History g UGSILVGEN NTSILV WinNT S stenn V br br _ B D D wa vbr br User General NTSILY WNT Direct eer General 91236370 Houson TX History B internet Chapter 4 Showcasing the Eurekify Portal 59 Running a Campaign A Case Study Following the instructions found in Campaign Approver
214. dow The following table presents the icons used in the Ticket pane and their description Icon Description New ticket folder Ticket folder This is a task ticket that has children tickets The ticket tree headed by this folder could have been generated when this ticket was first generated or later in the process F New info ticket l D Info ticket 64 Portal User Guide The Reports Bar Icon Description New task ticket Task This icon appears next to every ticket that refers to an action Overdue ticket Appears when a ticket refers to a process that includes errors Click to expand the ticket tree a s Y Click to collapse the ticket tree More information Tickets and the Ticket Queue see page 69 Running Campaign owner Tickets see page 101 Campaign Approver Tickets see page 131 The Reports Bar The Reports navigation bar lets you easily navigate to your most popular reports Click to add links to your favorite reports Enterprise Role and Compliance Manager eureXify Home Ticket Queue Dashboards Self Service Entity Browser Reports Administration Logout AD1 EAdmin State Status Children Type Received Owner Eurekify 835 E User Review User Certification Open Pending 9 Campaign 21 12 2008 Admin AD1 Action 12 51 21 EAdmin My Reports My Business Processes Audit Basic Alerts Manage My Team s Role Assignments Role Modeling Methodologies Comparison Manage My Team s Resources Assignment
215. dy oe DOMAIN Keren Cindy 13 47 21 Entity managers are assigned as approvers to an Approval Process based on the link type For example for a Delete Link User Role process the user s manager and the role s manager will be assigned as approvers Users can become approvers for other users only if the Approver s name appears in the manager column of the Universe s Model configuration files for the specific user Users can become approvers for Roles and or Resources only if they are listed in the configuration s RACI representation under Accountable that is a specific user becomes accountable for a specific entity Therefore if you are listed as an entity manager you will receive Approver tickets when an administrator runs an Approval Process involving your assigned entity The campaign owner has overall control of the approval process They can transfer responsibility of the process to another manager or cancel the process when necessary This can be done for the complete ticket tree or for a single sub tree General Approval Process Ticket Functions As an approver you are tasked with making the decision whether to approve the rejection or not To aid you in the decision making process you have the ability to consult with other managers Important As several complex procedures are documented in this chapter it is important to remember that every ticket has a unique ticket ID number that can be used to track the ticket and to diffe
216. e 98383770 Rolen Dave Finance Corporate H Oo 1 2 Yoham Anne 93872110 YohamAnne Silicon Valley Branch Branches a Fidelity Bob 84848110 Fidelity Bob Operations Corporate H a Ester Roger 95477810 Ester Roger Operations Corporate Anael Ben 67283470 Angel Ben System Management Corporate SS 4 Helmuth Howard 83838380 Helmuth Howard Marketing_Dept Corporate E In the example in Figure 129 we see that the user Yoham Anne has two links that have to be reviewed and only one has been examined That is why Anne s row is still visible in the main entity table after clicking Hide Selected When the Hide Selected option is active the function menu bar changes and replaces the Hide Selected button with a Show All button Advanced CMaA Ticket Functions The Campaign Manager Approver ticket provides the following advanced functions at the bottom of the CMA s Ticket Properties From More information Add Comment see page 87 Add Attachment see page 89 View Transaction Log see page 90 View Initiators see page 150 Chapter 8 Campaign Approver Tickets 149 Advanced CMA Ticket Functions View Initiators The View Initiators button opens the View Initiators list in a separate browser window This list in table format provides the list of users that generated this Campaign Manager Approver ticket Usually you can find here the name of the campaign owner When a campaign has been delegated or e
217. e Delete Link __ 21 01 2009 Fag tee Cooper Amos DOMAIN Cooper Amos Request to delete role RACF Developers Characteristic bag Role 100 0 Min 60 from user Keren Ci 1871 resource certification Approval Root Request New In Progress Cooper Amos Request to remove user to resource association 1872 a resource TESTDEV RACFTEST RACF22 Test Archived Completed RACF user to removi to re g g Request to remove user to resource association resource e mail outlook WinNT MS email user Ker In Progress Request to remove user to resource association E resource office2003 2003 WinNT MS Archived Delegated office2003 use Request to remove user to resource association S Gresource office2003 2003 WinNT MS In Progress office2003 use rm Resource Approval Request to delete resource 158 Portal User Guide General Approval Process Ticket Functions If the ticket that you chose to transfer is a parent ticket having other tickets located below it in the specific Approval Process ticket tree then the complete sub tree will now be listed in the new ticket owner s Ticket Queue Status Children Type Received Owner Previous Owner Request to remove user to resource association Delete 21 01 2009 Cooper Amos resource office2003 2003 WinNT MS In Progress Link Tailor Janet DOMAIN Cooper Amos office2003 use User 18 37 01 Resource User Appr
218. e Schwarts Barry Human Resources Corporate Bean Frank Purchasing Corporate Orr Taylor TT Security Corporate Records per page 10 Get Resources Currently Enrolled Resources fe Records Found Other Resources No Records Found Customize 226 Portal User Guide Copyright C 2008 Eurekify All Rights Reserved Build 08 11 26 01 Manage My Team s Resources The screen is divided into four sections General Provides descriptive information concerning the current action Users Your team members Select one or more users for the current action Currently Enrolled Roles The current resources linked to the selected users Other Roles Recommended resources for the selected users The Users and Other Resources sections present customizable tables As the MMT Resources screen allows many options and great flexibility the task s procedures will be broken up by section The fields in the General section m The Users table options and functionality The Currently Enrolled Resources table options and functionality m The Other Resources table options and functionality To manage my team s resource assignments click Mange My Team s Resource Assignments on the Self Service menu The Manage My Team s Resources screen opens More information Customizing a Data Table see page 22 Presenting the General Section MMT Resources Screen see page 227 Presenting the Users Table MMT Resources Screen see page 228 Presenting
219. e gt Manage My Team s Role Assignments Logout AD1 EAdmin Universe Demo1 i m g S g S d 4172394567 E Hame Organization Organization Type 87368000 Toper Jim Stamford Branch Branches 75675330 Davis Brett Database Administrators Corporate 94738470 German Tom Fifth Ave Branch Branches 58723810 Eyal Yavetz Purchasing Corporate 82653450 Hill Gary Fifth Ave Branch Branches 64646410 Ron Marom Operations Corporate 84848110 Fidelity Bob Operations Corporate 89653230 Doll Charles Database Administrators Corporate 94362210 poster Jillian Application Development Corporate 97373330 Katz Nancy Silicon Valley Branch Branches Customize Records per page 10 Currently Enrolled Roles e Records Found Test Compliance Suggest Roles Add C o o o E Oo m Oo Oo o a Copyright C 2008 Eurekify All Rights Reserved Build 08 11 26 01 The Users and Other Roles sections present customizable tables As the MMT Role screen allows many options and great flexibility the task s procedures will be broken up by section m The fields in the General section m The Users table options and functionality m The Currently Enrolled Roles table options and functionality The Other Roles table options and functionality To manage my team s role assignments click Mange My Team s Role Assignments on the Self Service menu The Manage My Team s Roles screen opens 208 Portal User Guide Mana
220. e native security systems on the most common operating systems for example UNIX or SAP Specialty security systems for example RACF This refers to security dedicated software systems located on various platforms Identity management systems for example CA Identity Manager This refers to human resource software systems located on various platforms The Eurekify Portal provides you with the option to define these converters as Import Connectors or Export Connectors for the specific corporate environment The converters are conveniently located in the Import and Export menus of the CA Eurekify Role amp Compliance Manager Sage DNA Data Management application For further information on importing exporting and converters see the CA Eurekify Role amp Compliance Manager Sage Data Management User Guide Note At some point you may have to access the DM in order to edit the specific converter s Settings and Mappings file For further information see the CA Eurekify Role amp Compliance ManagerSage DNA Data Management User Guide Setting Connectors At the end of an audit process the original configuration that was downloaded from the end point is compared to the new configuration The configuration variance between the original and the updated configuration resulting from the audit and the implementation of corporate policies and enforcing regulatory compliance is uploaded via Export Connectors to the endpoints This section di
221. e user 87473220 New In Progress Request to add user to role association role Fifth av u bOan Link User 2170172009 The Remove Link Link User Role parent and approver tickets are standard tickets More information Eurekify Properties see page 409 Updating Role Definitions see page 255 Running Self Service Tasks see page 197 Manage My Team s Role Assignments see page 207 Self Service Request New Role Parent Ticket see page 294 Self Service Request New Role Approver Ticket see page 297 302 Portal User Guide Update Role Ticket Tree Self Service Request Update Role Parent Ticket The Self Service Request Update Role Parent ticket is a management ticket generated by the Eurekify portal when a request made using the business process Managing My Team s Roles involves a number of users that exceeds the system threshold While the Approval Root ticket controls the lifecycle of the whole tree the Update Role Request Parent ticket controls the lifecycle of the approver ticket generated during stage 1 of the Approval Process and also all the sub trees generated during stage 2 of the Approval Process Ticket Properties Form Windows Internet Explorer http localhost 8080 eurekify tms uif wicket interface 5 Owner lEurekify Admin AD1 Previous Owner o Status In Progress v 19 01 2009 21 48 55 Priority Low Severity Minimal lt State open sl Modified Date 31
222. e Jan 06 1 Tue Jan 06 1 Tue Jan 06 1 Tue Jan 06 1 Tue Jan 06 1 Tue Jan 06 1 Tue Jan 06 1 Tue Jan 06 1 Tue Jan 06 1 Tue Jan 06 1 Tue Jan 06 1 Tue Jan 06 1 Audit Code Out of Pattern User Out of Pattern User Out of Pattern User Out of Pattern User Out of Pattern User Out of Pattern User Out of Pattern User Out of Pattern User Out of Pattern User Out of Pattern User Out of Pattern User Out of Pattern User Helmuth Howard 83838380 Toper Jim 87368000 Steven Pat 45489940 Angel Ben 67283470 Fred John 86544420 Toper Jim 87368000 German Tom 94738470 Steven Pat 45489940 Angel Ben 67283470 Fred John 86544420 Tortia Dan 98662230 Taskoni Bob 97847110 PUBLIC RACFTEST RACF22 UGSAVEGEN NTSAYVE WinNT UGSAVELAN NTSAVE WinNT UGSAVELAN NTSAVE WinNT UGSAVELAN NTSAVE WinNT UGSAVELAN NTSAYE WinNT UGSAVESYS NTSAVE WinNT UGSTAMLAN NTSTAM WinNT UGSTAMLAN NTSTAM WinNT UGSTAMLAN NTSTAM WinNT UGSTAMSY S NTSTAM WinNT UGSILVSYS NTSILV WinNT Score Descriptic x Suspected Suspected Suspected Suspected Suspected Suspected Tue Jan 06 1 Out of Pattern User Mike Pamela 87347830 Tue Jan 06 1 Out of Pattern User Cherry Jay 89753140 Tue Jan 06 1 Out of Pattern User Davis Brett 75675330 Tue Jan 06 1 Out of Pattern User Rodney Sergio 75676560 Tue Jan 06 1 Out of Pa
223. e Suggest Entities service to both users and resources you see data on the enrollment of the users and resources For example Enterprise Role and Compliance Manager Home Ticket Queue Find UGSYS UGFIN1 public UGMPSYS uarksys UGMTSYS TESTDEV UGMPOPR 000000000400 Customize Res Name 1 Dashboards Self Service UGADMGR Administration ROOT UGMPMINI To see which users are using the selected resources click here Person ID 45489940 86544420 67283470 98383770 84847310 88311130 67565330 83838380 93773730 58723810 OOOOOG000 880 Customize To see which resources are used by the selected users click here Steiven Pat Fred John Angel Ben Rolen Dave Goid Wiliam Goodman Bruce Schwarts Barry Helmuth Howard Tailor Janet Miles Buyer Entity Browser Res Name 2 TSSCREDIT TSSCREDIT UNXMARKT RACFPROD UNXMARKT RACFTEST RACFTEST RACFPROD NOVELADM RACFPROD the re Organization System Management System Management System Management Finance Human Resources Marketing_Dept Human Resources Marketing_Dept Operations Purchasing Reports Administration TS550 TS550 Solaris26 RACF22 Solaris26 RACF22 RACF22 RACF22 Novel RACF22 sults are in the Users table Organization Type Corporate Corporate Corporate Corporate Corporate Corporate Corporate Corporate Corporate Corporate Res Name 3 Logout D 4 4123456789 Enrolled 2 2 2 2
224. e filter option to reduce the number of records listed in the table 3 Click OK The Executing bar appears The campaign is archived and its status is set to Delegated The campaign ticket appears in the target user s Ticket Queue More information Filtering a Data Table see page 24 Eurekify Properties see page 409 Escalating a Campaign This function provides you with the option to transfer the campaign management to a more senior manager Once you have selected the new campaign administrator the campaign s ticket is archived and will no longer appear in your list of active tickets When a campaign is escalated a new root ticket is generated with the new owner listed in the Owner field and the administrator who escalated the campaign is listed in the Previous Owner field Ticket Properties Form Windows Internet Explorer La http localhost 8080 eurekify tms ui wicket bookmarkablePage com eurekify tms web template DefaultTicketPagesticketId 754 Campaign Ticket Id 754 Owner Herman Barbara Previous Owner Eurekify Admin AD1 Status Pending Action Due Date 15 01 2009 00 00 00 Priority Normal lt Severity Medium State Open Modified Date 21 12 2008 12 15 56 Date Created 21 12 2008 12 15 17 Title Role Certification Role Certification Description End of year certification Universe Portal Campaign Type ROLE Auto Generate Permissions Configuration Model2_ConfigWithRoles Link F
225. e functionality of the ticket changes according to who is viewing the ticket Only the owner will have access to all the functions available for the specific ticket type During campaigns or approval processes tickets may be delegated escalated to other managers If a ticket was sent to the owner from another user that user s name not the current owner appears in this field As the Ticket Queue table can be customized the columns that appear in the Ticket Queue table may be different than those presented here More information Administrator View User View see page 82 Customizing a Data Table see page 22 The Tickets Pane see page 64 Main Screen Operations The Ticket Queue menu bar provides five functions m Search Customize m User View Admin View m Refresh Clear Filter appears only when a Search filter has been activated This section covers the following topics m Search Clear Filter m Refresh Chapter 6 Tickets and the Ticket Queue 79 Ticket Tables More information Customizing a Data Table see page 22 Administrator View User View see page 82 Searching the Ticket Queue Table Besides the basic filtering done by the Ticket QUeue menu options you can search for a ticket that matches a specific query The search is performed on the tickets in the current table Search Tickets Find tickets that match these criteria Status I EQUAL SI Pending Action v
226. e left arrow button 6 When you finish making your selections click OK The selected fields will now appear in the relevant entity table Setting the Number of Records Per Page Most Entity tables allow you to determine the number of records per page that you can view The Records per page option appears at the bottom of the data table This option allows you to select from a pre defined list the number of records that will appear on every page The default number of records per page for most data tables is 10 Users Showing 1 to 10 of 69 4 41234567 gt Add Person ID Name Organization Organization Type 87368000 Toper Jim Stamford Branch Branches 75675330 Davis Brett Database Administrators Corporate 94738470 German Tom Fifth Ave Branch Branches 58723810 Eyal Yavetz Purchasing Corporate 82653450 Hill Gary Fifth Ave Branch Branches 64646410 Ron Marom Operations Corporate 84848110 Fidelity Bob Operations Corporate 89653230 Doll Charles Database Administrators Corporate 94362210 poster Jillian Application Development Corporate DU O DU O O DU LZ O O Lal 97373330 Katz Nancy Silicon Valley Branch Branches O ic pa 3 N gt Records per page Chapter 2 Using The Eurekify Portal Interface 23 User Interface In this example 69 records are available As the number of Records per page has been set to 10 we can see only 10 records per page in this table and we can see in the upper right c
227. e new owner listed in the Owner field and the manager who delegated the ticket s is listed in the Previous Owner field Ticket Properties Form Windows Internet Explorer e http localhost 8080 eurekify tms ui wicket bookmarkablePage com eurekify tms web template Default TicketPage amp ticketId 1824 Delete Link User Role Ticket Id 1824 Owner Due Date 19 01 2009 22 47 43 Priority Modified Date 19 01 2009 23 25 28 Date Created 19 01 2009 23 11 22 Herman Barbara Low iM Severity State Minimal v Rami Sas Eurekify Rat Status pending Action Open User Approval Request to delete role Organtation Database Administrators Characteristic Role 100 0 Mn 40 from user Rodney Sergio 75676560 ion User Approval Request to delete role Organization Database Administrators Characteristic Role 100 0 Min 40 from user Rodney Sergio 75676560 Request was submitted on Universe Demo1 from Link of Team to Role s Less Details onfiguration Name Model_ConfigwithRoles Person ID 75676560 Organization Database Administrators Owner Note 19 01 2009 23 11 22 Rami Sas Eurekify Rami Escalated to Herman Barbara Advanced ir Ko Internet A comment is generated stating that the ticket has been Delegated to current owner This comment appears in both the old ticket and in the new ticket When viewed in the original ticket owner s Archive screen Ticke
228. e options appears Administration gt Settings Connector Settings Universe Settings Properties Settings Common Properties Settings Audit Properties Settings 2 Click Connector Settings The Connector Settings screen opens 348 Portal User Guide Setting Connectors To edit an existing connector 1 Click Edit next to the connector that you want to edit You cannot change the name of a connector The contents of the other fields can be edited To delete a connector 1 Click Delete next to the connector that you want to edit A warning screen opens Really delete Basic import connector 2 Click OK to delete the connector Chapter 15 Using Administration Functions 349 Setting Connectors Creating a New Import Connector 350 Portal User Guide Connectors utilize the Eurekify Sage converters to import data from the system s endpoints You will need to know which converter you intend to use and the name and location of the settings xml file and the mapping xml file for this converter For more information see the lt role gt Sage Data Management User Guide Import client name Description Universe Settings XML file Mapping XML file Enrichment settings file Remote system login password Max duration time seconds Connector Java Class Choose One Workflow process name Choose One Ticket Type Choose One Priority SAGE Normal Severity SAGE Medium X
229. e role manager approver ticket generated when a request is made to add a new role to the configuration 264 Portal User Guide Introducing the Requests Table Update Role The role manager approver ticket generated when a request to update role definitions is made or in the special case of multi user requests to enroll users in a role where the number of users exceeds the system s threshold Enterprise Role and Compliance Manager Home Ticket Queue Dashboards Self Service Entity Browser Reports Administration Logout AD1 EAdmin Ticket Queue gt Open New Done Tickets State Status Children Type Received Owner Approval 01 02 2009 Root 00 29 04 Furekify Admin 01 02 2009 Eurekify Admin 2221 E Gi New Role Corporate Security Open In Progress Add Role 00 29 05 AD1 EAdmin 01 02 2009 00 29 17 2220 E Gadd Role Approval Root Request Open In Progress 2222 Select Accountable to Role Corporate Security Archived Completed Task Eurekify Admin Cooper Amos 2223 role Approver New Role Corporate Security Archived Approved Add Role KLE DOMAIN Cooper aa Amos Cooper Amos DOMAIN Cooper Amos Cooper Amos DOMAIN Cooper Amos Cooper Amos DOMAIN Cooper Amos Cooper Amos DOMAIN Cooper Amos Cooper Amos DOMAIN Cooper Amos Cooper Amos DOMAIN Cooper Amos Cooper Amos DOMAIN Cooper Amar Link User 01 02 2009 Request to add user to role association 234 m Role 00 38 36 role Corporate Security user 89213720
230. eb template DefaultTicketPagetticketId 1488 be Owner SAGE ADMIN GROUP Previous Owner Status Pending Action Due Date 07 01 2009 22 41 29 Priority Normal v Severity Medium lt State New Modified Date 07 01 2009 22 08 46 Date Created 07 01 2009 22 08 46 Title Error in Basic import connector 2009 01 07T22 08 09 com eurekify batch remoteConnectors clients CARemoteSystemExternalProcessConnet Description Master Configuration Name Master_firstRun Model Configuration Name Model_firstRun Import Name Basic import connector cose ENS a G v gt R100 The Error ticket provides the following functionality Close Closes the ticket Save Saves any changes made to the ticket Delegate Transfers the ticket to another manager Escalate Transfers the ticket to another manager Acknowledge The button is disabled until the process is completed Click to complete and archive the ticket Handle This button ensures that even if multiple users received this error ticket only one will handle it After one user clicks this button the functional buttons for this ticket will be disabled in the other users ticket Terminate job Manually terminates the currently running job Clean up Cleans up the job s temp files prior to terminating the job Chapter 15 Using Administration Functions 359 Job Scheduling More information The Ticket Properties Form see page 83 Delegating an Info Ti
231. ecked by you and if you have no corrections to make click Submit below the request table and generate the approval process tickets necessary to confirm the role definitions that you have created Enterprise Role and Compliance Manager _ eureXify Home Ticket Queue Dashboards Self Service Entity Browser Reports Administration Logout DOMAIN Herman Barbara Find Resources Showing 1 to 10 of 83 4 417123456789 Add Oo Res Name 1 Res Name 2 Res Name 3 UGMTSYS RACFTEST RACF22 UGSYS TSSCREDIT TSS50 TESTDEV RACFTEST RACF22 UGMPOPR RACFPROD RACF22 UGADMGR Administration ROOT NOVELADM Novel4 UGMPMINI RACFPROD RACF22 UGADGEN1 Administration ROOT NOVELADM Novel UGSAPPUR SAPPROD SAPR3 secmgr UNXMARKT Solaris26 UGADGEN2 Administration ROOT NOVELADM Novel4 Customize Records per page 10 7 To see which users are using the selected resources click here Suggest Users the results are in the Users table Users Showing 1 to 10 of 69 4 41234567 Add Oo Person ID Name Organization Organization Type 98383770 Rolen Dave Finance Corporate 84847310 Goid Wiliam Human Resources Corporate 88311130 Goodmen Bruce Marketing_Dept Corporate 67565330 Schwarts Barry Human Resources Corporate 83838380 Helmuth Howard Marketing_Dept Corporate 93773730 Tailor Janet Operations Corporate 5872
232. eckup Chapter 15 Using Administration Functions 379 System Checkup 380 Portal User Guide SMTP Checkup allows you to check two email systems TMS The Ticket Management System s email connections APP General Eurekify Portal email connections Administration gt System Checkup gt SMTP Checkup Checkup Options Send Mail Tms Send Mail App To perform an SMTP checkup 1 On the Administration menu click System Checkup A list of System Checkup options appears Click SMTP Checkup The Checkup Options screen opens To check the TMS email system Enter an email address in the Send Mail TMS box To check the App email system Enter an email address in the Send Mail App Click Send The Executing bar appears Check the email box to see if the email arrived If an email does not arrive this indicates a problem that needs to be corrected Chapter 16 About Security amp Permissions Security In a world where corporate security has immense ramifications especially when you consider the potential harm that could result from loss inaccuracy when unauthorized personnel attempt to use various features alteration by unauthorized users or misuse of data and resources It is important that the software operate at a level of security that is consistent with the prevention of such potential harm The Eurekify Portal is accessible to both senior administrators and regular users The different types of
233. ected request was submitted on universe 2 from 3 the request to delete resource 1 from role 0 failed request was submitted on universe 2 from 3 request to delete resource 1 from role 0 is already in process the request to delete resource 1 from role 0 is already in process request was submitted on universe 2 from 3 to continue please choose an accountable user to 0 role the request to delete role 1 from user 0 is already in process request was submitted on universe 2 from 3 user password not found try wicket wicket as the user name password combination 0 failed the value 0 is not allowed in 1 the command id 0 was not found the command id 0 is not enabled fail to save attachment please fill the field name the filter 0 has a syntax error 1 the user does not exist Field error command revokecmd errcode error command revokecmd msg2 errcode error command linkcommands errcode error command startjobcommand errcode error command startjobcommand checkjobticke texists errcode error workflow connection errcode error service createconsulttickets errcode error service createconsulttickets2 errcode error service createconsulttickets3 errcode error service validatevalue errcode error command saveticket optimisticlockexcepti on errcode error validate valuelength errcode error validate date errcode error batchtask errcode error
234. ecuting bar appears The original ticket is archived and its status is set to Delegated A new ticket is generated The ticket appears in the target user s Ticket Queue Chapter 6 Tickets and the Ticket Queue 95 Info tickets More information Add Comment see page 87 Filtering a Data Table see page 24 Eurekify Properties see page 409 Escalating an Info Ticket This function lets you transfer the info ticket to a more senior manager thus sharing important information Once you have transferred the selected ticket to the new ticket owner the original ticket is archived and will no longer appear in your list of active tickets Only the current ticket owner can escalate a ticket When a ticket is escalated a new ticket is generated with the new owner listed in the Owner field and the manager who escalated the ticket s is listed in the Previous Owner field Ticket Properties Form Windows Internet Explorer L http localhost 8080 eurekiFy tms ui wicket bookmarkablePage com eurekify tms web template Default TicketPage ticketId 1824 Delete Link User Role 1824 Owner Herman Barbara__ Previous Owner Rami Sas Eurekify Rai Status pending Action 19 01 12009 22 47 43 Priority Low Severity Minimal v State Open Modified Date 19 01 2009 23 25 28 Date Created 19 01 2009 23 11 22 Title User Approval Request to delete role Organization Database Administrators Characteristic Role 100 0
235. ed users Person ID Click any highlighted ID listed in this column to open the associated User s Card Get Roles Provides a list of Currently Enrolled Roles for the selected users Customize Allows you to determine the columns that will appear in the Users table Records per page Select the number of records that will appear in the Users table Find Users Opens the Select User filter screen to assist you in finding specific users Once you have selected the user s you want to manage at this time you can click Get Roles to obtain a list of the roles currently associated with these users Note If the actions you want to take do not involve the currently enrolled roles associated with the selected user you can skip the Currently Enrolled Roles table and go to the Other Roles table Chapter 11 Running Self Service Tasks 211 Manage My Team s Role Assignments To select users and obtain their roles 1 In the Users table select one or more users You can click Find Users to open the Select User screen 2 Click Get Roles The roles linked to the selected user s appear in the Currently Enrolled Roles table A list of roles that are not linked to the currently selected user S appears in the Other Roles table At this point you can choose to m Manage the current enrollment list m Add additional roles to the selected users a Do both If you do not want to manage the currently enrolled roles skip to add roles to
236. ee Enterprise Role and Compliance Manager Home Ticket Queue Dashboards Self Service Ticket Queue gt Campaign Tickets gt Customize Title State 1111 6 Role Review Role Certification New 916 E G Role Checkup Role Certification 917 921 923 925 927 931 933 Bro Ero Bro Bro Bro Bro E Ro Open le Certification Flag Lee Role Checkup New le Certification Garr Jim Role Checkup New le Certification Hope Collin Role Checkup New le Certification Cooper Amos Role Checkup New le Certification Keren Cindy Role Checkup New le Certification Yoham Anne Role Checkup New le Certification Herman Barbara Role Checkup Open Reports Status Pending Action In Progress Pending Action Pending Action Pending Action Pending Action Pending Action Pending Action Completed Administration Children 15 15 Type Received 25 12 2008 19 24 11 23 12 2008 21 14 23 Campaign 23 12 2008 Manager rad Approver 21 14 24 Campaign Manager aa Approver Campaign Manager nye Approver Campaign Manager ee Approver Campaign Manager a Approver Campaign Manager vee Approver Campaign Manager Approver Campaign Campaign Campaign 23 12 2008 21 14 24 Owner Eurekify Admin AD1 EAdmin Eurekify Admin AD1 EAdmin Flag Lee DOMAIN Fiag Lee Garr Jim DO
237. een opens in a separate browser window 2 Create a rule by making selections from the search fields Click Add Condition to add additional rules 3 Click OK when you are satisfied with the query you have generated 4 If there are tickets that match your filter statements they appear in the ticket table The Clear Filter button is added to the Ticket Queue s menu bar gt ID Title State Status Children 465 O User Certify Dec 2008 User Certification Open In Progress 9 User Certification Eurekify Admin User Certify Dec aes New 1 Chapter 6 Tickets and the Ticket Queue 81 Administrator View User View Refresh 5 Click Clear Filter to return to the original filtered by Ticket QUeue menu options ticket table The Refresh button lets you update the contents of the current ticket table It is especially useful following the performance of actions that change the ticket s state and or status Click Refresh to update the ticket list displayed on screen Administrator View User View 82 Portal User Guide The Admin View User View button allows you to toggle between two views of the Ticket Queue User View The standard Ticket Queue features available to all users dependent on their permissions Admin View Allows you to view all the campaign tickets in the system even those that were created by other managers The Admin View option is only available to the super administrator The buttons will only
238. ekify Role amp Compliance Manager Sage ERM DNA User Guide Violations Violations First Second Third Rule Description Score Fifth av Applicative license Only 5 people Only 5 people may role Role By 2 may access role access role ADMNMGR 100 E Resources ADMNMGR licensing licensing The Violations screen lists only those records that have a violation associated with them If there are no violations the screen will have no records listed Violations Violations No violations First Second Third Rule Description Score No Records Found 200 Portal User Guide General Self Service Functions The Violations table provides the following information First The link s first entity Second The link s second entity Third The link s third entity Rule The rule that is being violated Description Provides further details concerning the violation Score The risk as defined for the specific BPR The value is usually between 0 and 100 To run the compliance testing 1 Click Test Compliance The Violations screen opens in a separate browser window 2 Click in the upper right hand corner to close the window Chapter 11 Running Self Service Tasks 201 General Self Service Functions Suggesting Entities The Eurekify Portal takes advantage of the advanced pattern recognition technology provided by the Eurekify ERCM This technology is utilized when you request that a Eurekify Portal s Self Service task provide y
239. ekify Role amp Compliance Manager database Use the following parameters to filter the report based on user role or resource attributes by Field Specifies a data field in the configuration file that is used to filter and sort records The drop down shows existing data fields in the configuration file specified by the Configuration parameter Only relevant data fields are shown for example only user attributes are shown for reports organized by user account From To Specifies the range of records to include in the report based on the data field specified in the by Field parameter The drop downs show existing field values drawn from the specified configuration file Pattern Defines a pattern matching string that selects records from the specified configuration file to include in the report The string is applied as a filter to the data field specified in the by Field parameter The pattern must follow the usage defined for the java utils regex Pattern class in the Java version supported by this release Use the following parameters when working with analytical statistical reports based on the selected configuration s audit card Audit Card Specifies the audit card from which analytical information will be drawn to generate the report The drop down lists all audit cards associated with the specified configuration file Chapter 14 How to Generate Reports 319 Parameters and Filters for Report Generation 320 Portal User
240. elected Approver Progess 0 6 0 14 X d Progress Violations PersonID UserName Organization OrganizationType Comment aaa 74 Joe Dassin 99883136 Joe Dassin Sales Corporate E Chapter 15 Using Administration Functions 335 Adding Campaigns For example if there is a pattern violation regarding a user e g the user is suspected as a collector or if there is a compliance violation for a user who is not allowed to have both roles A and B and yet it is found that the user is linked to both roles Such a finding will cause the user name to appear in red in the campaign s Approver ticket entity table Campaign Manager Approver Ticket Id 1409 Eurekify Admin AD1 Previous Owner Due Date 31 01 2009 00 00 00 Priority Normal lt ony Modified Date 06 01 2009 16 28 54 Date Created 06 01 2009 16 28 0 Owner Status Pending Action Medium x State Open x Title User Certification Eurekify Admin User campaign with Audit Card Description User Certification Eurekify Admin User campaign with Audit Card Hide Selected Reassigned From Save and Reassign Approver Progess LNR b AB ooo E Roles 2 v X Name Sales Team Role By 2 Users Organization Sales Characteristic Role 100 0 Min 40 PersonID Joe Dassin 99883136 Violations Relationtype Description Direct Role By 2 Users Direct 100 0 Min
241. embers of the parent role listed in this table are automatically members of the sub role the current role and therefore provisioned with all the sub role s privileges RACI Provides the name of the user who is held accountable for this role This is the user who will be listed as the Approver when this role is being audited or when a change has been requested for this role Description Basic role for all users that have access to IT Reviewer 45489940 Organization2 Enterprise Organization3 Corporate Create Date Approval Date 09 05 2007 10 36 00 Approval Status Approved Expiration Date Resources Sub Roles Parent Roles RACI Name Organization Organization Type DOMAIN Levi Jay A Levi Jay Stamford Branch Branches Customize 32 Portal User Guide Resource Card User Interface Resource cards present all the information concerning the specific resource that is available in the selected Universe s configuration files A Resource cards are marked with the 7 symbol G Enterprise Role and Compliance Manager e mail outlook WinNT MS email Configurtion Model2_ConfigwithRoles nameS e mail outlook WinNT Description MS email ManagerID Owner 91236370 San Mateo CA Active Directoty Branch Users IBASIC ROLE Organization Application Development lOrganization Database Administrators Organization Fifth Ave Branch lOrganization Finance lOrganization Human Resources Organization IT Security Organization M
242. en reviewed Ticket Properties Form Windows Internet Explorer DER 7 http flocalhost 8080 eurekify tms uif wicket interface 37 1 v Campaign Manager Approver Ticket Id 872 a Owner Cooper Amos DOMA Previous Owner Status pending Action v Due Date 15 01 2009 00 00 00 Priority Normal x Severity Medium State open Modified Date 23 12 2008 21 57 19 Date Created 23 12 2008 12 51 21 User Certification Cooper Amos User Review Description User Certification Cooper Amos User Review Save and Reassign Show all pete ee A 1 7 X gt Progress Violations PersonID UserName Organization OrganizationType Comment Mike Pamela 87347830 Mike Pamela Application Development Corporate g Add Comment Add Attachment View Initiators View Transaction Log LE internet Rioo 148 Portal User Guide Advanced CMA Ticket Functions In the example we see that according to the Approver Bar there are 176 links that have to be approved 167 of those links have already been processed After clicking Hide Selected only one user is listed collapsed This way it s easy to see the links that have yet to be examined It is important to realize that the function only hides main entities that have been fully audited Entities whose link tables have only been partially audited will be visible EE 1 4 X gt Progress Violations PersonID UserName Organization OrganizationType Comment 444 Rolen Dav
243. ence to choose the file Output Configuration Fill in the name and path of the Output Configuration to be created Use the Browse button for convenience to choose the file Output Users Database Fill in the name and path of the Output Users Database to be created Use the Browse button for convenience to choose the file Output Resources Database Enter the file name and path of the Output Resources Database to be created Use the Browse button for convenience to choose the file Eurekify Sage Error Messages To trim a configuration 1 Open the Eurekify Sage DNA module 2 Click File Configuration and Management Operations Trim Configuration The Trim Configuration window opens 3 Enter values for the fields Note Remember to enter the correct file extension for each output file Important We recommend that when generating duplicate files for use with a Universe that you use the terms Master Model as part of the configuration file names 4 Click Browse next to each output database in order to save the new database file in a location of your choice The File Dialog Screen opens Eurekify File Dialog C Document SQL SST ox el ConfigwithRoles cfg el Model_ConfigWithRoles cfg Cancel Master_ConfigwithRoles cfg S Eurekify cfg E Model_ConfigwithRoles_R cfg S Model_ConfigwWithRoles_A cfg el Model_ConfigwithRoles_C cfg S Model_ConfigwWithRoles_I cfg fi Eurekify_R cfg S Eurekify_A cfg 5 Enable File a
244. ending Action Due Date 15 01 2009 00 00 00 Priority Normal x Severity Medium lt State Hidden Modified Date 25 12 2008 19 24 12 Date Created 25 12 2008 19 24 12 Title Role Certification Flag Lee Role Review Description Role Certification Flag Lee Role Review Reassigned From Approver Progess 0 18 0 1 X Progress Violations RoleName Description Organization Type Comment m Active Directoty Branch Users Characteristic Role Characteristic Role 44 4 Goran Applicative E 44 4 Min 40 Min 40 pany Role Fifth Ave Applicative E Fifth av Applicative role Role By 2 Resources Role By 2 Resources Branch Role Eg Active Directory Domain Users Characteristic Role Characteristic Role 100 0 Compan Applicative E 100 0 Min 60 Min 60 y Role v LE internet 100 lt 128 Portal User Guide Campaign Approver Tickets More information Campaign Approver Tickets see page 131 Auditing Links see page 136 Chapter 7 Running Campaign owner Tickets 129 Chapter 8 Campaign Approver Tickets This chapter is intended for users who receive Campaign Manager Approver CMA tickets When a new campaign is generated Eurekify ERCM generates Campaign Manager Approver CMA Approver tickets tickets Entity managers are assigned to a campaign as approvers based on the campaign type For example for a user certification campaign user managers will
245. entical to the original Approver ticket Delete Link Entity1 Entity2 except it has a new Ticket ID and the General functions are limited The options Approve and Reject have the following meaning Approve Approve the request to delete the specified link Reject Reject the request to delete the specified link Ticket Properties Form Windows Internet Explorer E http flocalhost 8080 eurekify tms ui wicket bookmarkablePage com eurekify tms web template DefaultTicketPageaticketId 1949 Delete Link User Role Ticket Id Owner Previous Owner Status Pending Action Due Date 19 01 2009 05 18 41 Priority Low Severity State open Modified Date 22 01 2009 12 06 56 Pate Created 22 01 2009 12 02 31 Title Consult User Request to delete role Organization Database Administrators Characteristic Role 100 0 Min 40 from user Davis Brett 75675330 Description Approval Request to Consult deleting role Organization Database Administrators Characteristic Role 100 0 Min 40 from user Davis Brett 75675330 Request was submitted on Universe Portal from Link of Team to Role s Reject onfiguration Name Model2_ConfigWithRoles Person ID 75675330 R Organization Database Administrators it v LE internet Q10 Chapter 9 Approval Process Tickets 181 Approval Process Approver Tickets If you click View Parent you will see the ticket from which the consultation request
246. er Eurekify Admin Eurekify Admin AD1 EAdmin Eurekify Admin Cooper Amos DOMAIN Cooper Amos 281 Add New Role Ticket Tree After the Role manager has approved the enrollment of all the users in the Approver ticket stage 3 begins and a new set of tickets is generated Stage 3 Includes examples of possible Request sub trees for an Add Role ticket tree Ticket Description L Approval Root ticket Same ticket 2 Self Service Main Request Same ticket Parent Ticket Select Accountable This Task ticket has been completed and is currently archived Approver Ticket This Role Approver ticket has been completed and is now archived 3 Self Service Request A Link User Role parent ticket Parent ticket Approver Ticket Only one ticket A Link User Role approver ticket 0 Self Service Request A Link Role Resource parent ticket Parent ticket Approver Ticket Only one A Link Role Resource approver ticket 282 Portal User Guide Add New Role Ticket Tree The number of Link User Entity sub trees depends on the number of role entity requests that were originally submitted If a request was made to enroll 10 users to a role then there will be 10 Link User Role subtrees generated during the third stage of the Add New Role Approval Process 2 ID Title State Status Children Type Received Owner Previous Owner Approval 01 02 2009 Root 00 29 04 P 2220 amp Add Role Approval Root Request Open In Progress 1 Eurekify Admin
247. er fields from the drop down lists 9 Optional Select an Audit settings file from the drop down list 10 Click Save The universe is created and will appear in the Universe List Note Sometime an issue exists for historical reasons that causes a message to appear At the bottom of the message you are asked if you want to auto repair the issues in this message Always click Yes Enterprise Role and Compliance Manager eurekify Home Ticket Queue Dashboards Self Service Entity Browser Reports Administration Logout AD1 EAdmin The following issues were found GENUST014 1 the model configuration Model2_ConfigWithRoles_A is not read only GENUST011 2 the model configuration Model2_ConfigWithRoles_A has a parent configuration GE 3 the model configuration Model2_ ConfigWithRoles A is not logged GENUST0O13 would you like to auto fix them GENUST015 11 Click Yes to auto fix the issues listed in this error message The Please Wait bar appears When the job is completed the new universe appears in the Universes list After you have created a new universe you need to perform the following actions m Update Eurekify users database m Create RACI m Sync RACI More information Running a Connector see page 357 Eurekify Configuration Settings see page 374 Create RACI see page 376 Synchronize RACI see page 377 Chapter 15 Using Administration Functions 343 Setting a U
248. er audit Close Delegate Escalate Universe Portal Campaign Type USER Auto Generate Permissions true Configuration Model2_ConfigWithRoles Link Filter Direct Dual Audit Card Entity Filter No Filter Attachments jomments Received Owner Note x 21 12 2008 13 24 06 Eurekify Admin End of year audit Campaign Management SS SS ETT Start Approval Processes View Campaign Progress Advanced Done La Internet 100 88 Portal User Guide The Ticket Properties Form Add Attachment An advanced ticket feature that allows you to attach a file or URL to a specific ticket Next to the listed attachment s you can see an X Click X to delete the attachment Ticket Properties Form Windows Internet Explorer 7 http flocalhost 8080 eurekiFy tms uif wicket interface 17 Add Attachment Name Url http Fie CBrowse cance ESRR La amp Internet The Add Attachment screen contains three fields Name Lists the attachment name When the attachment is a file the file name is listed URL The URL to be listed as an attachment File The file to be attached You can use the Browse button to locate the file Chapter 6 Tickets and the Ticket Queue 89 The Ticket Properties Form To add an attachment 1 Click Add Attachment The Add Attachment screen opens 2 To link to a URL enter the URL in the URL text box 3 To attach a file enter the file name or locate it using the Br
249. erlina Kent 86023090 Sterling Kent Human Resources Corporate E oO 78 Bean Frank 99883110 Bean Frank Purchasing Corporate Ef Attachments omments E internet 100 Chapter 4 Showcasing the Eurekify Portal 51 Running a Campaign A Case Study Allen has two users listed in his ticket Nancy selects the Reassign check box located next to both users and clicks Save and Reassign The Find Reassign Users screen opens Browse Tickets Windows Internet Explorer re http flocalhost 8080 eurekiFy tms ui wicket interface 9 3 Find Reassign Users Where Organization contains Silicon Valley Branch and Where Choose Field v contains and Where Choose Field v contains Default Filter UserName Katz Nancy Kistor Steve Yoham Anne Katz Nancy Yoham Anne Kistor Steve Taskoni Bob Organization Silicon Valley Branch Silicon Valley Branch Silicon Valley Branch Silicon Valley Branch Silicon Valley Branch Silicon Valley Branch Silicon Valley Branch Silicon Valley Branch OrganizationType Branches Branches Branches Branches Branches Branches Branches Branches Email i Title 97373330 company com 93988710 company com 93872110 company com 97373330 company com 93872110 company com 93988710 company com 97847110 company com 97847110 company com Branch Manager Branch Officer Clerk Branch Officer Clerk Branch Manager Branch Officer Clerk Branch Officer Clerk
250. ertification Open g 5 Campaign Admin AD1 EAdmin 1 11 2008 SK 14 50 1 12 Chapter 2 Using The Eurekify Portal Interface 19 User Interface General Features Autocomplete Eurekify Portal s home page contains the following main features menu bar Tickets pane Reports navigation bar and Business Processes navigation bar When the Eurekify Portal opens the Tickets pane displays any active new open done tickets More information Presenting the Home Page see page 63 There are several features that repeat themselves in most of the screens you will access while working with the Eurekify Portal Some of the Portal s screens have fields with an enabled Autocomplete feature This feature provides a data list matching the field requirements from which you can make a selection To view the data list click the Backspace key on your keyboard Import client name Description Universe Choose One v Settings XML file E C Program Files EurekifyEurekify Sage Client Tools Y4 01 Mapping XML file Si nna ae Enrichment settings file Remote system login password Max duration time seconds Connector Java Class Choose One 20 Portal User Guide Mandatory Fields User Interface Fields marked with an asterisk are mandatory Attempting to go to the next stage of a process without filling in these fields causes an error message to be displayed next to each vacant
251. es and privileges of the people that report to you Your account DOMAIN Nancy Katz was granted Access to the Eurekify Enterprise Role amp Compliance Manager Portal in order to accomplish this task In order to start please open http ercm_server com Please note This campaign due date is 2 2 2009 Thank you for your cooperation Role Management Team If this email was sent to you by mistake or you are not Nancy Katz please reply and notify the campaign manager at admin company com Reply Forward The new user campaign s owner ticket appears in Nancy s Ticket Queue Enterprise Role and Compliance Manager Home Ticket Queue Dashboards Self Service Entity Browser Reports Administration Ticket Queue gt Campaign Tickets Customize Clear Filter State Status Children Type Received Owner Katz Nancy 9 Campaign Lk DOMAIN Katz fe Nancy Pending 1491 a First User Audit User Certification New Action Chapter 4 Showcasing the Eurekify Portal 49 Under the column Children you can see the number 9 in the Campaign ticket s Running a Campaign A Case Study row This signifies that nine Approver tickets have been generated Enterprise Role and Compliance Manager Home Ticket Queve Ticket Queue Customize gt D Tite Dashboards Self Service 1491 E First User Audit User Certification 1492 1494 1498 1501 1512 1517 1537 1556 User Certification User Certific
252. es table Records per page Select the number of records that will appear in the Other Roles table per page Find Roles Opens the Select Role filter screen to assist you in locating specific roles Test Compliance Checks whether the selections made in the Other Role table comply with existing policies and BPRs Business Practice Rules Suggest Roles Provides a list of possible roles based on the CA Eurekify Role amp Compliance Manager pattern recognition technology Chapter 11 Running Self Service Tasks 215 Manage My Team s Role Assignments This table presents you with several options m You can manually select one or more roles that you wish to link to the selected users m You can use the Find Roles filter option to find specific roles and then make a selection from the filtered list of roles m You can click Suggest Roles and use the information provided by this feature to link roles to the selected users Other Roles Showing 1 to 10 of 27 4 4123 gt gt Add Role Name Description Matching Rights HR Pattern Privileges Pattern Matching Rule Details Characteristic Role 100 0 Min 40 Organization Stamford Branch 10 10 10 10 10 10 Details Fifth av Applicative role Role By 2 Resources 10 10 Details Organization Humen Characteristic Role 85 7 Min Resources 40 Title Branch Officer Clerk Characteristic Role 50 1 10 1 10 1 10 Details Title Branch Manager Characteristic Role 50 1 10
253. es generated for each request listed in the original Requests table Update Role Parent ticket When a request is made to update a role definition this ticket is the main parent ticket Below it you will find the role managers approver ticket and the set of subtrees generated for each request listed in the original Requests table Chapter 12 Role Definition Tickets 263 Introducing the Requests Table Request Parent Ticket This ticket is of the same type as the Approver tickets associated with it This ticket belongs to the Role manager This node is the parent of the actual approval process Approver tickets that are sent to the Approvers The number of sub trees of this type present in an approval process tree depends on the number of Self Service requests being processed Approver Tickets As role definition task tickets are generated in stages the Eurekify Portal generates on Role Approver ticket for the role manager and a set of sub trees one per request comprising a Request Parent ticket belonging to the Role manager and an Approver ticket that is sent to the user resource or role hierarchal manager The tickets generated belong to one of the following ticket types Link User Role Link Role Resource or Link Role Role Generated when adding a link to specific role Delete Link User Role Delete Link Role Resource or Delete Link Role Role Generated when making a request to sever a specific link to the role Add Role Th
254. esParametersPage lt data gt lt checkPermission gt true lt checkPermission gt lt tag gt lt tag id ConfigurationResourcesAttributes gt lt type gt report lt type gt lt label gt Configuration Resources Attributes lt label gt lt data gt com eurekify web reports parameters configurationattributes resources ConfigurationResourcesAttributesParamet ersPage lt data gt lt checkPermission gt true lt checkPermission gt lt tag gt lt tag id ConfigurationUsersFull gt 420 Portal User Guide Sample Portal Structure XML lt type gt report lt type gt lt label gt Configuration Users Full lt label gt lt data gt com eurekify web reports parameters configurationattributes users ConfigurationUsersFullParametersPage lt data gt lt checkPermission gt true lt checkPermission gt lt tag gt lt tag id ConfigurationRolesFull gt lt type gt report lt type gt lt label gt Configuration Roles Full lt label gt lt data gt com eurekify web reports parameters configurationattributes roles ConfigurationRolesFullParametersPage lt data gt lt checkPermission gt true lt checkPermission gt lt tag gt lt tag id ConfigurationResourcesFull gt lt type gt report lt type gt lt label gt Configuration Resources Full lt label gt lt data gt com eurekify web reports parameters configurationattributes resources ConfigurationResourcesFullParametersPa ge lt data gt lt checkPermission gt true lt checkPermission gt l
255. et Main Parent Ticket Details Section The More Details gt gt and lt lt Less Details buttons located below the general function buttons toggle between showing additional data and hiding the same data The type of data available is the same whether the ticket is an Add Role main parent ticket or an Update Role main parent ticket The content of the fields depends on the original Role Definition task being processed Delegate Escalate Cancel Process lt lt Less Details onfiguration Name Model2_ConfigWithRoles DOMAIN Cooper Amos Corporate Security Rule Organization2 Organization Type Owner Description Organization3 Organization IT Security null null Enterprise 41T Security Organizational Role 54672910 Role provides resources to use 89213720 54672910 91236370 89123140 84847310 Organization IT Security public UNXMARKT Solaris26 PUBLIC RACFPROD RACF22 UGMTSYS RACFTEST RACF22 Organization2 Organization Type Owner Description Organization IT Security null null Enterprise IT Security Organizational Role 54672910 Role provides resources to users who are involv Resources To Add Parent Roles To Add public UNXMARKT Solaris26 Organization IT Security PUBLIC RACFPROD RACF22 UGMTSYS RACFTEST RACF22 The Role Fields table refers to the role s rules This table will have content only when a new role included a rule or when a rule is added changed during an update role process
256. et Ticket Type s Delete Link Entity1 Entity2 Delete Link Entity1 Entity2 Delete Link Entity1 Entity2 Approval Root Link Entity1 Entity2 Delete Link Entity1 Entity2 Update Role Link Entity1 Entity2 Delete Link Entity1 Entity2 Update Role Link Entity1 Entity2 Delete Link Entity1 Entity2 Ticket Life Cycle Description Approval Process Tickets see page 151 A ticket generated after a campaign is stopped or completed This ticket is the specific rejected link s manager ticket For each pair of Approver tickets sent to the link s entity managers there is a parent ticket thus creating a sub tree for each rejected link For more information see Approval Process Tickets see page 151 A ticket generated after a campaign is stopped or completed The rejected links are sent for re evaluation to the managers of the linked entities For example a link between a role and resource will generate tickets to both the role manager and the resource manager The Approver Ticket can be escalated delegated to another approver by the ticket owner For more information see Approval Process Tickets see page 151 A ticket generated when an Approver wishes to consult with another user regarding the specific rejected link For more information see Approval Process Tickets see page 151 The Self Service request root ticket A ticket generated when a self service process require
257. et Tree This process is started by the manager who made the Self Service request the Self Service Manager When an instruction to begin an Approval Process is given the Eurekify ERCM generates a hierarchal Approver Process ticket tree The Self Service Request a New Role Definition Add New Role task tickets are generated in stages 1 Select Accountable A Task ticket sent to the Self Service task manager 2 Role Approver An Add Role ticket sent to the Role manager 3 Link Approval Process sub trees One Link Entity Role parent and one Link Entity Role approver ticket for each request made during the original Self Service task The parent ticket is always assigned to the Role manager gt D Title State Status P 2220 E Gi Add Role Approval Root Request Open Tn Progress P 2221 E New Role Corporate Security Open In Progress 2222 S Select Accountable to Role Corporate Security Archived Completed P 2223 S Role Approver New Role Corporate Security Archived Approved Gy Request to ad to role association 2224 m Gq Request to add user to role association role Corporate Security user 89213720 aes In Progress C Request to add u a G iie corporate Securi User Approval Request to add role Corporate 2234 Security Role provides resources to users who are New invol Pending Action ms RNS a RRR e bus S e m RNS a RES e bras RR i progress Approval Request to add role Corporate S
258. et is listed Stage 2 All the Request Parent tickets for each requested link are listed Note that the new role s manager is the listed owner of these tickets Notice the ticket Type for information on what ticket you are currently viewing Add Comment Add Attachment View Transaction Log View Initiators lt lt Close Children View Role Type Status Title naska Sharoni Approver Approved Role Approver Update Role Organization Marketing_Dept Allen Sherman In DOMAIN Iian Sharoni Progress Allen Sherman Remove User In Request to remove user to role association DOMAIN Ian Sharoni Role Progress role Organization Marketing_Dept user 77371120 Allen Sherman Remove User In Request to remove user to role association DOMAIN Ilan Sharoni Role Progress role Organization Marketing_Dept user 88382990 Allen Sherman Link Role In Request to add role to resource association DOMAIN Ilan Sharoni Resource Progress resource UGMTSYS role Organization Marketing_Dept Allen Sherman Remove Role In Request to remove role to resource association resource UGADGEN2 Administration DOMAIN Iian Sharoni Resource Progress ROOT role Organization Marketing_Dept Belect Link User Role Request to add user to role association role Organization Marketing_Dept user 84847310 Belect Belect Belect Belect Click Close Children to close the table Chapter 12 Role Definition Tickets 279 Add New Role Ticket Tree Add New Role Tick
259. eue when applicable the old ticket and the new ticket create a new sub tree within the original Approval Process tree in which the original ticket Status is set to Escalated is the parent ticket Ticket Queue gt Open New Done Tickets State Status Children Type Received Owner Pending Approval 19 01 2009 r amp Link of Team to Role s Approval Root Request Done Acton Root 18 24 11 Cooper Amos Pending Approval 19 01 2009 Action Root 18 16 38 Bink of Team to Role s Approval Root Request New In Progress Approval 19 01 2009 Cooper Amos E Link of Team to Role s Approval Root Request Done Cooper Amos Request to remove user to role association Delete 19 01 2009 Cooper Amos Ae role Organization Database Administrators Open In Progress Link 17 47 30 DOMAIN Cooper Characterist User Role 7 7 Amos Request to remove user to role association Delete 19 01 2009 Cooper Amos role Organization Database Administrators New In Progress Link 17 47 30 DOMAIN Cooper Characterist User Role T Amos User Approval Request to delete role Delete amp Organization Database Administrators Characteristic Archived Escalated Link Bee pes d R Role 100 User Role t gt urekify Rami User Approval Request to delete role Delete Organization Database Administrators Open in Characteristic Role 100 Role Approval Request to delete role Organization Database Administrators Characteristic New Role 100
260. ew Initiators see page 162 View Parent see page 163 View Entity see page 165 Consult see page 178 Chapter 9 Approval Process Tickets 185 Approval Process Approver Tickets View Consult Results When an Approver sends a request for a consult during an Approval Process the View Consult Results button is added to the ticket s Advanced function buttons When you click this button you open the View Consult Results window in a separate browser window Click Close to close the window You can use this utility to see what the consultation results are If at the time of the viewing no answers are available the screen will list this data as follows http localhost 8080 eurekify tms ui E 5 E http f localhost 8080 eurekify tms ui wicket bookmarkablePa Y View Consult Results Action Counter No Answer 4 LE internet 100 186 Portal User Guide Approval Process Approver Tickets The View Consult Results table has two columns Action The action was taken by the consulting parties Counter The number of consultants who responded in this manner Over time as the various users respond to the request for a consultation by approving the request to delete a link or rejecting it the table shows the various responses http localhost 8080 eurekify tm E TIE lej http flocalhost 8080 eurekiFy tms ui wicket bookmarka YW View Consult Results Action Counter No Answer 1 Approve 3 Reject 1
261. ew Role task provides the following Advanced functionality Add Comment Manually add a comment to the ticket Add Attachment Add an attachment or URL to the ticket View Transaction Log The transaction log provides a history of the ticket related actions executed since the creation of the ticket View Parent Opens the current ticket s parent s ticket View Initiators View of list of the users who launched this ticket View Role Opens the Role s card As in this case the review is limited to the role you cannot access the users cards View Violations View the list of violations More information Add Comment see page 87 Add Attachment see page 89 View Transaction Log see page 90 View Parent see page 163 View Initiators see page 162 View Entity see page 165 View Violations see page 290 Chapter 12 Role Definition Tickets 289 Add New Role Ticket Tree View Violations 290 Portal User Guide A violation is a breach of corporate security policies guidelines BPRs and or regulations The CA Eurekify Role amp Compliance Manager identifies such infractions When seeking to decide whether to approve or reject a request to create a link between a role and other entities within a Role Definitions Approver Process Approver ticket you can use the View Violations utility to see whether there are any violations connected to the Self Service request you are examining When you click View Violations
262. ex 2240 Rol 2 Request to add role to resource association resource public role Corporate Security Pending Action 2230 In Progress Request to add role to resource association E C resource PUBLIC rele Corporate Securty aes Resource Approval Request to add resource S PUBLIC RACFPROD RACF22 Production RACF to New role Corporate Pending Action t to add role t r ociation Gq Request to add role to resource association resource UGMTSYS role Corporate Security Bar nraye The Add New role ticket tree is constructed as follows Stage 1 Ticket Description Approval Root ticket This ticket is identical to other Approval Process Approval Root tickets For more information see Self Service Approval Root Ticket see page 267 2 Self Service Main Request Parent An Add Role parent ticket sent to the Self Service 280 Portal User Guide Add New Role Ticket Tree Ticket task manager For more information see Role Definition Main Request Parent Ticket see page 275 Select Accountable A Task ticket sent to the Self Service task manager For more information see Select Accountable Ticket Add New Role see page 284 gt WD Tte Status Children 2242 E Gy Add Role Approval Root Request Type Approval 01 02 2009 Root 13 01 32 Eurekify Admin Eurekify Admin AD1 EAdmin Eurekify Admin In Progress 01 02 2009 13 01 32 2243 IS new Role Manage Human Re
263. ext to them Returning to Nancy s Ticket Queue Allen s ticket has the status Completed and a new ticket has been generated for Steve Kistor Enterprise Role and Compliance Manager Home Ticket Queue Ticket Queue gt New Tickets Dashboards Self Service E User Certification Katz Nancy First User Audit 2009 Hidden Ez User Certification Goodman Bruce First User Audit 2009 User Certification Allen Sherman First User Audit 2009 2009 2009 2009 2009 2 User Certification Cooper Amos First User Audit g User Certification Herman Barbara First User Audit E user Certification Levi Jay First User Audit 2009 g User Certification Schwarts Barry First User Audit 2 User Certification Allen Sherman First User Audit Hidden Hidden IS User Certification Purple Mary First User Audit 2009 Hidden E User Certification Katz Nancy First User Audit 2009 Hidden Hidden Hidden Hidden Hidden Hidden Entity Browser Reports Action Pending Action Pending Action Completed Pending Action Pending Action Pending Action Pending Action Pending Action Pending Action Pending Action Campaign Manager Approver Campaign Manager Approver Campaign Manager Approver Campaign Manager Approver Campaign Manager Approver Campaign Manager Approver Campaign Manager Approver Campaign Manager Approver Campaign Manager A
264. g 1 to 10 of 27 4 4123 gt Add Role Name Description Type Organization Oo o Organization Human Resources Characteristic Role 85 7 Min 40 Org Role Human Resources RACF Public access Characteristic Role 100 0 Min 60 Applicative Role Company Organization Application Development Characteristic Role 100 0 Min 40 Org Role Application Development Title Operator Characteristic Role 50 Org Role Title Operator Sales Team Role By 2 Users Org Role Sales Organization System Management Characteristic Role 100 0 Min 40 Org Role System Management Organization Stamford Branch Characteristic Role 100 0 Min 40 Org Role Stamford Branch Title Branch Manager Characteristic Role 50 Org Role Title Branch Manager Organization Marketing_Dept Characteristic Role 100 0 Min 40 Org Role Marketing Dept RACF Developers Characteristic Role 100 0 Min 60 Applicative Role Company Customize Find Roles Test Compliance Suggest Roles Records per page 19 214 Portal User Guide Manage My Team s Role Assignments The Other Roles section provides the following options Add A column of check boxes one per role Select one or more to link the selected users to additional roles Role Name Click any highlighted role name listed in this column to open its Role Card Customize Allows you to determine the columns that will appear in the Other Rol
265. ge com eurekify tms web template DefaultTicketPagesticketId 465 v Campaign Ticket 1d Owner Previous owner Status Pending Acton v moded Date pate Created Title User Certify Dec 2008 User Certification Description Certification Campaign for the end of 2008 Universe Portal Campaign Type USER Auto Generate Permissions true Configuration Model2_ConfigWithRoles Link Filter Direct Dual Audit Card Entity Filter No Filter Attachments omments Campaign Management Start Campaign Start Approval Proc Add Attachment View Transaction Log 100 7 Ticket Properties Form Windows Internet Explorer 7 http localhost 8080 eurekify tms ui wicket bookmarkablePage com eurekify tms web template DefaultTicketPagesticketId 835 Campaign Ticket Id Owner Eurekify Admin AD1 Previous Owner Status Pending Action v Due Date 15 01 2009 00 00 00 Priority Normal Severity Medium State Open v Modified Date 21 12 2008 13 00 50 Date Created 21 12 2008 12 51 21 Title User Review User Certification Description End of year user audit Universe Portal Campaign Type USER Auto Generate Permissions true Configuration Model2_ConfigWithRoles Link Filter Direct Dual Audit Card Entity Filter No Filter Attachments omments Campaign Management Start Carnpaign Stop Carnpaign Restart Campaign Start Approval Proc View Campaign Progress Rio Chapter 7
266. ge 384 Eurekify Configuration Structure Link Type Resources This section discusses how the eurekify cfg file s resource definitions impact a user s permissions In general various types of resources are pre defined as permission related resources The system recognizes three families of such resources m Link m Doc_Access m Filter The easiest way to view and edit these resources is within the CA Eurekify Role amp Compliance Manager Sage DNA module Resources whose type is Link determine which menu options will be visible to each user ResNamet ResName2 Description i type Of TmsSystem DashBoard SelfService Campaigns Reports L this resource will grant all links permissions in Eurekify Portal for portal TAG TmsSystem LINK L this resource will grant all links permissions in Eurekify Portal for portal TAG DashBoard LINK L this resource will grant all links permissions in Eurekify Portal For portal TAG SelfService LINK L this resource will grant all links permissions in Eurekify Portal for portal TAG Campaigns LINK L this resource will grant all links permissions in Eurekify Portal For portal TAG Reports LINK Administration L this resource will grant all links permissions in Eurekify Portal for portal TAG Administration LINK debug 384 Portal User Guide L this resource will grant all links permissions in Eurekify Portal for portal TAG debug LINK Permissions The ge
267. ge My Team s Role Assignments More information Customizing a Data Table see page 22 Presenting the General Section MMT Role Screen see page 209 Presenting the Users Table MMT Role Screen see page 210 Presenting the Currently Enrolled Roles Table Manage My Roles Screen see page 212 Presenting the Other Roles Table MMT Role Screen see page 214 Presenting the General Section MMT Role Screen Enterprise Role and Compliance Manager _ eurekify Home Ticket Queue Dashboards Self Service Entity Browser Reports Administration Logout AD1 EAdmin Self Service gt Manage My Team s Role Assignments Fifth Ave Branch Universe Branch roles Adding relevant roles to users listed as Fifth Ave Branch The General section of the Managing My Team s Roles screen contains the following fields Universe Select the Universe you wish to work with The users table and the available roles depend on the universe Business Area General information descriptive This information will appear in the Description field of the ensuing Self Service Approval Root ticket Business Process General information descriptive This information will appear in the Description field of the ensuing Self Service Approval Root ticket Description Provide a concise and meaningful description of the changes you intend to make to your team s roles Submit Click to submit your request for changes
268. ger is its ability to take advantage of RACI presentation techniques When a request for a new role is generated the first thing that the Eurekify Portal does is to generate a Task ticket that aids the Self Service manager in swiftly setting the new role s Accountable Approver 2244 Owner Eurekify Admin Previous Owner Pending Action v 11 02 2009 13 01 40 Priority Low lt Severity Minimal v Open o 01 02 2009 13 04 15 Date Created 01 02 2009 13 01 40 Select Accountable to Role Manage Human Resources To continue please choose an accountable user to Manage Human Resources role GENTKT039 Delegate Select Accountable Model2_ConfigWithRoles Manage Human Resources Type 0rganization2 0Organization3 0Organization 0Owner Rule Description Organizational Role Branch Corporate Human Resources 82922230 0rganization Human Resources Organization Type Branches Ma resources 90873220 87368000 UGSTAMGEN NTSTAM WinNT UGSTAMLAN NTSTAM WinNT Domain Users NT5SAVE WinNT Organization2 Organization3 Organization Owner Rule Descrip Organizational Role Branch Corporate Human Resources 82922230 Organization Human Resources OrganizationType Branches Managin Resources To Add UGSTAMGEN NTSTAM WinNT UGSTAMLAN NTSTAM WinNT Domain Users NTSAVE WinNT Add Comment Add Attachment View Transaction Log View Violations 284 Portal User
269. ginated approval tickets DNA originated approval tickets are not automatically started and you have to click Start Process The former two types always appear in the ticket queue as In Process and hence Start Process is disabled Chapter 15 Using Administration Functions 337 Setting a Universe Setting a Universe 338 Portal User Guide A universe refers to a specific Master configuration and Model configuration pair that includes the entitlements of one or more end points The Master configuration contains the real world user and user privileges information The model configuration starts as an identical copy of the Master configuration but as the audit process proceeds the model configuration is updated based on the corporate policies and regulatory compliance demands The CA Eurekify Role amp Compliance Manager r4 1 CR3 Eurekify Portal permissions are derived from the universe definition Note Once you have defined a universe you have to run the Eurekify Configuration settings utility so that the users can access the Eurekify Portal You also have to generate the RACI configuration to define the entity Approvers This section describes the following procedures Access the Universe Settings List m Create a new universe Edit a universe Delete a universe More information Eurekify Configuration Settings see page 374 RACI Operations see page 376 The Universe Settings Table see page 339 Creating
270. gn is listed in the Children column when visible Until the Campaign owner starts the campaign the Approver tickets are listed in the campaign owner s Ticket Queue as state Hidden and the Approver tickets do not appear in the respective approvers Ticket Queues Once the campaign has begun the state of the Approver tickets listed in the campaign owner s Ticket Queue changes to New And the Approver tickets are now visible in their respective approvers Ticket Queues The approvers can now begin to examine the links provided in the Approver tickets Another facet of a ticket s life cycle is that some tickets under certain conditions can be transferred to another user For example a senior administrator can generate a campaign the campaign owner and then transfer campaign ticket ownership to another system administrator Approval Process tickets can also be transferred by their owners The Eurekify Portal uses the terms delegate escalate to denote such a transfer Delegate The act of appointing a more junior manager to be the ticket owner Escalate The act of appointing a more senior manager to be the ticket manager Note The term reassign is used in relation to links to mark the transfer of the responsibility for reviewing a link s from one Approver to another Approver More information Delegating a Campaign see page 112 Reassigning a Link see page 142 Chapter 6 Tickets and the Ticket Queue 71 Ticket L
271. gt lt tag id RoleManagement gt lt type gt internal lt type gt lt label gt Role Management lt label gt lt checkPermission gt true lt checkPermission gt lt tag id RolesAnalysisReport gt lt type gt report lt type gt lt label gt Roles Analysis Report lt label gt lt data gt com eurekify web reports parameters roleanalysis RolesAnalysisParametersPage lt data gt lt checkPermission gt true lt checkPermission gt lt tag gt lt tag id RoleEngineeringMethodologies gt lt type gt report lt type gt lt label gt Role Modeling Methodologies Comparison lt label gt lt data gt com eurekify web reports parameters roleengineering RoleEngineeringParametersPage lt data gt lt checkPermission gt true lt checkPermission gt lt tag gt lt tag gt lt tag id PolicyManagement gt lt type gt internal lt type gt lt label gt Policy Management lt label gt lt checkPermission gt true lt checkPermission gt lt tag id PolicyVerificationReport gt lt type gt report lt type gt 422 Portal User Guide Sample Portal Structure XML lt label gt Policy Verification Report lt label gt lt data gt com eurekify web reports parameters universeconfigurationreports PolicyVerificationParametersPage lt data gt lt checkPermission gt true lt checkPermission gt lt tag gt lt tag gt lt tag id Campaigns gt lt type gt internal lt type gt lt label gt Campaigns lt label gt lt checkPermission
272. gt true lt checkPermission gt lt tag id FullCertificationReport gt lt type gt report lt type gt lt label gt Full Certification Report lt label gt lt data gt com eurekify web reports parameters campaign FullCertificationParametersPage lt data gt lt checkPermission gt true lt checkPermission gt lt tag gt lt tag id CertificationProgressReport gt lt type gt report lt type gt lt label gt Certification Progress Report lt label gt lt data gt com eurekify web reports parameters campaign CertificationProgressParametersPage lt data gt lt checkPermission gt true lt checkPermission gt lt tag gt lt tag gt lt tag gt lt tag id Administration gt lt type gt mark lt type gt lt label gt Administration lt label gt lt data gt com eurekify web AdministrationPage lt data gt lt checkPermission gt true lt checkPermission gt lt tag id SetCampaign gt lt type gt internal lt type gt lt label gt Add Campaign lt label gt lt data gt com eurekify web campaign SetCampaignPage lt data gt lt checkPermission gt false lt checkPermission gt lt tag gt lt tag id ScheduledTasksPage gt lt type gt internal lt type gt lt label gt Job Scheduler lt label gt lt data gt com eurekify web ScheduledTasksPage lt data gt lt checkPermission gt true lt checkPermission gt lt tag gt lt tag id TxLogPage gt lt type gt internal lt type gt lt label gt TxLog Page lt label gt
273. he data and the field names are obtained from the configuration s resource database rdb Note The highlighted column is predefined and cannot be customized You can click the highlighted Res Name 1 in any record to open that resource s Resource Card Entity Browser i c Portal v ion Model2_ConfigWithRoles Universe Configuration Users Roles Resources Showing 1 to 10 of 83 4 47123456789 Res Name 1 Res Name 2 Res Name 3 APPLDEV RACFTEST RACF22 BRLIMSYS RACFPROD RACF22 DEVELOP RACFPROD RACF22 DEVELOP RACFTEST RACF22 Domain Users NTSILV WinNT Domain Users NTSAVE WinNT Domain Users NTSTAM WinNT PUBLIC RACFPROD RACF22 PUBLIC RACFTEST RACF22 SYS1 RACFTEST RACF22 Customize Filter Records per page 10 Y More information Resource Card see page 33 316 Portal User Guide Chapter 14 How to Generate Reports Reports provide customized views of role based configurations you create in CA Eurekify Role amp Compliance Manager Generate reports to m Track the progress of import export role definition or certification campaigns m Analyze role hierarchies and user resource assignments in detail m Share management level information on role based access control and compliance activities CA Eurekify Role amp Compliance Manager provides a range of predefined report types which can be customized by specifying filter sorting and threshold parameters The following table describes the step
274. he email messages 3 Click Send Mail You can view the comment containing the mail summary that is attached to the campaign ticket Campaign Ticket Advanced Functions The Advanced button located at the bottom of the Ticket Properties Form provides you with the following functions Add Comment m Add Attachment m View Transaction Log m View Children Click Advanced to access the advanced campaign ticket functions More information Add Comment see page 87 Add Attachment see page 89 View Transaction Log see page 90 View Children see page 127 126 Portal User Guide View Children Action Owner Campaign Ticket Advanced Functions Campaign tickets are set up as hierarchal trees The View Children option allows you to see information concerning all the leaves that are located below the Campaign Ticket This includes all campaign s Approver Tickets You can control the number of records per page listed in the table by using the Records per page option Status Add Attachment View Transaction Log lt lt Close Children Type Title Eurekify Admin AD1 EAdmin Campaign Manager Approver Pending Action User Certification Eurekify Admin User Review t Herman Barbara DOMAIN Herman Barbara Campaign Manager Approver Pending Action User Certification Herman Barbara User Review t Purple Mary DOMAIN Purple Mary Campaign Manager Approver Pending Action User Certification Purple Mary User Review t Good
275. he number of records that will appear in the Other Resources table Find Resources Opens the Select Resources filter screen to assist you in locating specific resources Test Compliance Checks whether the selections made in the Other Resources table comply with existing policies and BPRs Business Process Rules Suggest Resources Provides a list of possible resources based on the Eurekify ERCM pattern recognition technology This table presents you with several options R You can manually select one or more resources that you wish to link to the selected users R You can use the Find Resources filter option to find specific roles and then make a selection from the filtered list of resources R You can click Suggest Resources and use the information provided by this feature to link resources to the selected users Manage My Team s Resources Other Resources Showing 1 to 10 of 82 4 4723456789 Res Name 1 Res Name 2 Res Name 3 HR Pattern Privileges Pattern Details UGFINAR RACFPROD RACF22 RACFPROD RACF22 4 Detail secmgr UNXMARKT Solaris26 UNXMARKT Solaris26 Detail office2003 2003 WinNT 2003 WinNT appldev UNXMARKT Solaris26 UNXMARKT Solaris26 UGSILVLAN NTSILV WinNT NTSILV WinNT UGADSYS Administration ROOT NOVELADM Novel NOVELADM Novell4 UGSILVSYS NTSILV WinNT NTSILV WinNT e mail outiook WinNT outlook WinNT UGSAVELAN NTSAVE WinNT NTSAVE WinNT unixdev UNXMARKT Soleris26 UNXMARKT Solaris26 Add o E o E o o
276. he request to generate a new role More information Request New Role Definition Screen see page 245 Filtering a Data Table see page 24 Customizing a Data Table see page 22 Suggesting Entities see page 202 Setting the Number of Records Per Page see page 23 Test Compliance see page 200 Introducing the Requests Table see page 257 254 Portal User Guide Updating Role Definitions Updating Role Definitions The Eurekify Portal allows you to update role attributes and links on the fly When the need arises to update an existing role whether following an audit or in the course of an enterprise s roles and privileges maintenance life cycle you can do so directly and quickly The procedure includes finding the role within a specific universe and then following the procedure described in Defining a New Role though in this case the fields have already been filled the attributes defined and the links listed and your goal is to edit these selections to match your corporation s new needs Enterprise Role and Compliance Manager Home Ticket Queue Dashboards Self Service Entity Browser Reports Administration Logout DOMAIN Herman Barbara Self Service gt Request Changes to a Role Definition Request Role Update Pa AE In the Request Role Update screen you are required to select a Universe Selecting the Universe opens the Select Role screen Configuration Model2_ConfigWithRoles Where Any
277. he system that specific access permissions should be removed The campaign does not check if users are lacking permissions that should have been granted to them Additional case studies can be found at http ca com support This section contains the following topics Running a Campaign A Case Study see page 48 Chapter 4 Showcasing the Eurekify Portal 47 Running a Campaign A Case Study Running a Campaign A Case Study Nancy Katz is a corporate branch manager at the Silicon Valley branch In the past user provisioning and resource allocation was performed on the fly as the need arose Now as part of an integrated audit Nancy K finds that she is required to audit the company s information systems and validate correct usage of access rights to information resources Cooper Amos needs to discover obsolete and suspect privileges best practice violations have to be identified and he has to obtain an overall view of the corporate access rights structure The corporate system administrator has installed the Eurekify ERM server and client modules and has downloaded the corporate security data generating a set of Eurekify configuration files Nancy has followed the instructions in the Getting Started chapter and she wants to run a user campaign Defining a New User Campaign 48 Following the instructions in section Adding Campaigns see page 325 Nancy defines the following campaign Enterprise Role and Comp
278. hown there are 69 users 97 roles and 83 resources There are 345 user role connections and the role hierarchy contains 23 role role connections A series of bar charts summarize the connections between users roles and resources The following types of links are described Direct Connection Only an explicit direct link connects two entities There are no implicit links between them due to parent child inheritance in the role hierarchy Indirect Connection Two entities are connected only through a role or through parent child inheritance of links in the role hierarchy There is no direct link between them Dual Connection Two entities are linked both directly through an explicit link and indirectly through the role hierarchy Audit Card Dashboard 194 Portal User Guide The audit card dashboard is a portal page that provides a graphical overview of the analytical alerts recorded in a specified audit card By reviewing these violations the Role Engineer can determine the current role configuration s goodness of fit and decide which direction to take to refine the configuration Note The alert criteria reported in the audit card dashboard reflect the pattern analysis settings used to generated the selected audit card For detailed information about these pattern analysis options refer to the Sage DNA User Guide Compliance Dashboard Compliance Dashboard The compliance dashboard is a portal page that provides a graphic
279. hted Role Name in any record to open that role s Role Card Universe 4 M Configuration Modell_ConfigwithRoles Users Roles Resources Showing 1 to 10 of 30 44723 gt Role Name Description Type Organization SAV Fifth Av Br Team Iterated Org Role Fifth Ave Branch Active Directory Domain Users Characteristic Role 100 0 Min 60 Applicative Role Company Active Directoty Branch Users Characteristic Role 44 4 Min 40 Applicative Role Company BASIC ROLE Basic role for all users that have access to IT Org Role Enterprise Fifth av Applicative role Role By 2 Resources Applicative Role Fifth Ave Branch Novell HR Application Characteristic Role 40 0 Min 40 Applicative Role Company Organization Application Development Characteristic Role 100 0 Min 40 Org Role Application Development Organization Database Administrators Characteristic Role 100 0 Min 40 Org Role Database Administrators Organization Fifth Ave Branch Characteristic Role 100 0 Min 40 Org Role Fifth Ave Branch Organization Finance Characteristic Role 100 0 Min 40 Org Role Finance Customize Filter Records per page More information Role Card see page 31 Chapter 13 Introducing the Entity Browser 315 Specific Entity browser Resource Browser Click the Resources tab to view the Resource browser The Entity Browser s Resource Browser shows resource information for the selected configuration T
280. ial filter gt APPROVER_TICKET lt data gt lt checkPermission gt false lt checkPermission gt lt tag gt lt tag id campaignTickets gt lt type gt external lt type gt lt label gt Campaign Tickets lt label gt lt data gt SAGE_SERVICE_URL tms ui credential filter gt CAMPAIGN_TICKETS lt data gt lt checkPermission gt false lt checkPermission gt lt tag gt lt tag id archivedTickets gt lt type gt external lt type gt lt label gt Archived Tickets lt label gt lt data gt SAGE_SERVICE_URL tms ui credential filter STATE_ARCHIVED lt data gt 418 Portal User Guide lt checkPermission gt false lt checkPermission gt lt tag gt lt tag gt lt tag id DashBoard gt lt type gt external lt type gt lt label gt Dashboards lt label gt lt data gt lt Sample Portal Structure XML http localhost 8080 group eurekify configuration usertoken USER_TOKEN group eurekify configuration usertoken USER_TOKEN lt data gt lt checkPermission gt true lt checkPermission gt lt tag gt lt tag id SelfService gt lt type gt mark lt type gt lt label gt Self Service lt label gt lt checkPermission gt true lt checkPermission gt lt tag id manageTeamRoles gt lt type gt internal lt type gt lt label gt Manage My Team s Role Assignments lt label gt lt data gt com eurekify web selfservice Roles TeamServicePage lt data gt lt checkPermission gt true lt checkPermiss
281. ic_properties The change will take place the next time that the server is restarted Chapter 15 Using Administration Functions 371 Properties Settings To create a new property key 1 In the Eurekify Properties page enter a name of a property key in the text box under Properties 2 Click Create New The Edit Property screen opens Enter a Property Value in the text box 4 Select a database Type from the drop down list Click Save The new property appears in the Properties Property Key approvals configuration updateResource minimumLinks Property Value Po Type Choose One Save Cancel Editing a Property Key Following system changes you may need to update the value of a property key For example if you change the name of the SMTP email server used by your corporation to send out emails When you click Edit next to an existing property key the Edit Property screen opens Property Key approvals configuration updateRole minimumLinks Property Value SB Cd Eurekify_home_properties file 372 Portal User Guide Properties Settings When editing an existing property the source of the property is listed in the Type drop down Save is disabled The reason is that for security reasons when you edit a property key the change is not saved directly to the properties file Instead the updated property key value is saved to the CA Eurekify Role amp Compliance Manager database The Eurekify
282. ice requests can be divided into two basic types Provisioning tasks Manage my team s role assignments Manage my role assignments m Manage my team s resource assignments a Manage my resource assignments Role definition tasks Request a new role definition m Request changes to a role definition While the tickets generated by both types of tasks are similar they do not behave in the same manner and therefore they are described separately The ticket functions work the same irrespective of the ticket where you find them for example a Consult utility works the same even if the ticket type providing the service is different As CA Eurekify Role amp Compliance Manager is a role management product many of the features focus on roles The Role Definition tasks focus on the roles The CA Eurekify Role amp Compliance Manager assumes that user updates will come from a relevant source such as a Human Resources database Resource information is collected from the end points during import Chapter 12 Role Definition Tickets 261 Introducing the Requests Table When a Role Definition task is completed a Requests screen opens This screen has two tables m Attributes Attributes Role Name Organization Marketing_Dept Attribute Value Description Characteristic Role 100 0 Min 40 99883135 Org Role Marketing Dept Organization Corporate Organization Marketing_Dept Name Add User Goid Wiliam 84847310 Goid Wiliam 84
283. icer Clerk Security Admin Manager Chapter 7 Running Campaign owner Tickets Internet R100 115 General Campaign Ticket Functions 116 Portal User Guide The Find Escalate Users screen is divided into two sections The filter Located in the window s header The filter lets you narrow down the list of proposed approvers The proposed users This table presents a pre filtered list of users who can receive the escalated approval task s This list can be filtered to aid in finding a specific user The names listed in the proposed users list are governed by several default property filters of the type tms escalate filter To escalate an approval 1 Click Escalate in the Campaign Ticket s Properties Form The Find Escalate Users screen opens 2 Select a name from the list You can use the filter option to reduce the number of records listed in the table 3 Click OK The Executing bar appears The campaign is archived and its status is set to Escalated The campaign ticket appears in the target user s Ticket Queue More information Filtering a Data Table see page 24 Eurekify Properties see page 409 Campaign Management Functions Campaign Management Functions The campaign management section of the Ticket Properties Form screen provides the following functions Start Campaign The campaign won t start and approver tickets will remain hidden until the campaign is activated When you s
284. ife Cycle Ticket Types A ticket s Ticket Type appears under the Type column in the user s Ticket Queue and also as the ticket title in the Ticket Properties Form Ticket Properties Form Windows Internet Explorer http localhost 8080 eurekiFy tms ui wicket bookmarkablePage com eurekify tms web template DefaultTicketPageaticketId 1970 P Approval Root Ticket Id 1970 Owner Cooper Amos Previous Owner Status In Progress Due Date 26 01 2009 22 12 39 Priority Low lt Severity Minimal v State open Modified Date 26 01 2009 17 43 46 Date Created 26 01 2009 17 12 39 Link of Team to Role s Approval Root Request Description Business Area SelfService role update Business Process Remove and or Add roles to the selected group Description remove The ticket type presents the ticket s purpose Each ticket type has its own unique life cycle Each ticket s state and status attributes denote where it is currently situated within the ticket s life cycle Tickets can be part of a larger process and therefore tickets in the same ticket type category may actually present different functionality The tickets are described in this manual as part of procedures and therefore we have given them names according to their purpose within the procedure The following table presents the list of tickets described in this guide Name Ticket Type s Description Campaign owner Campaign The campaign root ticket The
285. ill appear in the autocomplete list Model configuration name The Universe s model configuration If the configuration was uploaded to the database the name will appear in the autocomplete list Approved Audit Card The list of approved violations for the Universe if it exists Configuration Login field The field in the selected configuration file which provides the users login ID located in the users database file Configuration email field The field in the selected configuration file which provides the users email address located in the users database file Configuration user manager field The field in the selected configuration file which provides the user manager s ID user approver Configuration role manager field The field in the selected configuration file which provides the role manager s ID role approver Configuration resource manager field The field in the selected configuration file which provides the resource manager s ID the resource approver Audit Settings file Parameters and settings which define the audit and pattern based checks that will be performed on the master configuration each time it s imported Important Each Universe has a unique configuration associated with it Do not create more than one universe for any master model configuration Chapter 15 Using Administration Functions 341 Setting a Universe To create a Universe 1 On the Administration menu click Sett
286. ilter Direct Dual Audit Card Entity Filter No Filter Attachments Comments Received Owner Note X 21 12 2008 12 15 17 Eurekify Admin AD1 EAdmin Escalated to Herman Barbara Campaign Management Start Campaign Stop Campaign esiart Campaign Archive Start Approval Processes View Campaign Progress Done ir e Internet 114 Portal User Guide 619 572 618 573 577 579 General Campaign Ticket Functions A comment is generated stating that the campaign has been Escalated to current owner This comment appears in both the old root ticket and in the new root ticket The new root appears as the top level in the new owner le S campaign ticket and as the second level in the previous owner s archived campaign ticket gt mD Tte E Resource1 Resource Certification E amp Role certification Role Certification A Grol certification Role Certification Role Certification Flag Lee Role certification Role Certification Garr Jim Role certification Role Certification Hope Collin Role certification State Archived Archived New Hidden Hidden Hidden Status Children Completed 5 Escalated Pending Action Pending Action Pending Action Pending Type Received 18 12 2008 16 41 08 18 12 2008 16 12 59 18 12 2008 16 25 08 18 12 2008 2 13 00 Campaign Campaign Campaign Campaign Manager Approver Campaign Manager 29 32 2008 Approver
287. ings The list of available options appears 2 Click Universe Settings The Universe list appears displaying existing universes 3 Click Create Universe The Create New Universe screen opens 4 Provide a unique Universe Name and Description 5 Provide a unique Master configuration name 6 Provide a unique Model configuration name Note We recommend that when generating a new Universe that you use the terms Master Model as part of the configuration file names For example Master_configWithRoles cfg and Model_configWithRoles cfg respectively 7 The remaining fields depend on the existence of the configuration provided Note If the configuration exists and it is located in the database the Eurekify Portal autocomplete feature will allow you to select content from a list of options for each field Universe name Portal Description For Portal Manua Master configuration name Master2_ConfigWithRoles Model configuration name Model2_ConfigWithRoles Approved AuditCard Choose One X Configuration login field LoginID Configuration email field email Configuration user manager field Configuration role manager field re Configuration resource manager field OrganizationType Country Audit settings file Location A Title Save Cancel Br a T Suspended ManagerlD email LoginID 342 Portal User Guide Setting a Universe 8 Select the Configuration lt data gt login email user manager role manager and resource manag
288. initions of users resources and roles if available as well as the relevant relationships privileges between them Connectors Connectors use the converters to access the production computer for both download and upload processes There are separate connectors for import and export procedures defaultSettings xml A connection details XML file located in the lt Eurekify home directory gt lt Converter directory gt Use the Eurekify DM module to update Direct Link An uninterrupted connection between two entities For example a user to resource link Dual Link Refers to the case when both a direct link and an indirect link exist For example A user is linked directly to a specific resource and at the same time the user is linked to a role that is linked to the same resource Entity Refers to one of the following Glossary 431 m User Role m Resource Indirect Link A circuitous connection between two entities For example A user is linked to a specific role and the role is linked to a specific resource The link between the user and the resource is an indirect link Here are some further examples User Role Resource Indirect link user to resource User Role Role Indirect link user to role hierarchy User Role Role Resource Indirect link user to resource Indirect links are not defined for the case of user to resource to role where the user is linked directly to a resource and a role is linked directly to
289. ion gt lt tag gt lt tag id manageSelfRoles gt lt type gt internal lt type gt lt label gt Manage My Roles Assignments lt label gt lt data gt com eurekify web selfservice RolesSelfServicePage lt data gt lt checkPermission gt true lt checkPermission gt lt tag gt lt tag id manageTeamResources gt lt type gt internal lt type gt lt label gt Manage My Team s Resources Assignments lt label gt lt data gt com eurekify web selfservice Resources TeamServicePage lt data gt lt checkPermission gt true lt checkPermission gt lt tag gt lt tag id manageSelfResources gt lt type gt internal lt type gt lt label gt Manage My Resources Assignments lt label gt lt data gt com eurekify web selfservice ResourcesSelfServicePage lt data gt lt checkPermission gt true lt checkPermission gt lt tag gt lt tag id requestNewRole gt lt type gt internal lt type gt lt label gt Request a New Role Definition lt label gt lt data gt com eurekify web rolerequests RoleDefinitionPage lt data gt lt checkPermission gt true lt checkPermission gt lt tag gt Appendix C Portal Structure XML Sample Portal Structure XML lt tag id requestUpdateRole gt lt type gt internal lt type gt lt label gt Request Changes to a Role Definition lt label gt lt data gt com eurekify web rolerequests UpdateRolePage lt data gt lt checkPermission gt true lt checkPermission gt lt tag gt lt tag
290. ipatory responsibility types which are then assigned to different roles in the project or process The following responsibility types make up the acronym RACI Responsible Those who do work to achieve the task There can be multiple resources responsible Accountable Also Approver The resource ultimately answerable for the correct and thorough completion of the task There must be only one A resource specified for each task Consulted Those whose opinions are sought Two way communication Informed Those who are kept up to date on progress One way communication Very often the role specified as accountable is also specified responsible Outside of this exception it is generally recommended that each role in the project or process for each task receive at most one of the participatory role types Although some companies and organizations do allow for example double participatory types this generally implies that the roles have not yet been truly resolved and so impedes the value of the RACI approach in clarifying each role on each task For further information on RACI see http www pmforum org library tips pdf_files RACI_R_Web3_1 pdf This type of link represents a hierarchal relationship Users who are members of a parent role are automatically members of the sub role and therefore provisioned with all the sub roles privileges Tickets are work items that can be viewed in the Ticket Queue They can be work related or inf
291. is set of configurations can be based on an existing configuration which you would like to keep as is The new configuration pair can also be based on a partial configuration that you wish to investigate A Eurekify configuration consists of a configuration file cfg a user database file udb and a resource database file rdb The configuration file contains references to the user and resource database files Therefore you cannot use the operating system s copy paste rename functions in order to duplicate a configuration You need to actually change the content of the configuration file during the process You can use the Trim Configuration process provided by the Eurekify Sage DNA module to duplicate a configuration This allows you to generate a configuration in which the new duplicate users and resource database files are referenced from within the new configuration file Trim Configuration m Input Source Configuration age Client Tools 4 0 Sage Demo ConfigwithRoles cfg Browse Output Output Configuration Browse Output Users Database Browse Output Resources Database Browse Appendix A Duplicating a Configuration 403 Eurekify Sage Error Messages 404 Portal User Guide The Trim Configuration screen contains the following fields Source Configuration Fill in the name and path of the Source Configuration to be trimmed Use the Browse button for conveni
292. ise risks The Eurekify Portal provides on the fly access to campaign management ticket management business processes and entity information These features helps customers clean up existing identity data and build a role model with the best available information This model serves as the foundation to automate the user provisioning process and enhances identity life cycle management This section contains the following topics About This Guide see page 14 Audience see page 15 Typical Processes see page 15 Opening the Eurekify Portal see page 17 Chapter 1 Introduction 13 About This Guide About This Guide 14 Portal User Guide This guide describes CA Eurekify Role amp Compliance Manager Portal operation and options Chapter 1 An overview of the Eurekify Portal a summary of typical processes and instructions how to open the Eurekify Portal Chapter 2 The Eurekify Portal s graphical interface Chapter 3 A step by step guide to getting started Chapter 4 A working example of how to use the portal Chapter 5 The Home page Chapter 6 The Ticket Queue menu and an introduction to Eurekify Portal tickets Chapter 7 The Campaign Tickets and their functionality Chapter 8 The Campaign Approver Tickets and their functionality Chapter 9 The Approval Process Tickets and their functionality Chapter 10 The Self Service menu options Chapter 11 Self Service Provisionng tickets Chapter 12 Role definition ti
293. ity Minimal lt State open Modified Date 01 02 2009 00 38 37 Date Created 01 02 2009 00 29 05 New Role Corporate Security New role Corporate Security More Details gt gt Add Comment Add Attachment View Transaction Log View Initiators View Children gt gt F Internet This section covers the following topics m The Role Definition Main Parent ticket s General functions m The Role Definition Main Parent ticket More Details section m The Role Definition Main Parent ticket s Advanced functions 274 Portal User Guide Role Definition Main Request Parent Ticket More information The Ticket Properties Form see page 83 Main Parent Ticket General Functions Role Definition see page 275 Main Parent Ticket Details Section see page 276 Main Parent Ticket Advanced Functions Role Definition see page 277 Main Parent Ticket General Functions Role Definition The Role Definition Main Parent ticket provides the following General functionality Close Closes the ticket Save Saves the changes made to the ticket Delegate Transfers the ticket tree to another manager Escalate Transfers the ticket tree to another manager Cancel Process Allows you to manually stop the Approval Process at any stage More information Escalate see page 154 Delegate see page 157 Cancel Process see page 169 Chapter 12 Role Definition Tickets 275 Role Definition Main Request Parent Tick
294. ization Stemford Branch 1 1 J Details Organization IT Security Details Organization Fifth Ave Branch Details Characteristic Role 100 0 Min 40 Characteristic Role 100 0 Min 40 Title Branch Manager Characteristic Role 50 J Details Characteristic Role 40 0 Min 40 Title Accountant Characteristic Role 50 l Details Records per page 10 Y Find Roles Test Compliance Suggest Roles Organization Finance Details Novell HR Application Details Chapter 11 Running Self Service Tasks 223 Manage My Role Assignments After making your selection s you can test the compliance of your selections with the existing BPRs and policies Third Rule Description Score Fifth av Fifth ave Only Only people from Fifth Applicative role people from Fifth Ave allowed in Fifth Ave Roles Role By 2 Ave allowed in Resources Fifth Ave Roles You can decide to make the request despite any violations or you can amend your selections To link to additional roles 1 In the Manage My Roles screen scroll down to the Other Roles table 2 Optional Click Find Roles to access the Select Role filter screen 3 Optional Click Suggest Roles to see the Eurekify Portal s recommendations 4 Select one or more roles to link to the chosen users 5 Optional Click Test Compliance to review your selections and check for possible violations The
295. k a tab label to bring that data table to the forefront active For example if you click the RACI tab in a Role Card the RACI table becomes active Title Product Manager Characteristic Role 50 45489940 Organization2 Title Organization3 Corporate Create Date Approval Date 09 05 2007 10 36 00 Approval Status Approved Expiration Date Resources Sub Roles Parent Roles RACI Name DOMAIN Ilan Sharoni A Allen Sherman Customize 26 Portal User Guide User Interface Sorting a Data Table by Column The Eurekify Portal data tables can be sorted When you click a column label the table is sorted based on the selected column Each type of data column has its own default presentation For example in Ticket Queue tables the records are sorted based on the ticket ID and the newest ticket that is largest ticket ID number is displayed on the first row of the table If you were to click Children the table would be resorted according to the number of children per ticket As seen in the following screen in the sorted table the newest ticket ID is no longer in the first row Enterprise Role and Compliance Manager eure ify Home Ticket Queue Dashboards Self Service Entity Browser Reports Administration Logout DOMAIN Cooper Amos Ticket Queue gt Open New Done Tickets ID Title State Status Children Type Received Owner Previous Owner Pending 21 12 2008 Action 12 29 06 Campaign rere 19 Manager ooo Approver
296. l Don t wait for ticket processing receive email when finished Select to enable processing of the campaign in the background When a ticket is generated you will receive email notification For very large campaigns have the system process the campaign creation offline the campaign owner can continue with other tasks and send an email to the campaign owner once the campaign has been created Generating a campaign is a resource intensive process especially as the number of links is not limited to the number of system users For example in a company with 10 000 employees and assuming each user has an average of 10 links to resources and roles you will have a campaign that requires the processing of approximately 100 000 links in order to create the campaign s tickets When this option is disabled you will see a progress bar that shows the percentage of progress at any moment Adding Campaigns To add a certification campaign 1 D O OND Hw 12 13 14 On the Administration menu click Add Campaign The Certification Campaign screen opens Provide a unique Campaign name Enter a Description In the Due date box enter a date or click the calendar icon and select a date In the Universe list type or select a universe In the Configuration list type or select a configuration Optional In the Audit Card list select an audit card In the Campaign Type list type or select a campaign type Select the relev
297. l Ben DOMAIN Ange Ben The ticket type is the same as the original Approver ticket Delete Link Entity1 Entity2 But the functionality is limited Delete Link User Role 1979 Owner Angel Ben DOMAIN Previous Owner Status Pending Action 29 01 2009 14 15 10 Priority Low Severity Minimal x State Open lodified Date 29 01 2009 09 18 06 Date Created 29 01 2009 09 15 10 Request to delete role Organization System Management Characteristic Role 100 0 Min 40 from user Angel Ben 67283470 Approved and Completed Su scription The request to delete role Organization System Management Characteristic Role 100 0 Min 40 from user Angel Ben 67283470 was approved and comple successfully Request was submitted on Universe Portal from Link of Team to Role s Close Delegate Escalate Acknowledge Add Comment Add Attachment View Transaction Log 188 Portal User Guide Approval Process Info Tickets In this section you will find information specific to the family of info tickets lt Ticket Title gt Delete Link Entity1 Entity2 For example Delete Link User Resource Title Request to remove Entity1 to Entity2 association Entity1 Entity1 name Entity2 Entity2 name For example Request to delete role Organization System Management Characteristic Role 100 0 Min 40 from user Angel Ben 67283470 Approved and Completed Successfully Des
298. l User Guide The filter format relies on the LDAP pre fix filter The filter is constructed from an expression which in turn may be constructed from sub expressions Each expression should by surrounded by round brackets and should represent a set of Sage entities The simplest form of expression is a pair of a Sage entity field name and a regular expression representing desired values with an equality sign between them For example Location Cayman or PersonID 86 Another simple form of expression is Location gt Cayman which will bring users whose Location field lexicographically follows Cayman Thus an expressions such as amp UserName gt A UserName lt B brings users whose Organization field is IN THE RANGE of A B inclusive Another type of simple expression is available for retrieval of relations It starts with the sign followed by brackets with a pair of relation type user role resource and the related entity name separated by an equals sign For resources three sets of brackets with the three names appear after the For example role Cayman or resname1 email resname2 outlook resname3 WinNT Expression may also have logical operations applied to them The available operations are AND OR and NOT AND and OR are binary operations and should be applied to pairs of expressions while NOT is a unary operation Operation symbols are amp AND OR NOT Operator symbols are
299. le null your session has expired please login again Chapter 17 Troubleshooting 399 Eurekify Sage Error Messages Field page expirederror info2 errcode error workpoint dbconnection errcode text dialogs runfailed errcode text dialogs runfailed errcode settings strings universe masterequalmodel err code settings strings universes errors missingname errcode settings strings universes errors missingdescrip tion errcode settings strings universes errors namealreadyex ist errcode settings strings universes errors missingmaster errcode settings strings universes errors missingmodel errcode settings strings universes errors missingauditse ttingsfile errcode settings strings universes errors masterisnotrea donly errcode settings strings universes errors masterhaspare nt errcode settings strings universes errors masternotlogg ed errcode settings strings universes errors modelisnotrea donly errcode settings strings universes errors modelhasparen t errcode settings strings universes errors modelnotlogge d errcode settings strings universes errors errorswasfoun d errcode settings strings universes errors wouldliketoaut ofix errcode 400 Portal User Guide Code tms030 tms031 txd001 txs002 ust001 ust002 ust003 ust004 ust005 ust006 ust007 ust008 ust009 ust010 ust011 ust012 ust013 ust014 ust015 Description
300. le Owner History Comment acl eam Role By 2 Direct Role By 2 Users Org Role Sales Organization Sales 99883135 History S Organization Sales Characteristic Role E Characteristic Role Direct 100 0 Min Org Role Sales Organization Sales 99883135 History 100 0 Min 40 40 E Resources 4 y X gt Namel Name2 Name3 Violations Relationtype Description Managerid owner Location History office2003 2003 WinNT San al E 2003 WinNT Dual MS office2003 91236370 Mateo CA MS office2003 History function approved e mail outlook WinNT MS R San A F email outlook WinNT Dual MS email 91236370 Mateo CA History Eg To add a comment to a link 1 Go to the record where you want to add the comment Click IF in the selected row in the Comment column A free style text box opens Comment Ef Basic function approved Ef 146 Portal User Guide General CMA Ticket Functions 2 Enter the free style text of your choice 3 Click the column label Comment at the top of the Entity Table PersonID UserName janization OrganizationType Comment Joe Dassin E 2 6 09883136 Joe Dassin Sales Corporate ear resources Name Violations Relationtype Description Type Organization Rule Owner History Comment a Role By 2 Direct Role By 2 Users Org Role Sales Organization Sales 99883135 History E Organization Sales Characteristic Role Characteristic Role Direct 100 0 Min Org Role
301. le association Delete 26 01 2009 Cooper Amos A role Organization System Management Characteristic Archived Completed Link 17 12 39 DOMAIN Cooper Rol User Role T Amos User Approval Request to delete role Delete Organization System Management Characteristic Archived Approved Link Role 100 0 User Role Role Approval Request to delete role Delete Organization System Management Characteristic Archived Approved Link 17 12 57 DOMAIN Steiven Role 100 0 User Role T Pat _ Request to delete role Organization System Cooper Amos LH Management Characteristic Role 100 0 Min Archived Completed DOMAIN Cooper Amos B Link of Team to Role s Approval Root Request Open In Progress Cooper Amos 26 01 2009 Cooper Amos DOMAIN Cooper Amos 26 01 2009 Steiven Pat 17 12 57 More information Delegate see page 157 Escalate see page 154 190 Portal User Guide Approval Process Info Tickets Advanced Approval Process Info Ticket Functions The Approval Process info tickets provide the following Advanced functionality Add Comment Manually add a comment to the ticket Add Attachment Add an attachment or URL to the ticket View Transaction Log The transaction log provides a history of the ticket related actions executed since the creation of the ticket View Parent Opens the current ticket s parent s ticket View Initiators View of list of the users who launched this ticket Click any of the functions
302. liance Manager Dashboards Self Service Entity Browser Reports Administration Logout DOMAIN Katz Nancy Home Ticket Queue Administration gt Add Campaign Settings Campaign Name First User Audit i Owner DOMAIN Katz Nancy Date Created 2 14 09 Running the first Silicon Valley user certification campaign Description L Due Date 02 21 2009 S Universe Portal he Configuration Model2_ConfigWithRoles M Audit Card None w Campaign Type UserCertification he Only use links from audit card Only use links not in audit card Permissions Z Automatically provision campaign permissions Zl Don t wait for ticket processing receive email when finished Create The Campaign Portal User Guide Running a Campaign A Case Study Nancy has chosen to view all three link options As the company is of moderate size and setting up the campaign s Approver tickets can take time Nancy chooses to run the campaign definition process in the background The following message appears Your request was sent to execution a mail message will be send upon completion When the campaign is ready the system sends her an email User Certification Campaign Notification Nancy Katz Inbox x show details 11 16 AM 7 hours ago Reply Y Dear Nancy Katz Due to security and compliance policies you are required to periodically certify the assigned rol
303. listed master model configurations will match the ones you generated After creating editing a Universe you have to enter the users associated with the universe into the Eurekify master configuration so that the users will have access to the Eurekify Portal More information Eurekify Configuration Settings see page 374 RACI Operations see page 376 Editing a Universe see page 344 Chapter 3 Getting Started 45 Step 5 Creating a Campaign Step 5 Creating a Campaign A campaign is an audit process which entails reviewing links between users roles and resources Managers in charge of various entities are notified that a campaign has begun The tasks assigned during the campaign are presented to the campaign owner and approvers as tickets The tickets include the data they have to review and approve or reject as the case may be More information Running a Campaign A Case Study see page 48 Adding Campaigns see page 325 Step 6 Exporting Entity Data 46 Portal User Guide The differences between the original real world configuration that was downloaded from the system end points Master and the updated and corrected configuration that has gone through an auditing process Model are uploaded to the original endpoints thus updating the corporate and platform user and user privileges information so that they are now in compliance with corporate policies and various regulations More information
304. listed in the proposed approvers list are governed by several default property filters of the type tms delegate filter Chapter 9 Approval Process Tickets 159 General Approval Process Ticket Functions To delegate a ticket 1 Click Delegate in the ticket s Ticket Properties Form The Find Delegate Users screen opens 2 Select a name from the list You can use the filter option to reduce the number of records listed in the table 3 Click OK The Executing bar appears The original ticket is archived and its status is set to Delegated A new ticket is generated The ticket appears in the target user s Ticket Queue More information Add Comment see page 87 Filtering a Data Table see page 24 Eurekify Properties see page 409 More Details Less Details The More Details gt gt and lt lt Less Details buttons located below the general function buttons toggle between showing additional data and hiding the same data More Details gt gt lt lt Less Details onfiguration Name Model_ConfigWithRoles 75676560 lt Organization Database Administrators Approval Process Result 160 Portal User Guide Advanced Approval Process Ticket Functions The data fields and their content depend on the ticket type and it is in general self explanatory To toggle between the two modes click the visible option More Details Less Details Advanced Approval Process Ticket Functions The Ticket Properties Forms
305. ll selected users will be disabled Remove A column of check boxes one per resource Check one or more to remove the link between the selected users and the selected resources Enrollment This column appears only when selecting multiple users Shows numerically of users enrolled total of users selected for example 2 3 means that two of the three selected users are enrolled to this resource This column also provides the value as a percentage For example 1 3 33 Resource Name Click any highlighted resource name listed in this column to open its Resource Card Depending on the type of action you wish to take you may find that after selecting the appropriate check boxes in this section you have completed the task In this case you can ignore the Other Resources and submit your requests by clicking Submit at the bottom of the Manage My Team s Resources screen To make selections in the Currently Enrolled Resources table in the Currently Enrolled Resources table click the relevant check boxes in the Add and or Remove columns At this point you can choose to End the process at this point m Add additional resources to the selected users If you do not want to add new resources submit your requests Manage My Team s Resources Presenting the Other Resources Table MMT Resources Screen This section allows you to enroll your selected user s to additional resources of your choice The actual enrollment will t
306. lowTicketForImport_V0 7 Chapter 15 Using Administration Functions 357 Setting Connectors 358 Portal User Guide The Details section provides you with the import Connectors data The Import ticket provides the following functionality Close Closes the ticket Save Saves any changes made to the ticket Delegate Transfers the ticket to another manager Escalate Transfers the ticket to another manager Cancel Process Provides the option to manually terminate an import process Acknowledge The button is disabled until the process is completed Click to complete and archive the ticket To run a connector 1 In the Connector screen select the connector you want to run import or export and click Run next to it A warning window appears Are you sure you want to run Basic import connector 2 Click Yes to run the specified connector An Import Ticket is generated and it will appear in your Ticket Queue 3 Click Acknowledge when the process is completed More information Job Scheduling see page 360 The Ticket Properties Form see page 83 Delegating an Info Ticket see page 94 Escalating an Info Ticket see page 96 Setting Connectors Import Error Tickets When an import operation fails for some reason the Eurekify Portal generates an Error Ticket Ticket Properties Form Windows Internet Explorer DER Z http ilocalhost 7 8080 eurekiFy tms ui wicket bookmarkablePage com eurekify tms w
307. lt the Eurekify Portal s security parameter is set as disabled This means that when a user logs in using a recognized user name the Eurekify Portal will not check the user s permissions no limits will be placed on what is visible to the user The user can see all the menus and menu options and the user can activate and use them all The security parameter located in the eurekify properties file is sage security disable true When this property is set to False the system shifts to the Default Deny position and only what is explicitly permitted will be visible and enabled for the user More information Permissions see page 384 Security Authentication Settings Encryption Authentication is the act of establishing that a user does indeed have security permission to gain access to the Eurekify Portal The security parameters located in the eurekify properties file governs the necessity of using a password to obtain access to the Eurekify Portal sage security disable ADAuthentication true When this property is set to True the user does not have to use his her established password in order to log in to the Eurekify Portal and any alphanumeric combination will allow them to gain entry When the property is set to False only registered passwords will provide access to the Eurekify Portal This means that there has to be a corporate Active Directory server that has a list of all the users and their passwords When a user
308. lyze a configuration and run a comprehensive audit The output of an audit is the Audit Card which contains a list of all suspicious records and the type of suspicion involved currently about 50 different types Part of the cleansing process and an important step before starting the role engineering process is for business managers Approvers to review the access rights A manager can be in charge of a team of users one or more roles or one or more resources In a business with over 1000 users the help of the managers is required to speed up the cleansing process Depending on the campaign definitions the business managers may be required to review the access rights of their employees and or resources under their jurisdiction and report the change requests to the Eurekify Administrator Campaigns are used not only in the enterprise cleansing phase but also for periodic certification as required by regulation Self Service Managers can use the Eurekify Portal to manage their team s role definitions and access to corporate resources Users can also manage their own personal privileges with regard to system roles and resources Entity Browser This browser aids the administrator business manager who is using the Eurekify Portal in viewing entities i e users roles resources associated with a specific Universe under a selected configuration The information is displayed in table format The tables contain basic information for each e
309. man Bruce DOMAIN Goodman Bruce Campaign Manager Approver Pending Action User Certification Goodman Bruce User Review t Cooper Amos DOMAIN Cooper Amos Campaign Manager Approver Pending Action User Certification Cooper Amos User Review t Schwarts Barry DOMAIN Schwarts Barry Campaign Manager Approver Pending Action User Certification Schwarts Barry User Review t Katz Nancy DOMAIN Katz Nancy Campaign Manager Approver Pending Action User Certification Katz Nancy User Review t Levi Jay DOMAIN Levi Jay Campaign Manager Approver Pending Action User Certification Levi Jay User Review t Allen Sherman DOMAIN Iian Sharoni Campaign Manager Approver Pending Action User Certification Allen Sherman User Review The following fields appear in the View Children table Action The action you can take concerning this ticket For example Select opens the selected ticket in a separate browser window Owner The ticket owner Type The ticket type Status The ticket status Title The ticket title Comments The last comment added to this ticket To view a ticket s children tickets 1 Click Advanced at the bottom of the Ticket Properties Form screen 2 Click View Children A table opens at the bottom of the Ticket Properties Form screen 3 Click Close Children to close the ticket children table Chapter 7 Running Campaign owner Tickets 127 Campaign Approver Tickets Campaign Approver Tickets When you crea
310. mendations Select one or more resources to link to the chosen users Optional Click Test Compliance to review your selections and check for possible violations The Violations screen opens in a separate browser window Click lt gt to close the Violations window Click Submit The Requests screen opens Person ID Name Privilege Herman Barbara 64646410 Herman Barbara 64646410 UGFINAR RACFPROD RACF22 Production RACF Herman Barbara 64646410 Herman Barbara 64646410 UGMTDBA RACFTEST RACF22 Test RACF Herman Barbara 64646410 Herman Barbara 64646410 UGSILVSYS NTSILV WinNT Silicon V br System Admin More information Approval Process Tickets see page 151 Customizing a Data Table see page 22 Setting the Number of Records Per Page see page 23 Filtering a Data Table see page 24 Test Compliance see page 200 Suggesting Entities see page 202 Introducing the Requests Table see page 257 Chapter 11 Running Self Service Tasks 243 Defining a New Role Defining a New Role 244 Portal User Guide The term roles as used by the CA Eurekify Role amp Compliance Manager is flexible and versatile allowing it on one hand to answer the need to define roles that comprise a class of access privileges and on the other hand answer the need to define roles that represent organizational structures within a business context For example a role can represent access to a specific
311. metimes it is necessary to create a separate universe for specific purposes for example when running an audit on a partial configuration As a universe contains a specific master model configuration pair you can either use real configuration names if you already have them or you can use names that will be place savers and can be replaced in the future when you know the true configuration file names When you aren t referring to an existing configuration the information fields will have to remain empty during the creation of the new universe Make sure to fill in the information prior to running a campaign based on this universe Note If the configuration files do not exist the Import process will create them Universe name Description Master configuration name Model configuration name Approved AuditCard Choose One X Configuration login field Configuration email field Configuration user manager field Configuration role manager field Configuration resource manager field Audit settings file Choose One Setting a Universe The Create New Universe screen contains the following fields Universe Name Provide the name of the universe Description Provide a description of this universe its use the type of configuration used etc Master configuration name The Universe s master configuration The file name has to have the extension cfg If the configuration was uploaded to the database the name w
312. mple Portal Structure XML lt xml version 1 0 standalone yes gt lt DOCTYPE portal View Source for full doctype gt lt portal gt lt tag id HomePage gt lt type gt internal lt type gt lt label gt Home lt label gt lt data gt com eurekify web portal homepage HomePage lt data gt lt checkPermission gt false lt checkPermission gt lt tag gt lt tag id TmsSystem gt lt type gt external lt type gt lt data gt SAGE_SERVICE_URL tms ui credential lt data gt lt checkPermission gt true lt checkPermission gt lt tag id DefaultTickets gt lt type gt external lt type gt lt label gt Open New Done Tickets lt label gt lt data gt SAGE_SERVICE_URL tms ui credential filter DEFAULT lt data gt lt checkPermission gt false lt checkPermission gt lt tag gt lt tag id NewTickets gt lt type gt external lt type gt lt label gt New Tickets lt label gt lt data gt SAGE_SERVICE_URL tms ui credential filter STATE_NEW lt data gt lt checkPermission gt false lt checkPermission gt lt tag gt lt tag id overDue gt lt type gt external lt type gt lt label gt Over Due lt label gt lt data gt SAGE_SERVICE_URL tms ui credential filter OVER_DUE lt data gt lt checkPermission gt false lt checkPermission gt lt tag gt lt tag id approverTickets gt lt type gt external lt type gt lt label gt Approver Tickets lt label gt lt data gt SAGE_SERVICE_URL tms ui credent
313. mpliance Submit Description Basic role for all users that have access to IT Organization Operations Characteristic Role 100 0 Min 40 Suggest Ro Type Organization Rule Org Role Enterprise Description Characteristic Role 85 7 Min 40 Characteristic Role 100 0 Min 60 Characteristic Role 100 0 Min 40 Characteristic Role 50 Role By 2 Users Characteristic Role 100 0 Min 40 Characteristic Role 100 0 Min 40 Characteristic Role 100 0 Min 40 Characteristic Role 50 Characteristic Role 100 0 Min 40 les Org Role Operations Type Org Role Applicative Role Org Role Org Role Org Role Org Role Org Role Org Role Org Role Org Role No Rule Organization Operations Manage My Role Assignments Logout DOMAIN Herman Barbara Owner 82922230 64646410 1123 Organization Human Resources Company Application Development Title Operator Sales Database Administrators System Management Stamford Branch Title Branch Manager Marketing Dept Records per page Copyright C 2008 Eurekify All Rights Reserved Build 08 11 26 01 As the Manage My Roles screen allows many options and great flexibility the procedures will be broken up by section The fields in the General section The Other Roles table options and functionality The Currently Enrolled Roles table options and functionality To manage my role assignments cli
314. n About Security amp Permissions see page 381 Typical Processes The Eurekify Portal provides access to both information and processes necessary for system wide role management compliance management certification campaigns and relevant security management oversight The following are the main Eurekify Portal processes Ticket Management Granting privileges approval processes and certification campaigns are tracked via tickets Tickets are issued when a campaign is generated and also during the approval processes associated with the campaign The user s Ticket Queue acts as a ticket inbox where the various tickets including campaign tickets notification tickets related to approval processes whether campaign related or following self service requests or other tickets generated by the system can be viewed and managed Chapter 1 Introduction 15 Typical Processes Running Campaigns Campaigns utilize Eurekify s basic auditing tools to run an enterprise certification and attestation process by designated approvers The purpose of the campaign is to certify that granted privileges comply with the business and regulatory needs and that they are not over allocated This process is supported by the Eurekify Audit Card facility which allows the presentation of out of pattern and non compliance information to the approver The campaign administrator can apply pattern recognition tools and policy enforcement rules to ana
315. n ron URA Approver 21 12 2008 Campaign 13 29 06 Pending Bpen Action 925 Role Certification Cooper Amos Role Checkup Open renong 834 E Resource certification User Certification In Progress Logout DOMAIN Cooper Amos Owner Cooper Amos DOMAIN Cooper Amos Cooper Amos DOMAIN Cooper Amos Cooper Amos DOMAIN Cooper Amos Cooper Amos DOMAIN Cooper Amos Cooper Amos Previous Owner Eurekify Admin AD1 EAdmin Chapter 6 Tickets and the Ticket Queue 77 Ticket Tables The menu bar provides three functions Search Customize m Refresh Users that were linked to the Eurekify Admin Role have an additional option m User View Admin View Enterprise Role and Compliance Manager eure x ify Home Ticket Queue Dashboards Self Service Entity Browser Reports Administration Logout AD1 EAdmin Ticket Queue gt Open New Done Tickets gt D Title Status Children Type Received Owner Pending 5 01 01 2009 Eurekify Admin Action 16 20 34 AD1 EAdmin P amp User Review Approval Root Request In Progress 17 a aoe Eurekify Admin 25 12 2008 Eurekify Admin 19 24 11 AD1 EAdmin 23 12 2008 Eure re AD a End of Year Resource Review Resource Certification Campaign Pending 15 Adion Campaign E Role Review Role Certification E Role Checkup Role Certification In Progress 15 Campaign The tickets are displayed in table format The table is fully customizable and you can use the Cus
316. n New Tn Progress Role 01 02 2009 DOMAIN Ian A Resource DA 2259 Update Role Approval Root Request New In Progress 2260 a update Role Organization Marketing_Dept New In Progress Link User 01 02 2009 Request to add user to role association a Role 14 07 34 role Organization Marketing_Dept user 84847310 New Poges Remove 01 02 2009 Request to remove user to role association T aa a User Role 14 07 34 role Organization Marketing_Dept user 77371120 New In Progress Remove 01 02 2009 Request to remove user to role association E rai a User Role 14 07 34 role Organization Marketing_Dept user 88382990 Open mn Prog Link Role 01 02 2009 Request to add role to resource association 2265 ISS a New In Progress Resource 14 07 34 resource UGMTSYS role Organization Marketing_Dept Chapter 12 Role Definition Tickets 265 Introducing the Requests Table ID 2246 2247 2248 2249 2242 2243 2244 2245 2220 266 Portal User Guide Entity managers are assigned to an Approval Process as approvers based on the link type For example for a Delete Link User Role process the user s manager and the role s manager will be assigned as approvers Users can become approvers for other users only if the Approver s name appears in the manager column of the Universe s Model configuration files for the specific user Users can become approvers for Roles and or Resources only if they are
317. n contains the following topics Eurekify Sage Error Messages see page 391 Eurekify Sage Error Messages Eurekify Sage contains a system of messages that is intended to provide an alert when an activity cannot be completed as defined or if further information is needed to complete the activity The following table displays typical messages and the type of action to perform Field Code Description settings raci create missingmanagers errcode admoo1 It is recommended that all universe manager fields be filled before creating raci so that accountable links can be automatically added settings raci create alreadyexist errcode adm002 raci configurations already exist for 0 settings raci create fail errcode adm003 failed to create raci configurations for 0 required errcode app001 field label is required iconverter errcode app002 input is not a valid type numbervalidator range errcode app003 input is not between minimum and maximum numbervalidator minimum errcode app004 input is smaller than the minimum of minimum numbervalidator maximum errcode app005 input is larger than the maximum of maximum numbervalidator positive errcode app006 input must be positive numbervalidator negative errcode app007 input must be negative stringvalidator range errcode app008 input is not between minimum and maximum characters long Chapter 17 Troubleshooting 391 Eurekify Sage Er
318. n you and the selected role The Currently Enrolled Roles table provides the following functionality Add A column of check boxes one per role This column is inactive in this screen Remove A column of check boxes one per user Check one or more to remove the link between the selected users and the selected roles Role Name Click any highlighted role name listed in this column to open its Role Card Depending on the type of action you wish to take you may find that after selecting the appropriate check boxes in this section you have completed the task In this case you can ignore the instructions in the Other Roles and submit your requests by clicking Submit at the bottom of the Manage My Roles screen To make selections in the Currently Enrolled Roles table in the Currently Enrolled Roles table click the relevant check boxes in the Remove column At this point you can choose to End the process at this point m Add roles If you do not want to add new roles submit your requests Chapter 11 Running Self Service Tasks 221 Manage My Role Assignments More information Presenting the Other Roles Table Manage My Role Screen see page 222 Presenting the Other Roles Table Manage My Role Screen This section allows you to enroll in additional roles of your choice The actual enrollment will take place following a review process In addition to managing the roles that you are currently linked to you can als
319. nce Description Characteristic Role 85 7 Min 40 Characteristic Role 100 0 Min 60 Characteristic Role 100 0 Min 40 Characteristic Role 50 Role By 2 Users Characteristic Role 100 0 Min 40 Characteristic Role 100 0 Min 40 Characteristic Role 100 0 Min 40 Characteristic Role 50 Characteristic Role 100 0 Min 40 Description Fifth Av Br Team Iterated Characteristic Role 100 0 Min 60 Characteristic Role 44 4 Min 40 Basic role for all users that have access to IT Role By 2 Resources Characteristic Role 40 0 Min 40 Characteristic Role 100 0 Min 40 Characteristic Role 100 0 Min 40 Characteristic Role 100 0 Min 40 Characteristic Role 100 0 Min 40 Type Org Role Applicative Role Org Role Org Role Org Role Org Role Org Role Org Role Org Role Org Role Type Org Role Applicative Role Applicative Role Org Role Applicative Role Applicative Role Org Role Org Role Org Role Org Role Copyright C 2008 Eurekify All Rights Reserved Build 08 11 26 01 A 41123 Organization Human Resources Company Application Development Title Operator Sales Database Administrators System Management Stamford Branch Title Branch Manager Marketing Dept Records per page 10 Y 4423 Organization Fifth Ave Branch Company Company Enterprise Fifth Ave Branch Company Application Development Database Administrat
320. nce Manager looks at the role s rule and finds the users that match the rule but are not linked to the role and suggests adding those users to the role The equivalent in the CA Eurekify Role amp Compliance Manager DNA In Out of Pattern Identify users matching rule based roles For more information see the CA Eurekify Role amp Compliance Manager Sage ERM DNA User Guide In Out of Pattern Entities Chapter 11 Running Self Service Tasks 203 General Self Service Functions When you request suggestions for more than one user the table lists the number of users that match out of the number of selected users matching selected Other Roles Showing 1 to 10 of 27 4 4123 gt Add Role Name Description Matching Rights HR Pattern Privileges Pattern Matching Rule Details aati Role 100 0 Min 10 10 10 10 10 10 Details Organization Stamford Branch 40 Fifth av Applicative role Role By 2 Resources 10 10 Details Organization Humen Characteristic Role 85 7 Min Resources 40 Title Branch Officer Clerk Characteristic Role 50 1 10 1 10 1 10 Details 10 10 10 10 10 10 Details Title Branch Manager Characteristic Role 50 1 10 9 10 9 10 Details Characteristic Role 100 0 Min 40 Organization IT Security 10 10 Details Characteristic Role 100 0 Min Characteristic Role 40 0 Min 40 Characteristic Role 100 0 Min 60 Organization Finance 1
321. nd click Browse to select the folder where you will store the new files 6 Click OK to confirm the new file name and its location 7 Click Trim The new configuration is generated and a notice screen appears Eurekify Sage DNA 1 Trim Configuration Finished With No Errors Appendix A Duplicating a Configuration 405 Eurekify Sage Error Messages 406 Portal User Guide G 8 Click OK The next stage is to save the new master and model configurations to SQL 9 On the File menu click Open from File Use the Open browser screen to locate the new master configuration Click Open The new master configuration file appears 10 Click Save to SQL Step 2 of the Eurekify Wizard appears Saving Document to the Database Eurekify Database Wizard Step 2 Saving Document to the Database Save Database Configuration New Eurekify Configuration Master ConfigWwithRoles cto C Existing Eurekify Configuration Configuration al ConfigNoRoles cfg i E ConfigwithRoles cfg E Model_ConfigwithRoles cfg Master_ConfigwithRoles cfg E Eurekify cfg E t en me tabase Set SQL Database Connectivity xI 11 Enable New Eurekify Configuration and enter the new master configuration file name 12 Click Next The Progress Log screen opens You can follow the progress of the transformation At the end of the process you are asked to close this configuration file and open it from the
322. neral syntax is lt Menu Name gt lt sub menu gt For example Self Service allows users linked to this resource permission to see and use all the available Self Service menu items Adding Exclude after the square brackets excludes a specific menu or menu item from the user s menu options Doc_Access Type Resources DocAccess deals with permission to access documents configuration audit card universe and so on UNIVERSE RW L this resource will grant all permissions to UNIVERSE documents DOC_ACCESS CONFIGURATION RW this resource will grant all permissions to CONFIGURATION documents DOC_ACCESS AUDITCARD RW this resource will grant all permissions to AUDITCARD documents DOC_ACCESS BPR RW L this resource will grant all permissions to BPR documents DOC_ACCESS DATABASE RW this resource will grant all permissions to DATABASE documents DOC_ACCESS The general syntax is lt Document type gt For example AUDITCARD allows users linked to this resource permission to access this type of file Adding the modifier Read R or Read Write RW sets the level of access to the files that the user is permitted to access The value entered in the column Resnamez2 influences the level of permissions asterisk indicates full permission for all such files or a specific entity can be listed here for example a configuration name a universe name Chapter 16 About Security amp Permis
323. nformation but are not subject to the review process The following is a list of possible direct links between entities user role m user resource m role resource m role role hierarchy Step 1 Creating a Universe Step 1 Creating a Universe A universe is a virtual location that encompasses the data collected from the enterprise security and or identity management system s This data is stored in the Eurekify configuration files A universe consists of a specific pair of master model configurations enabling tracking of differences between the real world configuration downloaded from the system master and the desired configuration generated following a campaign model To create a Universe you need the following information Master configuration file name and path Model configuration file name and path Approved Audit Card optional Audit Settings file name and path recommended Names of the fields in the configuration files that contain the following information login email user manager role manager and resource manager Note You can provide names of configuration files that do not yet exist In this case you will not have the field names and you will have to create the master model configuration files later and then update the Universe with the correct field names More information Setting a Universe see page 338 Chapter 3 Getting Started 43 Step 2 Creating Import Connectors
324. ng see page 360 The Transaction Log see page 363 Cache Manipulation see page 366 Properties Settings see page 368 Eurekify Configuration Settings see page 374 RACI Operations see page 376 TMS Administration see page 378 System Checkup see page 379 Adding Campaigns Campaigns utilize Eurekify s basic auditing tools to run an enterprise wide certification and attestation process with the aid of designated approvers The purpose of the campaign is to certify that granted privileges comply with the business and regulatory needs and that they are not over allocated This process is supported by the Eurekify Audit Card facility which allows the presentation of out of pattern and non compliance information to the approver A campaign runs a general corporate auditing process to determine the measure of the corporate compliance with various regulatory requirements on one hand and with internal policies on the other The campaign parameters are set by the administrator running the campaign This administrator also known as the campaign owner determines the universe on which the auditing process will be run which policies will be examined and several other aspects of the campaign The campaign directs the auditing process setting it to either basic role based auditing or policy compliance auditing By determining the campaign universe the administrator who is the campaign owner determines whi
325. ng you of the success or failure of the import export job An import job can run from a few moments to a few hours You can monitor the situation via the Import Ticket generated by the process Ticket Properties Form Windows Internet Explorer http localhost 8080 eurekiFy tms ui wicket bookmarkablePage ticketPage1489 com eurekify tms web template DefaultTicketPage ticketId 1489 Import Ticket Ticket Id Due Date Modified Date 09 01 2009 11 47 42 Date Created 09 01 2009 11 47 35 Title Description 1489 Owner Eurekify Batch Admin Previous Owner Status pending Action 09 01 2009 12 20 54 Priority Normal x Severity Medium lt State Done v Basic import connector 2009 01 09T11 47 34 Master Configuration Name Master_firstRun a Model Configuration Name Model_firstRun ort Name Basic import connector K Basic import connector Admin_Basic Master_firstRun jodel configuration name Model_firstRun Settings XML file C Program Files Eurekify Eurekify Sage Client Tools V4 0 Software Converters CA CAConvert defaultSettings xml lapping XML file C Program Files Eurekify Eurekify Sage Client Tools V4 0 Software Converters CA CAConvert defaultMapping xml jax duration time seconds 2000 Import client CARemoteSystemExternalProcessConnector lorkflow process name Import Config nrichment settings Audit settings file Approved audits audit card icket type title F
326. nistration Menu The Administration menu provides access to the following options m Add a campaign m Job scheduling m Accessing the TxLog page m Load the cache m Clear the cache m Create RACI m Synchronize RACI TMS administration Settings Determine the settings for the Universe Connectors and other basic properties Connector Settings m Universe Settings m Properties Settings Common Properties Settings Audit Properties Settings Determine the Eurekify configuration settings m System Checkup More information Using Administration Functions see page 325 38 Portal User Guide User Interface for Non Administrators User Interface for Non Administrators The Eurekify Portal s flexibility becomes self evident when examining the access it allows users with limited or no administrative rights When such a user accesses the Eurekify Portal the user can run any process and view any data for which he she has been granted access permission Available menu bar options will change according to the user s privileges For example if you are a user without administrative privileges in charge of one or more resources then when opening the Eurekify Portal you have a menu bar without the Administration option and the Self Service menu is limited to viewing your personal roles and resources and to handling the resources under your purview The Ticket Queue allows access to Approver tickets that were allocated t
327. niverse Editing a Universe 344 Portal User Guide To edit an existing Universe 1 3 Click Edit next to the Universe that you want to edit You cannot change the name of a universe The contents of the other fields can be edited Note We recommend that when editing a universe s configuration file names make sure that the configurations were not assigned to another universe Click Save Note Sometime an issue exists for historical reasons that causes a message to appear At the bottom of the message you are asked if you want to auto repair the issues in this message Always click Yes Enterprise Role and Compliance Manager Home Ticket Queue Dashboards Self Service Entity Browser Reports Administra GENUST014 The following issues were found 1 the master configuration Masterl_ConfigWithRoles is no 2 the master configuration Masterl_ConfigWithRoles has a 3 the model configuration Modell ConfigWithRoles is not 4 the model configuration Modell _ConfigWithRoles has a p 5 the model configuration Modell _ ConfigWithRoles is not would you like to auto fix them GENUSTO15 Click Yes to auto fix the issues listed in this error message The Please Wait bar appears When the job is completed the new universe appears in the Universes list Setting a Universe Deleting a Universe To delete a Universe 1 Click Delete next to the Universe you want to edit A warning screen opens Are yo
328. nt to the ticket Add Attachment Add an attachment or URL to the ticket View Transaction Log The transaction log provides a history of the ticket related actions executed since the creation of the ticket View Parent Opens the current ticket s parent s ticket View Initiators View of list of the users who launched this ticket View Violations This button is disabled View Entity Opens the entity s card Two buttons are provided one for each side of the link under review View Consult Results This button appears only when the Consult service has been activated More information Add Comment see page 87 View Transaction Log see page 90 Add Attachment see page 89 View Initiators see page 162 View Parent see page 163 View Entity see page 165 View Consult Results see page 186 Chapter 12 Role Definition Tickets 299 Update Role Ticket Tree Update Role Ticket Tree The Update Role Ticket tree is generated following one of two tasks m Inthe case of where a request is made to update a role s definitions when the Self Service manager made a request to add links to the specific role When only requests to remove links have been made the Update Role ticket tree that is generated follows the standard format for other Self Service ticket trees m In the special case of Manage My Team s Role Assignments when the number of users selected to enroll in a role is greater than the system threshold a
329. nt within the campaign s selected universe and configuration from a specific entity s point of view As such during a campaign you can approve or reject a link but the final decision regarding rejected links is postponed The Approval Process sends every rejected link to the managers of the involved entities both sides of the link allowing them the final say as to whether to reject the link or not This means that during the approval process Tickets will be sent to both the user manager and the role manager of each rejected user role link Tickets will be sent to both the user manager and resource manager for each rejected user resource link Tickets will be sent to both the role manager and the resource manager for each rejected role resource link Tickets will be sent to the role manager s for each rejected role role hierarchy link Note The rejection or approval of a link during this process is final and will not be sent for further review Chapter 9 Approval Process Tickets 151 Advanced CMA Ticket Functions 152 Portal User Guide The approval process is started by the current campaign owner When an instruction to begin an Approval Process is given the CA Eurekify Role amp Compliance Manager generates a hierarchal Approver Process ticket tree The ticket tree comprises three nodes Approval Root ticket This ticket belongs to the campaign owner Each approval process has only one root ticket Rejec
330. nting the Other Roles Table MMT Role Screen 0 cece cece cece e eens 214 Manage My Role Assignments 0 ccc eect ene tee nett eee nent eee teeeeee 218 Presenting the General Section Manage My Roles Screen 00 ccc 220 Presenting the Currently Enrolled Roles Table Manage My Role Screen 221 Presenting the Other Roles Table Manage My Role Screen 0 cece cece eens 222 Manage My Team s Resources cece nunon rreren nee ene teen teen eee erren 226 Presenting the General Section MMT Resources Screen 2 cece cect eens 227 Presenting the Users Table MMT Resources Screen 0 0 cece ce cece teen teens 228 Presenting the Currently Enrolled Resources Table Manage My Roles Screen 230 Presenting the Other Resources Table MMT Resources Screen 0 cece cece teens 233 Manage My RESOUFCES ss c 0cc0ceie ivi Geaewae cos REE ESTEE EE obs SEEE EEEE EE TEE ES 237 Presenting the General Section Manage My Resources Screen cc cece cece eens 238 Presenting the Currently Enrolled Resources Table Manage My Resources Screen 240 Presenting the Other Resources Table Manage My Resources Screen 0 0 eee eee 241 Defining a NeW Role aX s 604 vo sd55 854 S94 VSS SHS 4S FV 44549455 4444 4E4 S44 444 O98 494594 244 Request New Role Definition Screen 0 0 ccc cnet e tee e net erenn ees 245 Definitions for Role Name New Role Name 2 0 0 cece cc ene eee
331. ntity Running reports Provides access to a variety of reports Dashboards Automatically shows users useful statistical information as they go about their tasks Administration Administrators can create a universe generate import export connectors and define their scheduling They can also perform other functions available only to senior administrators 16 Portal User Guide Opening the Eurekify Portal More information Using The Eurekify Portal Interface see page 19 Opening the Eurekify Portal To activate the Eurekify Portal 1 Run your browser 2 Enter the address http ServerName ServerPort eurekify and click Go The Login screen opens Enterprise Role and Compliance Manager 3 Enter your User Name and Password in the text fields Note Both the User Name and Password are case sensitive 4 Click Login The Eurekify Portal Home Page appears Enterprise Role and Compliance Manager Home TiketQueue Dashboards Self Service Entity Browser Reports Administration Logout AD1 EAdmin State Status Children Type Received Owner Previous Owner Chapter 1 Introduction 17 Opening the Eurekify Portal More information Using The Eurekify Portal Interface see page 19 Presenting the Home Page see page 63 18 Portal User Guide Chapter 2 Using The Eurekify Portal Interface This guide assumes that you are familiar with CA Eurekify Role amp Compliance Manager Sage DNA and S
332. ntity s card contains all the relevant information present within the selected Universe and includes lists of links in table format to the other entities For example in a User card you have a Roles table and a Resources table You can also access the cards belonging to linked entities by clicking on the relevant highlighted content from within a specific entity card These following options are available for all entity cards Customize Allows you to customize this table Filter Open a filter screen which you can use to filter the table contents Records per page Select the number of records that will appear in the table Highlighted content in the entity card By clicking on specific content in the active column usually this is the first column the one that contains the user name resource name you can open the linked entity s data card More information Customizing a Data Table see page 22 Setting the Number of Records Per Page see page 23 Chapter 2 Using The Eurekify Portal Interface 29 User Interface User Card User cards present all the information concerning the specific user that is available in the selected Universe s configuration files It also includes separate lists under discrete tabs of the user s linked Roles and Resources in table format User cards are marked with the symbol Enterprise Role and Compliance Manager ooper Amos 54672910 Model2_ConfigWithRoles 54672910 Coope
333. nu click Settings The list of available options appears 2 Click Common Properties Settings The Eurekify Properties Page screen opens More information Creating a New Property Key see page 371 Editing a Property Key see page 372 370 Portal User Guide Properties Settings Creating a New Property Key Property keys are defined and provided as part of the Eurekify ERCM product out of the box At times you may find it necessary to add a new property key to the Eurekify property file The Properties Settings utility makes this easy to do When you want to create a new property key you have to enter the key before you click Create New If you do not you will receive the following message cannot create a property with a null empty key GENPRPOO3 Properties Settings Properties can not create a property with a null empty key GENPRPOO3 After you enter the new property key name and click Create New the Edit Property screen opens Save is disabled The reason is that for security reasons when you edit a property key the change is not saved directly to the properties file Instead the updated property key value is saved to the CA Eurekify Role amp Compliance Manager database The Eurekify Portal provides you with two databases to store your update key values DB_dynamic_properties The change is immediate You do not have to wait for the server to go offline to update the property values DB_stat
334. o request that the system provide you with a list of recommended roles for yourself This list of roles will be displayed in the section Other Roles Other Roles Showing 1 to 10 of 28 Add C Customize Role Name Organization Human Resources RACF Public access Organization Application Development Title Operator Sales Team Organization Database Administrators Organization System Management Organization Stamford Branch Title Branch Manager Organization Marketing_Dept Find Roles Test Compliance Description Characteristic Role 85 7 Min 40 Characteristic Role 100 0 Min 60 Characteristic Role 100 0 Min 40 Characteristic Role 50 Role By 2 Users Characteristic Role 100 0 Min 40 Characteristic Role 100 0 Min 40 Characteristic Role 100 0 Min 40 Characteristic Role 50 Characteristic Role 100 0 Min 40 Suggest Roles Type Org Role Applicative Role Org Role Org Role Org Role Org Role Org Role Org Role Org Role Org Role 141123 Organization Human Resources Company Application Development Title Operator Sales Database Administrators System Management Stamford Branch Title Branch Manager Marketing Dept Records per page 10 222 Portal User Guide Manage My Role Assignments The Other Roles section provides the following options Add A column of check boxes one per
335. o Internet 294 Portal User Guide Add New Role Ticket Tree In this section you will find information specific to the Self Service Request New Role Parent ticket lt Ticket Title gt Link Entity Role Title Request to add Entity to role association Role Role Entity Entity ID For example Request to add user to role association role Corporate Security user 89213720 Description Request to add Entity to role association Role Role Entity Entity ID Request was submitted on Universe Universe from Self Service Task For example Request to add user to role association role Corporate Security user 89213720 Request was submitted on Universe Portal from Add Role The More Details gt gt lt lt Less Details option provides additional information Use this ticket s functionality when you wish to transfer the specific sub tree to the management of another user or to cancel this specific review You can use the options in the ticket s Advanced section to access additional information concerning the current ticket and the Approver ticket associated with it in the sub tree More information The Ticket Properties Form see page 83 New Role Parent Ticket General Functions The Self Service Request Update Role Parent ticket provides the following General functionality Close Closes the ticket Save Saves the changes made to the ticket Delegate Transfers the ticket tree to another manager
336. o be found below the Approval Root ticket depend on the specific role related requests being made these tickets will be described where relevant What is important to realize is that the Approval Root ticket provides the same information and functionality both for an Add Role request and an Update Role Definition request Note When the approval process Approver tickets are not generated a Notification ticket appears below a Request Parent ticket Click the ticket title to open the Ticket Properties Form in a separate browser window Ticket Properties Form Windows Internet Explorer http localhost 8080 eurekify tms ui wicket bookmarkablePage com eurekify tms web template DefaultTicketPagesticketId 2259 Approval Root R Ticket Id 2259 Owner Eurekify Admin Previous Owner Status In Progress Due Date 01 02 2009 19 05 45 Priority Low v Severity Minimal State Open Modified Date 01 02 2009 16 33 24 Date Created 01 02 2009 14 05 45 Title Update Role Approval Root Request Description Approval Root Request Request was submitted on Universe Portal from Update Role lt lt Less Details onfiguration Name Model2_ConfigWithRoles Add Comment Add Attachment View Transaction Log View Children gt gt View Statistic La Internet In this section you will find information specific to the Approval Root ticket type for Self Service provisioning requests lt Ticket Title gt Approval Root Title
337. o can receive the escalated approval task s This list can be filtered to aid in finding a specific user The names listed in the proposed users list are governed by several default property filters of the type tms escalate filter To escalate a ticket 1 Click Escalate in the ticket s Ticket Properties Form The Find Escalate Users screen opens 2 Select a name from the list You can use the filter option to reduce the number of records listed in the table 3 Click OK The Executing bar appears The original ticket is archived and its status is set to Escalated A new ticket is generated The ticket appears in the target user s Ticket Queue Delegate General Approval Process Ticket Functions More information Add Comment see page 87 Filtering a Data Table see page 24 Eurekify Properties see page 409 This function allows you to transfer the selected a ticket to another user Once you have transferred the selected ticket to the new ticket owner the original ticket is archived and will no longer appear in your list of active tickets Only the current ticket owner can delegate a ticket Ticket Properties Form Windows Internet Explorer DER w http flocalhost 8080 eurekify tms ui wicket bookmarkablePage com eurekify tms web template Default TicketPage amp ticketId 1922 Delete Link User Resource Ticket Id Due Date 1922 Owner Previous Owner Cooper Amos DOMAJ Status In Progress 21 01
338. o you as a resource manager Access to all other items via the menu bar would depend on your assigned permissions Enterprise Role and Compliance Manager eurekity Home Tiet Queue Dashboards Self Service Entity Browser Reports Logout DOMAIN Angel Ben One of the advantages the Eurekify Portal gives its corporate users is that even individual users with very limited permissions can still see tickets that are relevant to them For example a non manager whose roles or resource access has been changed can view tickets informing him her of these changes in his her personal Ticket Queue The following shows an example of a menu bar for a user with very limited permissions Enterprise Role and Compliance Manager 1 eureXify Home Ticket Queue Logout DOMAIN Cooper_Amos More information About Security amp Permissions see page 381 Chapter 2 Using The Eurekify Portal Interface 39 Chapter 3 Getting Started This chapter describes the order of procedures to be carried out when running the Eurekify Portal on a system whose user role and resource data has not yet been downloaded by the CA Eurekify Role amp Compliance Manager system The step by step details for each step in the procedures mentioned here are described in later chapters This section contains the following topics Introducing Entities and Links see page 42 Step 1 Creating a Universe see page 43 Step 2 Creating Import Connectors see page 4
339. oard compliance error multiname errcode dashboard compliance error nocard errcode dashboard compliance error multicard errcode dashboard compliance error nobpralerts errcod e entity emptylist errcode mail builder createticket sage errticket subject errcode mail builder createticket sage errticket body err code properties errormsg propertyalreadyexists errco de properties errormsg unencryptedpropertyalread y exists errcode properties errormsg contcreateemptyproperty e rrcode loginpage userauthentication failed errcode loginpage connecttoauthenticationservice failed errcode 394 Portal User Guide Code cst007 cst008 cst009 cst010 cst011 cst012 cst013 dbc001 dbc002 dbc003 dbc004 dbc005 eml001 mal001 mal002 prp001 prp002 prp003 prt006 prt007 Description was unable to find the enrichment file O missing password field missing maxduration field error parsing maxduration field please use integer values missing connector client class to use missing work flow process missing ticket type please enter all audicard names name 0 appears more then once please enter all audicards audicard 0 appears more then once audicard 0 has no bpr alerts no match was found new error ticket title 3 a error ticket id the property 0 already exists an un encrypted property 0 is already exists please remove it first can not create
340. ocumentation have been returned to CA or destroyed EXCEPT AS OTHERWISE STATED IN THE APPLICABLE LICENSE AGREEMENT TO THE EXTENT PERMITTED BY APPLICABLE LAW CA PROVIDES THIS DOCUMENTATION AS IS WITHOUT WARRANTY OF ANY KIND INCLUDING WITHOUT LIMITATION ANY IMPLIED WARRANTIES OF MERCHANTABILITY FITNESS FOR A PARTICULAR PURPOSE OR NONINFRINGEMENT IN NO EVENT WILL CA BE LIABLE TO THE END USER OR ANY THIRD PARTY FOR ANY LOSS OR DAMAGE DIRECT OR INDIRECT FROM THE USE OF THIS DOCUMENTATION INCLUDING WITHOUT LIMITATION LOST PROFITS BUSINESS INTERRUPTION GOODWILL OR LOST DATA EVEN IF CA IS EXPRESSLY ADVISED OF SUCH LOSS OR DAMAGE The use of any product referenced in the Documentation is governed by the end user s applicable license agreement The manufacturer of this Documentation is CA Provided with Restricted Rights Use duplication or disclosure by the United States Government is subject to the restrictions set forth in FAR Sections 12 212 52 227 14 and 52 227 19 c 1 2 and DFARS Section 252 227 7014 b 3 as applicable or their successors All trademarks trade names service marks and logos referenced herein belong to their respective companies Copyright 2009 CA All rights reserved Contact CA Contact Technical Support For your convenience CA provides one site where you can access the information you need for your Home Office Small Business and Enterprise CA products At http ca com support yo
341. of the ticket was last modified Shows the date and time when the ticket was first created The ticket s title A description of the ticket More information Ticket Status see page 75 The Ticket Properties Form General Ticket Functions Ticket functionality depends on the ticket type and on the user who is viewing the ticket Every Ticket Properties Form has at least two active functions Save Click to save any changes made to the ticket Close Click to close the Ticket Properties Form browser window More information Running Campaign owner Tickets see page 101 Campaign Approver Tickets see page 131 Running Self Service Tasks see page 197 Advanced Ticket Functions Advanced ticket functionality depends on the ticket type and is available only to the ticket owner Click Advanced at the bottom of the Ticket Properties Form to access the advanced ticket functions Ticket Properties Form Windows Internet Explorer http flocalhost 8080 eurekify tms ui wicket bookmarkablePage com eurekiFy tms web template DefaultTicketPagetticketId 834 Campaign TEs 34 Owner Cooper Amos _ Previous Owner Eurekify Admin AD1 Status in Progress 01 2009 0 Normal Severity Medium State open 01 Date Created 21 12 2008 12 29 06 Resource certification User Certification End of year review Universe Portal Campaign Type USER Auto Generate Permissions Configur
342. ogress Windows Internet Explorer jiverse Portal onfiguration Model2_ConfigWithRoles Approver Name Progress Completed AD1 EAdmin Eurekify Admin j j i i 0 6 0 DOMAIN Herman Barbara Herman Barbara 0 202 0 DOMAIN Purple Mary Purple Mary i 0 96 0 DOMAIN Goodman Bruce Goodman Bruce i 0 26 0 DOMAIN Cooper Amos Cooper Amos 0 177 0 DOMAIN Schwarts Barry Schwarts Barry 0 18 0 DOMAIN Katz Nancy Katz Nancy 18 38 47 DOMAIN Levi Jay Levi Jay f 0 62 0 DOMAIN Ilan Sharoni Allen Sherman 0 13 0 LE internet 100 Chapter 7 Running Campaign owner Tickets 123 Campaign Management Functions 124 Portal User Guide The header of this window contains the following information Title Progress Provides the name of the campaign ticket Universe Provides the name of the universe on which the campaign is being run Configuration Provides the name of the configuration on which the campaign is being run The progress table contains the following columns Approver The Approver ID Name The Approver name Progress A graphical presentation of the amount of progress each Approver has made Completed Shows numerically of links have been audited total of links to be audited for example 0 40 means that none of the 40 links to be audited have been approved rejected or reassigned This table also provides the value as a percentage For exam
343. oles table will show roles belonging to the selected Universe s configuration 2 Enter the Business Area for the current action 3 Enter the Business Process associated with the current action 4 Enter a Description Note If the actions you want to take do not involve your currently enrolled roles you can skip the Currently Enrolled Roles table and skip to the Other Roles table If you do not wish to manage the currently enrolled roles add roles to the selected users 220 Portal User Guide Manage My Role Assignments More information Presenting the Currently Enrolled Roles Table Manage My Role Screen see page 221 Presenting the Other Roles Table Manage My Role Screen see page 222 Presenting the Currently Enrolled Roles Table Manage My Role Screen This section lets you manage your current roles enrollment When you selected the Universe the Eurekify Portal provided the list of your current roles within the universe s configuration Currently Enrolled Roles Add Remove Role Name Description Type Organization Rule Owner o BASIC ROLE Basic role for all users that have access to IT Org Role Enterprise No Rule 82922230 o Organization Operations Characteristic Role 100 0 Min 40 Org Role Operations Organization Operations 64646410 The Currently Enrolled Roles table for the Manage My Roles task provides only option to select a Remove check box next to a role thereby severing the link betwee
344. on User Approval Request to delete role Organization Database Administrators Characteristic Role 100 0 Min 40 from user Davis Brett 75675330 Request was submitted on Universe Portal from Link of Team to Role s lt lt Less Details onfiguration Name Model2_ConfigWithRoles P ID 75675330 Organization Database Administrators Add Attachment View Transaction Log View Initiators View Violations i C internet 100 The Ticket type s name is constructed from the ticket s action delete link and the entities involved Therefore an Approver ticket for a request to delete a link between a user and a resource will be called a Delete Link User Resource ticket Your main task is to either approve or reject the submitted request to severe a link between two entities You can use any of the ticket s functions to find out more information or perform any related task This section covers the following topics Approver tickets General functions Approver tickets Advanced functions Approval Process Approver Tickets More information Reject see page 184 Approve see page 183 Approver Tickets General Functions The Approval Root ticket provides the following General functionality Close Close the ticket Save Saves the changes made to the ticket Delegate Transfers the ticket tree to another manager Escalate Transfers the ticket tree to another manager Consult Allows you to request a consul
345. on role Corporate Security user 89213720 Cooper Amos DOMAIN Cooper Amos Cooper Amos DOMAIN Cooper Amos Cooper Amos DOMAIN Cooper Al Link User Role In Progress Request to add user to role association role Corporate Security user 54672910 Link User Role In ProgressRequest to add user to role association role Corporate Security user 91236370 mos Link User Role In Progress Request to add user to role association role Corporate Security user 89123140 Cooper Amos DOMAIN Cooper Amos Cooper Amos DOMAIN Cooper Am Link User Role Tn ProgressRequest to add user to role association role Corporate Security user 84847310 Request to add role to role association parent role Corporate Security child Link Role Role n Progress oie Qrganization IT Security Cooper Amos DOMAIN Cooper Link Role Amos Resource Cooper Amos DOMAIN Cooper Link Role Amos Resource Cooper Amos DOMAIN Cooper Link Role Amos Resource In Progress Request to add role to resource association resource public role Corporate Security In Progress Request to add role to resource association resource PUBLIC role Corporate Security In Progress Request to add role to resource association resource UGMTSYS role Corporate Security Records per page 20 Y 278 Portal User Guide Role Definition Main Request Parent Ticket During an Update Role approval process you can see Stage 1 The Role Approver tick
346. or the purposes of the campaign only General Contains the Create the Campaign button and the option to continue working while the campaign ticket is generated in the background Enterprise Role and Compliance Manager eureify Home Ticket Queue Dashboards Self Service Entity Browser Reports Administration Logout AD1 EAdmin Administration gt Add Campaign Settings Campaign Name Owner AD1 EAdmin Date Created 12 25 08 Description Due Date 01 01 2009 Universe Demo1 iS Configuration Choose Configuration Audit Card None M Campaign Type UserCertification M Only use links from audit card Only use links not in audit card Permissions Z Automatically provision campaign permissions Don t wait for ticket processing receive email when finished Create The Campaign Chapter 15 Using Administration Functions 327 Adding Campaigns 328 Portal User Guide The Certification Campaign screen contains the following fields Settings This section of the screen sets the campaign details Campaign Name Provide a unique and meaningful name Owner This field is auto completed by the Eurekify Portal Description Provide a concise and meaningful description of the campaign Due Date The date by which all the campaign processes must be completed Universe Choose a universe from the list Selecting a universe determines the available configu
347. originated all functions disabled Ticket Properties Form Windows Internet Explorer SEN l http flocalhost 8080 eurekify tms ui wicket bookmarkablePage ticketPage1 758 com eurekify tms web template Default TicketPage amp ticketId 1758 Delete Link User Role Ticket Id Owner Cooper Amos DOMAJ Previous Owner Status pending Action Due Date 19 01 2009 05 18 4 Priority Low y Severity Minimal v State Open Modified Date 22 01 2009 12 02 31 Date Created 19 01 2009 00 18 41 Gi User Approval Request to delete role Organization Database Administrators Characteristic Role 100 0 Min 40 from user Davis Brett Description User Approval Request to delete role Organization Database Administrators Characteristic Role 100 0 Min 40 from user Davis Brett 75675330 Request was submitted on Universe Portal from Link of Team to Role s Consult More Approve Model2_ConfigWithRoles 75675330 Organization Database Administrators It When you have selected to either approve or reject the link the consultation ticket is archived Enterprise Role and Compliance Manager Home Ticket Queue Dashboards Self Service Entity Browser Ticket Queue gt Archived Tickets ID Title Reports Administration State Status Children Type Received Owner Delete 0 Link teer 2202003 Herman Barbara Role DER Consult User Request to delete role 1949 Organization Database Administrators Char
348. ormation Accessing the Common Properties Settings Page see page 370 Eurekify Properties see page 409 Setting the Number of Records Per Page see page 23 Accessing the Common Properties Settings Page Common properties are properties of the type properties headers commonProperties Enterprise Role and Compliance Manager Home Ticket Queue Dashboards Self Service Entity Browser Reports Administration Logout AD1 EAdmin Administration gt Settings gt Common Properties Settings properties headers commonProperties Type Property Key Property Value t Eurekify_home_properties_file statisticalService url http localhost 8080 eurekify services sageStatisticalService t Eurekify_home_properties_file pbe provider t Eurekify_home_properties_file pbe algorithm PBEWithMDSAndDES t Eurekify_home_properties_file campaignService url http localhost 8080 eurekify services campaignService t Eurekify_home_properties_file sage passphrase eurekify t Eurekify_home_properties_file pbe enable true t Eurekify_home_properties_file sageBrowsingService url http localhost 8080 eurekify services sageBrowsingService t Eurekify_home_properties_file reportsServicesTimeout 3600000 Filter Properties Keys Containing For instructions on how to create a new property key or edit an existing one see m Create a new Property key m Edit an existing property key To access the Common Properties page 1 On the Administration me
349. ormational and or hierarchal or provide a plain notification concerning a process A term used to denote a unique Master configuration Model configuration pair A violation is a breach of corporate security policies guidelines BPRs and or regulations The Eurekify ERCM identifies such infractions and lists them in Audit Cards where relevant While using the Eurekify Portal you will come across Violations columns where relevant The number listed in such columns provides the number of violations associated with the specific row in the table Glossary 433 Workflow Campaigns and approval processes are guided by a workflow a collection of instructions that guide the application logic The workflow is generated by Workpoint which is a Business Processes Management BPM workflow design engine 434 Portal User Guide Index A Accountable s 48 131 151 261 278 280 284 286 288 289 376 Acknowledge s 69 93 153 168 169 190 269 357 359 Administration s 15 35 38 39 325 339 340 348 361 363 366 367 368 370 374 376 377 379 417 Approval Process e 60 64 69 71 72 85 92 117 118 121 122 151 153 154 157 161 163 165 166 168 169 170 172 174 176 185 186 188 191 261 267 269 270 271 275 277 278 280 286 288 291 292 294 295 297 300 303 305 307 308 363 Approval Process Ticket s 60 64 71 85 153 154 157 161 163 165 166 172 185 271 Approver e 31
350. orner that there are indeed seven pages available for this list of Users Click the Records per page drop down to select the number of records per page 10 Records per page Filtering a Data Table Entity information presented in table format can be filtered When relevant a Filter option appears at the bottom of the specific data table or the filter statements will be part of the header of the screen displaying the entity table Find Delegate Users Where Choose Field x contains Where Choose Field x contains Where Choose Field v contains Showing 1 to 30 of 71 UserName Organization OrganizationType Email Bell Kim Marketing_Dept Corporate 87635420 company com Mills Robert Fifth Ave Branch Branches 84774660 company com Deer Alex Fifth Ave Branch Branches 91238730 company com You can filter the table contents using a variety of patterns Any Field Is Any Value i Any Field Is Any Value Any Field Includes Search 24 Portal User Guide User Interface The filter allows only And statements The filter is limited to three statements m Two are exact statements Is contains Selected Field s contains Field Dependent content where the content of the drop down list depends on the field you select One filter is an include statement Selected Field Includes Free text Note Sometimes the third filter statement option is the same
351. ors Fifth Ave Branch Finance Records per page 10 Y ir Internet Chapter 11 Running Self Service Tasks 251 Defining a New Role 252 Portal User Guide Role hierarchy evolves from role trees that are present in many corporate systems For example an Identity Manager application can have two levels of roles Provisioning Role and Provisioning Policy Users are always linked to a Provisioning Role that is linked to a specific Provisioning Policy This hierarchal structure is maintained during import export When generating a new role it is important to know whether there are system rules that demand specific hierarchal connections between roles Each section contains a customizable entity table listing all the relevant entities To assist you in your selection the following functions are available Find Entities Provides a filter screen Suggest Entities Provides suggested users for selected resources or suggested resources for selected users This service is not available for the Role Hierarchy tables Highlighted Column In each customizable table there is one pre defined column that is highlighted Click the name of the entity to access its data card Customize Provides the option to select the fields that will appear in the specified table Records per page Select the number of records per page Test Compliance Tests the selections you made for violations Defining a New Role If you select to apply th
352. ortal The Eurekify Portal is a web based interface for CA Eurekify Role amp Compliance Manager The Eurekify Portal is designed to provide the user with access to the various Role Management RM and Compliance Management CM features offered by the CA Eurekify Role amp Compliance Manager system CA Eurekify Role amp Compliance Manager targets one of the most sensitive areas in information security and computer infrastructure management identity and access management IAM of user applications and enterprise role management ERM The large number of systems and applications and the frequent changes at large enterprises has made the management of authorization of employee access to information applications and other resources a very complex task especially given increasing regulatory requirements Eurekify has developed an engine that aims to automatically align a procedure or person s access to his her job at the enterprise For in depth details concerning the CA Eurekify Role amp Compliance Manager architecture and technology see the documents CA Eurekify Role amp Compliance Manager Sage DNA Data Management User Manual and CA Eurekify Role amp Compliance Manager Sage DNA User Manual The Eurekify Portal provides access to identity and access management IAM data that streamlines compliance and regulatory reporting It also improves operational efficiency and provides corporate policy makers with increased clarity as to the enterpr
353. ost 8080 eurekify tms uij wicket interface 12 Delete Link User Role 1758 Cooper Amos DOMA Previous Owner 19 01 2009 05 18 41 Priority Low xY Severity Minimal v 22 01 2009 11 45 32 Date Created 19 01 2009 00 18 41 User Approval Request to delete role Organization Database Administrators Characteristic Role 100 0 Description User Approval Request to delete role Organization Database Administrators Characteristic Role 100 0 ee Request was submitted on Universe Portal from Link of Team to Role s More Details gt gt View Initiators View Children gt gt View Consult Results View Violations View User View Role Internet 100 lo Chapter 9 Approval Process Tickets 179 Approval Process Approver Tickets Consulting another user generates a ticket of the same type as the source Approver ticket The approver who made the consultation request can see a copy of the consultant tickets listed as leaves below the original Approver ticket in the Ticket Queue Enterprise Role and Compliance Manager Home Ticket Queue Dashboards Self Service Ticket Queue gt Open New Done Tickets ID Title State Status User Approval Request to delete role Pendin 1758 OG Organization Database Administrators Characteristic Open g Action Role 100 Consult User Request to delete role 1945 B Organization Database Administrators Characteristic New Pending Action Role 100 0 Consult
354. ou with relevant suggestions in various situations For example if you are seeking appropriate roles to add to your team s role assignments using the Suggest Roles service will provide you with a weighted list of roles where the weight is the result of pattern based analysis For further information concerning the weights applied to the Eurekify ERCM pattern recognition technology see Error Reference source not found This service is provided for users roles and resources as required The Eurekify Portal bases its suggestions on several available patterns Not all patterns are available for all entities The Suggest Entities service is available when you are requesting a suggestion for a recommended user role or resource The available options depend on the Self Service task that is calling for the Suggest Entities service The pre defined patterns are Matching Rights Used only for roles HR Pattern Used for both roles and resources Privileges Pattern Used for both roles and resources Matching Rule Used only for roles Each one of these patterns is documented in detail in the CA Eurekify Role amp Compliance Manager Sage DNA User Guide The pattern matching results appear in the columns of the relevant table For provisioning tasks the results appear in the Other Roles table For role definition tasks the results appear in the entity s designated table 202 Portal User Guide General Self Service Functions For the
355. oval Request to delete resource dars office2003 2003 WinNT MS office2003 from user pee Link 21 01 2009 aior Janet Keren C ction User 18 28 12 Resource lt Resource Approval Request to delete resource Pending Te 21 01 2009 Flag Lee la Ni M Jf N J f ATN roses aac MS office2003 from user New Action User 18 28 12 DOMAIN Flag ee Resource sss If you choose to delegate an Approval Process root ticket the whole tree will now be visible in the new owner s Ticket Queue To delegate a ticket you have to select a user from the list of appropriate users Find Delegate Users Where Choose Field v contains Where Cho Where Cho ose Field x contains ose Field x contains Showing 1 to 30 of 140 4 412345 gt UserName Organization OrganizationType Email Title Rodney Sergio Database Administrators Corporate 75676560 company com DB Developer Moris Bill System Management Corporate 47868650 company com Developer Rolen Dave Finance Corporate 98383770 company com Accountant Fred John System Management Corporate 86544420 company com Developer The Find Delegate Users window is divided into two sections The filter Located in the window s header The filter lets you narrow down the list of proposed approvers The proposed users This table presents a pre filtered list of users who can receive the delegated approval task s This list can be filtered to aid in finding a specific user The names
356. owner tickets for the campaigns you have created campaign Approver tickets when you are an approver for a specific campaign Approver tickets for entities you were assigned to manage and info tickets Some of the tickets have hierarchal tree structures that you can navigate The type of data fields displayed in this pane is determined by customizing the Ticket Queue Each column can be used to sort the ticket table Highlighted content displayed in the panel enables you to link to additional data Home My Tickets ID Title Status Children Type Received Owner L Link of Team to Role s Approval Root Request In Progress Aneta G EE Root 18 35 30 Admin 5 Kat zep eee at x Approval 04 12 2008 Eurekify a Link of Team to Role s Approval Root Request In Progress Root 16 10 13 Admin G ka w R niis E Approval 04 12 2008 Eurekify G Link of Team to Role s Approval Root Request None Root 16 00 09 Admin j Eurekify r 8 I t G user campaign for demo UserCertification In Progress Campaign aie Admin AD1 hogs EAdmin Eurekify Admin AD1 EAdmin E tifi ak Pending a 11 11 2008 basic ResourceCertification Action Campaign 12 14 50 You can navigate the tickets by clicking on H Clicking an active link in the Title column opens the Ticket Properties Form in a separate browser window Clicking on the link in the Owner column will open the listed ticket owner s User Card in a separate browser win
357. owse Tickets Windows Internet Explorer 7 http localhost 8080 eurekify tms ui 2wicket interface 9 Find Escalate Users Where Choose Field Where Choose Field v contains v contains Choose Field contains Showing 1 to 30 of 140 UserName Rodney Sergio Moris Bill Rolen Dave Fred John Deer Alex Goid Wiliam Sharon Johnson Moos Steve Rojer Dave Steiven Pat Organization Database Administrators System Management Finance System Management Fifth Ave Branch Human Resources Fifth Ave Branch Human Resources Stamford Branch System Management Select Cancel OrganizationType Corporate Corporate Corporate Corporate Branches Corporate Branches Corporate Branches Corporate Email 75676560 company com 47868650 company com 98383770 company com 86544420 company com 91238730 company com 84847310 company com 89123470 company com 87623450 company com 88490390 company com 45489940 company com A 412345 gt Title DB Developer Developer Accountant Developer Branch Officer Clerk Psychologist Branch Officer Clerk HR Officer Branch Officer Clerk Security Admin Manager F internet 100 The Find Escalate Users screen is divided into two sections The filter Located in the window s header The filter lets you narrow down the list of proposed approvers The proposed users This table presents a pre filtered list of users wh
358. owse option 4 Click Save The Executing bar appears The URL file appears in the Ticket Properties Form under Attachments You can open the URL or file by clicking on the provided link Ticket Properties Form Windows Internet Explorer p flocalhost 8080 eurekiFy tms ui wicket interface Campaign Ticket Id 1329 Owner Eurekify Admin AD1 Previous Owner Status 1 n Progress Due Date 31 01 2009 00 00 00 Priority Normal Severity Medium x State open Modified Date 06 01 2009 00 30 57 Date Created 06 01 2009 00 19 0 Title New Year User certification User Certification Description Certify users beginning of new year Universe Portal Campaign Type USER Auto Generate Permissions true Configuration Model2_ConfigWithRoles Link Filter Direct Dual Audit Card Entity Filter No Filter Attachments X Google X Read me doc omments Campaign Management Start Carnpaign Stop Campaign Restart Campaign View Transaction Log The transaction log provides a history of the ticket related actions executed since the creation of the ticket http localhost 8080 eurekify tms ui wicket bookmarkablePage 34 popuppagemap_PopupWindow com e Windows Inter DEAR http localhost 8080 eurekify tms ui wicket bookmarkablePage 34popuppagemap_PopupWindow com eurekify tms web common PopupWindow amp TICKET_ID 8348ACTIO Y View Transaction Log Date User Action Message 22 12
359. pen the search screen 2 Select a Universe from the drop down list 3 Select a Configuration from the drop down list The Loading bar is visible until the search results appear More information Entity Card and Data Table Tabs see page 26 Setting the Number of Records Per Page see page 23 Customizing a Data Table see page 22 Filtering a Data Table see page 24 312 Portal User Guide Specific Entity browser Specific Entity browser Once you have selected the configuration from which to obtain the entity data the Entity Browser presents the information under three tabs m User browser m Role Browser m Resource Browser The active browser is highlighted and the table contents can be manipulated Each specific entity browser table can be manipulated independently of the two other entity browser tables For example you can set the number of Records per page for the User browser to 50 and this will not change the number of records per page viewed in the Role browser More information Users Browser see page 314 Roles Browser see page 315 Resource Browser see page 316 Data Table Features see page 21 Chapter 13 Introducing the Entity Browser 313 Specific Entity browser Users Browser The Entity Browser opens by default in the Users tab The Entity Browser s Users Browser shows user information for the selected configuration The data and the field names are obtained from the configu
360. ple A User Certification Herman Barbara User Review New Pending Action 21 12 2008 Approver 1251 Mary A User Certification Purple Mary User Review New Goodman Bruce DOMAIN Goodman Bruce Cooper Amos Pending Campaign 21 12 2008 Manager 15 61 Action Approver 12 51 21 Pending a maion 21 12 2008 E user Certification Goodman Bruce User Review Open Note The campaign owner can stop a campaign whenever he chooses to do so If he does the Campaign Manager Approver tickets will be hidden from the Approvers Approver CMA tickets contain two types of operations m Link related actions m Ticket related actions Ticket related actions that are shared by all ticket Ticket related actions unique to specific types of tickets are described in the relevant sections This section contains the following topics CMA Ticket Properties Form see page 134 Auditing Links see page 136 General CMA Ticket Functions see page 147 Advanced CMA Ticket Functions see page 149 Chapter 8 Campaign Approver Tickets 133 CMA Ticket Properties Form CMA Ticket Properties Form As an approver your goal is to examine the links listed within your CMA ticket and approve reject or reassign them by the campaign s due date Ticket Properties Form Windows Internet Explorer 7 http flocalhost 8080 eurekify tms uif wicket bookmarkablePage com eurekify tms web template Default TicketPagesticketId 868 Goodman
361. ple 1 3 33 When available you can control the number of records listed per page using the Records per page function at the bottom of the table Campaign Management Functions Send Reminder The Send Reminder feature allows the campaign owner to remind the campaign Approvers that they have to meet the campaign goals in a timely fashion Send Reminder Windows Internet Explorer SEE le http flocalhost 8080 eurekify tms ui wicket bookmarkablePage popuppagemap_view VY Qo Send reminder when progress ig less than 100 ote a comment containing the sent mail summary will be added to the ticket F Ko Internet The Send Reminder screen contains one field Send reminder when progress is with three options m Equal to 0 m Less than 50 m Less than 100 The send reminder process generates a comment that appears in your Campaign owner ticket in the Comments table Owner Note X 21 12 2008 13 24 06 Eurekify Admin End of year audit X 25 12 2008 14 17 50 Eurekify Admin AD1 EAdmin Reminder was sent to 2 approvers Campaign Management Start Carnpaign Stop Campaign Resiart Carnpaign Start Approval Processes View Campaign Progress Advanced Chapter 7 Running Campaign owner Tickets 125 Campaign Ticket Advanced Functions To send reminders to campaign Approvers 1 Click Send Reminder in the Ticket Properties Form The Send Reminder screen opens as a separate browser window 2 Select the target for t
362. pprover Campaign Reassigned Approver Administration 21 12 37 14 02 2009 21 12 38 14 02 2009 21 12 38 14 02 2009 21 12 38 14 02 2009 21 12 38 14 02 2009 21 12 38 14 02 2009 21 12 39 14 02 2009 21 12 40 14 02 2009 21 12 42 14 02 2009 21 12 43 14 02 2009 21 27 43 Logout DOMAIN Katz Nancy Nancy Katz Nancy DOMAIN Katz Nancy Goodman Bruce DOMAIN Goodman Bruce Allen Sherman DOMAIN Ilan Sharoni Purple Mary DOMAIN Purple Mary Katz Nancy DOMAIN Katz Nancy Cooper Amos DOMAIN Cooper Amos Herman Barbara DOMAIN Herman Barbara Levi Jay DOMAIN Levi Jay Schwarts Barry DOMAIN Schwarts Barry Allen Sherman DOMAIN Ilan Sharoni Kistor Steve Chapter 4 Showcasing the Eurekify Portal 53 Running a Campaign A Case Study When Steve Kistor will check his Ticket Queue he will find the new Approver ticket Ticket Properties Form Windows Internet Explorer BAR v 7 http localhost 8080 eurekify tms ui wicket bookmarkablePage com eurekify tms web template DefaultTicketPagetticketId 2361 Campaign Reassigned Approver Ticket Id Owner Previous Owner Allen Sherman DOMA Status pending Action Due Date 21 02 2009 00 00 00 Priority Normal v Severity Medium State open v Modified Date 14 02 2009 21 56 43 Date Created 14 02 2009 21 27 43 Title User Certification Allen Sherman First User Audit 2009 Description User Certification
363. prefixes and should be placed before the expression s Usage examples amp Location Cayman Organization Finance users in the Cayman finance office Country US Country Uk people in the US or the UK Active false Active users Permissions Filters may be as compound as necessary as long as they adhere to the above rules For example amp Country US Country Uk amp Active false Organization Finance Are all the users which are from the US or the UK and are active users from the finance department Filter Extensions These filter extensions are for internal use only campaigns additional operators which involve the RACI model A approved entities gt links to approved entities Usage examples m All roles whose approver is AD1i Admin A type role sageUser AD1 Admin All roles linked to users whose manager is AD1 Admin gt type role A type user SageUser AD1 Admin Portal Structure XML The Portal structure the menus and sub menus is governed by an XML file portal structure xml A copy of the full xml document can be seen in Appendix C Portal Structure XML These instructions determine the Eurekify Portal s menu structure More information Portal Structure XML see page 417 Chapter 16 About Security amp Permissions 389 Chapter 17 Troubleshooting This chapter provides a list of the Eurekify Portal Error Messages This sectio
364. properties_file Edit Eurekify_home_properties_file Edit Eurekify_home_properties_file tms fitter variable delimiter workpoint deleteRole reference sage admin password format date display approvals configuration mail user tms debug raci sageMaster udb defualtCustomFields approvals configuration mail from sleepDelay approvals configuration webservice retry delay seconds approvals configuration updateRole minimumLinks approvals configuration mail serverPort workpoint deleteUserRole reference tms configuration mail user tms configuration xml properties tms ticketQueue maxChildren tms userColumns sage batch role sage batch debugMode tms configuration mail from 44723456 Property Value DROL eurekify dd MM yyyy HH mm ss DemoV4 Eurekify com false ManagerID Title TMS eurekify com 2500 30 4 25 DURO DemoV4 Eurekify com tmsProperties approvalProperties 20 UserName Organization Organization Type Email Location Title Eurekify Batch Role log TMS eurekify com Records per page 20 Fitter Properties Keys Containing Apply Filter The Properties table contains the following columns Type The name of the associated property file Property Key The name of the property key Property Value The value assigned to the property key 368 Portal User Guide Properties Settings The Eurekify Properties page provides the following functions Create New Use to create new Property Keys
365. prover ticket you can either accept the request for ALL listed users enrolling all of them or you can reject the request for ALL users Add New Role Ticket Tree More information Escalate see page 154 Delegate see page 157 Approve see page 183 Consult see page 178 Reject see page 184 Role Approver Tickets Advanced Functions The Role Approver ticket provides the following Advanced functionality Add Comment Manually add a comment to the ticket Add Attachment Add an attachment or URL to the ticket View Transaction Log The transaction log provides a history of the ticket related actions executed since the creation of the ticket View Parent Opens the current ticket s parent s ticket View Initiators View of list of the users who launched this ticket View Violations View the list of violations View Role This button is disabled because all the role s details already appear in this ticket View Consult Results This button appears only when the Consult service has been activated More information Add Comment see page 87 Add Attachment see page 89 View Transaction Log see page 90 View Parent see page 163 View Initiators see page 162 View Violations see page 290 View Consult Results see page 186 Chapter 12 Role Definition Tickets 293 Add New Role Ticket Tree Self Service Request New Role Parent Ticket The Self Service Request New Role Parent ticket is a management
366. ption Universe Configuration Choose Configuration Chapter 13 Introducing the Entity Browser 311 Main Window The search screen provides with two fields to aid in the search Universe Provide the name of the Universe that you wish to search You can select a specific Universe limiting your choice of configuration or you can select All Configuration Select a configuration from the drop down list After making your selection the Entity Browser main window displays the search results Entity Browser Universe Al Y Configuration Model2_ConfigwithRoles Users Roles Resources Showing 1 to 10 of 69 44421234567 gt Person ID lt Name Organization Organization Type 45489940 Steiven Pat System Management Corporate Moris Bill System Management Corporate Rodman Adam System Management Corporate Cooper Amos TT Security Corporate Alex Patrick Application Development Corporate 58723810 Miles Buyer Purchasing Corporate 64646410 Herman Barbara Operations Corporate 65656540 Pheonix Wiliam Application Development Corporate 67283470 Angel Ben System Management Corporate 67565330 Schwarts Barry Human Resources Corporate Customize Filter Records per page 19 The search results are presented using three tabs m Users m Roles m Resources The standard operations available for all data tables are available here as well To obtain a specific list of entities 1 Click Entity Browser on the menu bar to o
367. r Amos Organization TT Security Organization Type Corporate Country US Location Pennsylvania Title IT Manager Cost Center 23456 Suspended No 64646410 54672910 company com DOMAIN Cooper Amos Description Type Basic role for all users that have access to IT Org Role Organization IT Security Characteristic Role 100 0 Min 40 Org Role Customize Filter Organization Enterprise IT Security The User Card also includes separate lists tabs one for the user s linked Roles and one for the user s linked Resources as shown in the following two screens Role Name Description Type Organization IT Security Characteristic Role 100 0 Min 40 Org Role Res Name 2 UGADGEN1 Administration ROOT NOVELADM UGADGEN2 Administration ROOT NOVELADM UGADMGR Administration ROOT NOVELADM UGADSYS Administration ROOT NOVELADM UGAPPLDEV Administration ROOT NOVELADM Customize Filter 30 Portal User Guide Organization IT Security Res Name 3 Novel Novel Novell4 Novell4 Novel4 User Interface Role Card Role cards present all the information concerning the specific role that is available in the selected Universe s configuration files Role cards are marked with the symbol Enterprise Role and Compliance Manager IC ROLE Basic role for all users that have access to IT Configurtion Model2_ConfigWithRoles Role Name BASIC ROLE Enterprise Org Role 82922230 No Rule Description Basic role for all users
368. r Goid Wiliam 84847310 was rejected from User Certify Dec 2008 Add Comment Add Attachment View Transaction Log Chapter 6 Tickets and the Ticket Queue 91 Info tickets The info ticket type is the same type as the ticket that was its origin For example an info ticket sent following an approval by both a role manager and a user manager of a request to delete the link between the user and role will be of the type Delete Link User Role gt ID Title State Status Type Received Owner 570 567 Request to delete role Novell HR Application Pendin Delete Characteristic Role 40 0 Min 40 from user New Action g Link Nov User Role S Cansu User Request to delete role BASIC ROLE Basic Delete S Link role for all users that have access to IT f 0 or all users that have access to IT User Role Herman Barbara DOMAIN Herman Barbara 18 12 2008 13 51 50 Pending Action 18 12 2008 sei 13 45 08 Herman Barbara Receiving an Info Ticket 92 Portal User Guide The following lists who receives an info ticket and under what conditions Approval Process Owner When an approval process has been completed Approver When an approval process has been completed As each approval process is submitted to two approvers two such tickets are generated User The user whose provisioning has been altered by the approval process is notified Role Resource manage The manager of the role resource that
369. r can also be an approver either because the 50 Portal User Guide campaign owner is listed as a user s RACI Accountable or if there are users with no Accountable assigned to them they are sent to the campaign owner for approval In this case Nancy K is not only the campaign owner she is also a campaign Approver Running a Campaign A Case Study Reassigning Links to Another Approver Reviewing the campaign Approvers Nancy finds that Allen Sherman is an Approver but Allen is on vacation and is not expected to return in time to audit the users listed in his ticket Nancy decides to reassign the links in Allen s ticket to another Approver Ticket Properties Form Windows Internet Explorer DER v 7 http localhost 8080 eurekify tms ui wicket bookmarkablePage com eurekify tms web template Default TicketPage amp ticketId 2288 Campaign Manager Approver a Ticket Id 2288 Owner Alen Sherman DOMA Previous Owner L T Status pending Action Due Date 21 02 2009 09 00 00 Priority Normal Severity Medium Z State Hidden S Modified Date 14 02 2009 21 12 39 Date Created 14 02 2009 21 12 38 Title User Certification Allen Sherman First User Audit 2009 Description User Certification Allen Sherman First User Audit 2009 Close Save and Reassign Hide Selected Reassigned From Approver Progess 0 13 0 L 7 X T Progress Violations PersonID UserName Organization OrganizationType Comment ISS o Z1 St
370. ract with the tickets You can m Expand a closed ticket tree Collapse an open ticket tree m Click the owner s hyperlink to view the owner s data card m Sort the table based on one of the table s columns m Click the ticket title and open the Ticket Properties Form in a separate browser window Here you can perform various operations depending on the ticket type 76 Portal User Guide More information Sorting a Data Table by Column see page 27 Main Screen Layout see page 77 Main Screen Operations see page 79 Main Screen Layout Ticket Tables The Ticket Queue screen contains the following main features Menu Bar Provides the Ticket Queue functionality Ticket table Presents the various tickets Enterprise Role and Compliance Manager Home Dashboards Ticket Queue gt Open New Done Tickets Ticket Queue Self Service Entity Browser Reports Administration State Status Type Received Delete Link User 29 pein wa Resource Delete Link User Role User Approval Request to delete resource I uGsYS TSSCREDIT TSS50 Top Secret on MVSCREDIT New from user A Pending Action User Approval Request to delete role RACF Developers Pending Characteristic Role 100 0 Min 60 from Open Action 29 12 2008 13 47 20 User Approval Request to delete resource TESTDEV RACFTEST RACF22 Test RACF from user Keren Cindy Delete Link User Ed 12 2008 Resource 4720 Campaig
371. rate US History Cooper Amos 54672910 Direct Cooper Amos IT Security Corporate us History Orr Taylor 89213720 Direct Orr Taylor TT Security Corporate us History Godheart Dan 89123140 Direct Godheart Dan IT Security Corporate us History 4 Namel Name2 Name3 Violations Relationtype Description Managerid owner Location History office2003 2003 WinNT MS office2003 e mai outlook WinNT MS email UGADGEN1 Administration ROOT NOVELADM Novell4 NOVELADM Hovel Direct oe 67283470 Portland OR History Active Directory Admin1 sie secmgr UNXMARKT Solaris26 M Marketing Sun Marketing Sun Server UNXMARKT Solaris26 Drect Server San Mateo CA San Mateo CA 2003 WinNT Direct MS office2003 91236370 History outlook WinNT Direct MS email 91236370 History San Mateo CA 89123140 History E child Roles 0 AY X Name Violations Relationtype Description Type Organization Rule Owner History No Records Found E Parent Roles 0 ZY X Name Violations Relationtype Description Type Organization Rule Owner History No Records Found 138 Portal User Guide Auditing Links Click S to collapse the entity tree The main Entity Table columns are predetermined They depend on the campaign type However several columns appear in all types of Main Entity tables Progress Shows the progress made in examining the current entity Violations Records violations based
372. ration s user database udb Note The highlighted column is predefined and cannot be customized You can click the highlighted Person ID in any record to open that user s User Card All v jon Model1_ConfigWithRoles Universe Configuration Users Roles Resources Showing 1 to 50 of 69 Person ID Name Organization Organization Type 45489940 Steiven Pat System Management Corporate 47868650 Moris Bill System Management Corporate 52656727 Rodman Adam System Management Corporate 54672910 Cooper Amos TT Security Corporate 57644540 Alex Patrick Application Development Corporate 58723810 Miles Buyer Purchasing Corporate 64646410 Herman Barbara Operations Corporate 65656540 Pheonix Wiliam Application Development Corporate 67283470 Angel Ben System Management Corporate 67565330 Schwarts Barry Human Resources Corporate 67762440 Purple Mary Fifth Ave Branch Branches 74733340 Lu marry Peter Stamford Branch Branches 75464420 Cohen Steve System Management Corporate 75675330 Davis Brett Database Administrators Corporate 676560 Rodge Q e Administ al ornore More information User Card see page 30 314 Portal User Guide Specific Entity browser Roles Browser Click on the Roles tab to open the Roles Browser The Entity Browser s Roles Browser shows role information for the selected configuration Note The highlighted column is predefined and cannot be customized You can click the highlig
373. rations Configuration Choose a configuration from the list of configurations associated with the selected Universe Audit Card Optional Choose an audit card from the list The default is None If the configuration has an Audit Card with results of out of pattern and or compliance checks select it and Eurekify Sage ERM will apply it when generating the campaign tickets This will cause violations contained in the Audit Card to be displayed to the approvers in red Adding Campaigns Campaign Type Choose a campaign type from the list There are three possibilities User A campaign in which the approvers certify the entitlements of the user under their management The certification is with regard to the user s roles and resources Improper entitlements can be rejected Role A campaign in which the approvers certify the connection of the roles under their management The certification is with regard to the role s linked users and resources The certification also examines role to role hierarchal links Improper entitlements can be rejected Resource A campaign in which the approvers certify the connection of the resources under their management The certification is with regard to the resource s linked users and roles Improper entitlements can be rejected Privileges to Certify Select one or more from the following possibilities Direct Certify only direct links between entities Dual Certify dual links see Glos
374. rees generated during a Role definition Approval Process View Role Opens the role s card As the approval process focuses on a specific role this is the card that is available to you at this stage of the process More information Add Comment see page 87 Add Attachment see page 89 View Transaction Log see page 90 View Initiators see page 162 View Parent see page 163 View Entity see page 165 Chapter 12 Role Definition Tickets 277 Role Definition Main Request Parent Ticket View Children Role Definition Approval Process Role Definition Approval Processes proceed in stages During each stage the child tickets you can see when you click View Children will change During an Add Role approval process you will be able to see Stage 1 Only the Select Accountable task ticket is listed Stage 2 Both the Select Accountable task ticket and the Role Approver tickets are listed Stage 3 All the Request Parent tickets for each requested link are listed Note that the new role s manager is the listed owner of these tickets Notice the ticket Type for information on what ticket you are currently viewing Action Owner Type Status Title Comment t Eurekify Admin Completed Select Accountable to Role Corporate Security Cooper Amos DOMAIN Cooper Amos Cooper Amos DOMAIN Cooper Am Approver Approved Role Approver New Role Corporate Security Link User Role In ProgressRequest to add user to role associati
375. rekify Admin AD1 Previous Owner Severity Medium Flags ower Due Date 10172008 RRR Priority ers v Modified Date 16 12 2008 22 59 01 Date Created 16 12 2008 18 37 42 User Certification Campaign for the end of 2008 108 Portal User Guide Campaign Ticket Data The Ticket Data section of the Campaign Ticket Properties Form contains the following fields Ticket ID The Ticket s unique number Owner The Campaign owner the user who generated the campaign Previous Owner During campaigns or approval processes tickets may be delegated escalated to other managers If a ticket was sent to the owner from another user that user s name not the current owner appears in this field Status Shows the current campaign ticket status Due Date The date by which the campaign ticket must be completed Priority Shows the current priority level Severity Shows the current severity level State Shows the current ticket s state Modified Date The last time the campaign ticket was modified Date Created The date on which the campaign ticket was first generated Title The campaign ticket s title Description The campaign ticket s description Chapter 7 Running Campaign owner Tickets 109 Campaign Ticket Data General Data Campaign The General section is in the body of the campaign s Ticket Properties Form Universe Portal Campaign Type USER Auto Generate Permissions true Configuration
376. rentiate between tickets of the same type that deal with the same issue but have different functionality or purpose This section contains the following topics General Approval Process Ticket Functions see page 153 Advanced Approval Process Ticket Functions see page 161 Approval Process Root Ticket see page 166 Rejected Link Parent Ticket see page 172 Approval Process Approver Tickets See page 176 Approval Process Info Tickets See page 188 General Approval Process Ticket Functions The Ticket Properties Forms for the various Approval Process tickets share many of the same functions The following table provides a summary of all the General functions available for the various Approval Process tickets Ticket Type Functions Approval Root Close Save Delegate Escalate Start campaign owner ticket Process Cancel Process Acknowledge More Details Less Details Delete Link Close Save Delegate Escalate Cancel Entity1 Entity2 Process More Details Less Details Rejected Link Parent ticket Delete Link Close Save Delegate Escalate Consult Entity1 Entity2 Approver Approve Reject More Details Less Details ticket Chapter 9 Approval Process Tickets 153 General Approval Process Ticket Functions Besides the Ticket Properties Form General functions the following functions can be found in all of the tickets Escalate Delegate More Details Less Details The functions th
377. request to add role Organization Operations Characteristic Role 100 0 Min 40 to user Angel Ben 67283470 was rejected Re Universe Portal from Link of Team to Role s Add Comment Add Attachment View Transaction Log View Initiators 98 Portal User Guide Info tickets Info tickets provide you with the following Advanced functionality Add Comment Manually add a comment to the ticket Add Attachment Add an attachment or URL to the ticket View Transaction Log The transaction log provides a history of the ticket related actions executed since the creation of the ticket View Parent Opens the current ticket s parent s ticket View Initiators View of list of the users who launched this ticket More information Add Comment see page 87 Add Attachment see page 89 View Transaction Log see page 90 View Parent see page 163 View Initiators see page 162 Chapter 6 Tickets and the Ticket Queue 99 Chapter 7 Running Campaign owner Tickets Campaigns utilize CA Eurekify Role amp Compliance Manager auditing tools to run a certification and attestation process A campaign generates tickets for the designated approvers in the enterprise so that they can certify that the granted privileges comply with the business and regulatory needs and are not over allocated Campaigns are used not only in the cleansing phase but for periodic certification as required by law and various regulatory bodies
378. resources because of corporate changes resource updates or following an audit process The Manage My Team s Resources MMT Resources allows you to manage your team s resources m By generating a request to add new resources for either a specific user or a for a group of users m By severing the link between selected users and their current resources The resource management utility allows you to manually select a specific target resource but it also provides you with a list of suggested resources and their pattern based behavior thus giving you the information necessary to make an informed choice Enterprise Role and Compliance Manager __ eureXify Home Ticket Queue Dashboards Self Service Entity Browser Reports Administration Logout DOMAIN Herman Barbara Self Service gt Manage My Team s Resources Assignments Business Area Universe Portal Business Process Description S E g S E 3 5 98383770 84847310 86544420 75676560 75464420 86023090 88311130 67565330 99883110 89213720 Add O m m o Oo Oo o m S S m O S io 3 IN ID 4441234567 gt Name Organization Organization Type Rolen Dave Finance Corporate Goid Wiliam Human Resources Corporate Fred John System Management Corporate Rodney Sergio Database Administrators Corporate Cohen Steve System Management Corporate Sterling Kent Human Resources Corporate Goodman Bruce Marketing_Dept Corporat
379. rganization Marketing_Dept Organization Type Corporate Country US Location New Jersey Title Marketing Cost Center 25331 Suspended No Manager ID 88311130 E Mail 93833870 company com Login ID DOMAIN Free Georgia Roles Resources Role Name Description Type Organization BASIC ROLE Basic role for all users that have access to IT Org Role Enterprise Organization Marketing_Dept Characteristic Role 100 0 Min 40 Org Role Marketing Dept Customize Filter The Approval Process tickets that provide this option Rejected Link Parent and Approver tickets provide two action buttons one for each side of the link Therefore if the rejected link being reviewed is a user role link the advanced function buttons will be View User and View Role Ticket Properties Form Windows Internet Explorer DER http localhost 8080 eurekify tms ui wicket bookmarkablePage com eurekify tms web template DefaultTicketPagesticketId V Delete Link User Resource 1924 Owner Eurekify Admin AD1 Previous Owner 22 01 2009 04 02 52 Priority Low Severity Minimal Date Created 21 01 2009 23 02 52 Request to remove user to resource association resource UGADGEN2 Administration ROOT NO Description Request to remove user to resource association resource UGADGEN2 Administration ROOT NO 93833870 Request was submitted on Universe Portal from User campaign with Audit Card Model2
380. ribe the new role Owner Provide the owner ID You can use the Find function to open the Find User filter Type Provide the role type use autocomplete Organization Provide the name of the main organization use autocomplete Organization 2 Provide the name of the secondary organization use autocomplete Organization 3 Provide the name of the tertiary organization use autocomplete Rule Optional Provide a rule for the new Role You can use the Add Rule function to construct a rule Defining a New Role To define a new role first screen 1 Click Request a New Role Definition on the Self Service menu The Request New Role Definition screen opens 2 Select a Universe from the drop down list The newly defined role is associated with the configuration belonging to this universe The users and resources to be linked with this role is taken from this universe s configuration Enter the Business Area for the current action Enter the Business Process associated with the current action Enter the Request Description Enter the Role Name Enter the Description of the new role Or oy ere 0 Enter the Owner s ID Optional Click Find to access the Find User filter screen 9 Select a user from the User list generated by your filter Click OK Configuration Model2_ConfigWithRoles Where Any Field Is Any Value And Any Field Is Any Value And T Any Field Includes Search User No Records
381. rocess Enterprise Role and Compliance Manager _eureXify Home Ticket Queue Dashboards Self Service Entity Browser Reports Administration ogout AD1 EAdmin Ticket Queue gt Open New Done Tickets State Approval 19 01 2009 Root 16 48 54 Eurekify Admin Update 19 01 2009 Eurekify Admin Role 16 48 55 AD1 EAdmin Flag Lee Update 19 01 2009 Role 16 49 24 DOMAIN Flag Lee Flag Lee DOMAIN Flag Lee User Approval Request to add role Fifth av Purple Mary Bappiicative role Role By 2 Resources to user New emas 31 01 2009 DOMAIN Purple Deer Alex Mary Link User 31 01 2009 Role 19 28 04 Link of Team to Role s Approval Root Request Open In Progress ae Update Role Fifth av Applicative role Open In Progress a Role Approver Update Role Fifth av Applicative role Archived Approved e Request to add user to role association role Fifth av Applicative role user 91238730 Link User 31 01 2009 Role 19 28 04 Open In Progress Flag Lee Request to add user to role association role Fifth av A a Lee role user 67762440 Oade Purple Mary DOMAIN Purple Mary Flag Lee DOMAIN Flag Lee Flag Lee New In Progress User Approval Request to add role Fifth av a Applicative role Role By 2 Resources to user New Purple Mar Pending _ 31 01 2009 Action le 19 28 20 Link User 31 01 2009 Role 19 28 04 a Request to add user to role association role Fifth av Applicative rol
382. role Select one or more Role Name Click any highlighted role name listed in this column to open its Role Card Customize Allows you to determine the columns that will appear in the Other Roles table Records per page Select the number of records that will appear in the Other Roles table per page Find Roles Opens the Select Role filter screen to assist you in locating specific roles Test Compliance Checks whether the selections made in the Other Roles table comply with existing policies and BPRs Business Practice Rules Suggest Roles Provides a list of possible roles based on the Eurekify ERCM pattern recognition technology This table presents you with several options R You can manually select one or more roles to which you wish to enroll R You can use the Find Roles filter option to find specific roles and then make a selection from the filtered list of roles R You can click Suggest Roles and use the information provided by this feature to find roles to which you should enroll Other Roles Showing 1 to 10 of 28 4 4123 gt Add Role Name Description Matching Rights HR Pattern Privileges Pattern Matching Rule Details k M Characteristic Role 100 0 Min 1 1 1 1 1 1 Details 40 Title Ope Characteristic Role 50 1 1 Details Organization Human Characteristic Role 85 7 Min Resources 40 Characteristic Role 100 0 Min 40 Title Branch Officer Clerk Characteristic Role 50 Details Organ
383. ror Messages Field stringvalidator minimum errcode stringvalidator maximum errcode stringvalidator exact errcode datevalidator range errcode datevalidator minimum errcode datevalidator maximum errcode patternvalidator errcode emailaddressvalidator errcode creditcardvalidator errcode urlvalidator errcode equalinputvalidator errcode equalpasswordinputvalidator errcode user count roles alert description errcode user count resources alert description errcode role count users alert description errcode role count children alert description errcode role count resources alert description errcode resource count users alert description errcode resource count roles alert description errcode campaignchoicesvalidator errcode configurationname required errcode 392 Portal User Guide Code app009 app010 appO11 app012 app013 app014 app015 app016 app017 app018 app019 app020 aproo1 apr002 apr003 apr004 apr005 apr006 apr007 arp001 arp002 Description input is shorter than the minimum of minimum characters input is longer than the maximum of maximum characters input is not exactly exact characters long input is not between minimum and maximum input is less than the minimum of minimum input is larger than the maximum of maximum input does not match pattern pattern input is not a valid email a
384. rrcode changeapproval child remove user resource info description rejected errcode changeapproval child remove user resource info description failed errcode changeapproval child remove user resource notification title errcode changeapproval child remove user resource notification description errcode changeapproval child add role role info title reje cted errcode changeapproval child add role role info title fail ed errcode changeapproval child add role role info descripti on rejected errcode 396 Portal User Guide Code tkt002 tkt003 tkt005 tkt006 tkt007 tkt008 tkt009 tkt010 tkt011 tkt012 tkt013 tkt014 tkt015 tkt016 tkt017 Description 1 rejected request to delete role 0 from user 1 failed request to delete role 1 from user 0 is already in process request to add resource 1 to user 1 rejected request to add resource 0 to user 1 failed the request to add resource 1 to user 0 was rejected request was submitted on universe 2 from 3 the request to add resource 1 to user 0 failed request was submitted on universe 2 from 3 request to delete resource 1 from user 0 rejected request to delete resource 1 from user 0 failed the request to delete resource 1 from user 0 was rejected request was submitted on universe 2 from 3 the request to delete resource 1 from user 0 failed req
385. rs at the bottom of the data table and in the Ticket Queue Customize This option allows you to select which fields appear as columns in the data table A f 5 Name Organization 87368000 Toper Jim Stamford Branch Branches 75675330 Davis Brett Database Administrators Corporate 94738470 German Tom Fifth Ave Branch Branches 58723810 Eyal Yavetz Purchasing Corporate 82653450 Hill Gary Fifth Ave Branch Branches 64646410 Ron Marom Operations Corporate 84848110 Fidelity Bob Operations Corporate 89653230 Doll Charles Database Administrators Corporate 94362210 poster Jillian Application Development Corporate 97373330 Katz Nancy Silicon Valley Branch Branches Add o E E E E E E E O E E O l a Is 2 IN ID To customize a data table 1 Click Customize A Select Fields for lt Entity gt screen opens in a separate browser window Select Fields for Users Country UserName Location Organization Title OrganizationType Cost Center Suspended 22 Portal User Guide User Interface 2 Inthe Available Fields left hand panel select one or more using Ctrl Shift of the listed fields 3 Click the right arrow button to transfer the selected field s to the Selected Fields panel 4 Optional To change the order of the fields listed in the Selected Fields panel select a field and click the down arrow or up arrow button 5 To remove a field from the Selected Fields panel select the field and click th
386. rs you want to manage at this time you can click Get Resources to obtain a list of the resources currently associated with these users Note If the actions you want to take do not involve the currently enrolled resources associated with the selected user you can skip the Currently Enrolled Resources table and go to the Other Resources table Chapter 11 Running Self Service Tasks 229 Manage My Team s Resources To select users from the MMT Resources Users table and obtain their roles 1 In the Users table select one or more users You can click Find Users to open the Select User screen 2 Click Get Resources The resources linked to the selected user s appear in the Currently Enrolled Resources table A list of resources that are not linked to the currently selected user s appears in the Other Resources table At this point you can choose to m Manage the current enrollment list Add additional resources to the selected users a Do both If you do not want to manage the currently enrolled resources add resources to the selected users More information Customizing a Data Table see page 22 Setting the Number of Records Per Page see page 23 Filtering a Data Table see page 24 Presenting the Currently Enrolled Resources Table Manage My Roles Screen see page 230 Presenting the Other Resources Table MMT Resources Screen see page 233 Presenting the Currently Enrolled Resources Table M
387. rse Portal Campaign Type USER Auto Generate Permissions true Configuration Model2_ConfigWithRoles Link Filter Direct Indirect Dual Audit Card Model2_ConfigWithRolesAudit1 Entity Fiter No Filter Attachments omments Campaign Management Add Attachment View Transaction Log View Children gt gt ir Internet To start the campaign Nancy clicks Start Campaign The tickets which were hidden from the approvers are now visible to them More information Running Campaign owner Tickets see page 101 Chapter 4 Showcasing the Eurekify Portal 55 Running a Campaign A Case Study Checking the Campaign s Progress As a campaign owner Nancy is responsible for monitoring the progress of the campaign s approvers and making sure that they are aware of the campaign s deadline To check on the campaign s progress Nancy can click the View Campaign Progress button located in the campaign owner s ticket The Campaign Title Progress screen opens in a separate browser window Campaign Progress Windows Internet Explorer First User Audit 2009 Progress niverse Portal onfiguration Model2_ConfigWithRoles Approver Name Progress Completed DOMAIN Katz Nancy Katz Nancy 0 6 0 DOMAIN Goodman Goodman Bruce Bruce Allen Sherman 0 26 0 DOMAIN Ilan Sharoni 0 0 100 DOMAIN Purple Mary Purple Mary 0 97 0 DOMAIN Katz Nancy Katz Nancy 0 40 0 Cooper Amas 74 176 42 Herman Barbara 0 200
388. rt The target Eurekify configuration files depend on the connector s universe Start Date Provide the date on which the job will begin HH The hour of the day 1 24 when the job will commence MM The minute 1 60 when the job will commence Repeat Hours When the job will be repeated The time period is specified in hours Add Job Click this button to add the new job to the list of existing jobs To schedule a new job import export event 1 On the Administration menu click Job Scheduler The Job Scheduling screen opens Enter a Job Name in the text box Select a Connector from the drop down list Enter a Start Date You can select a date using the pop up calendar Set the exact hour and minute when the job should begin Enter the number of hours before the job is repeated Click Add ee Ul ee os cl The new job is added to the Jobs table Chapter 15 Using Administration Functions 361 Job Scheduling The Jobs Table 362 Portal User Guide The Jobs table lists all the jobs that have been entered into the system The table contains the following fields Job Name The name of the job Description A description of what it does export import Job Class Lists the connector s Java Class Start Time Provides the date and time on which the job will begin Previous Execution When a job is repeated the previous date and time is listed here Next Execution The date and time when the job is scheduled to be repea
389. rtification Keren Cindy Role Review lReassigned From Approver Progess 0 17 0 Ivy N Progress Violations RoleName Description Organization Type Comment RACF Public access Characteristic Role Characteristic Role 100 0 100 0 Min 60 Min 60 Company Applicative Role E users 3 y X gt Name Violations Relationtype Username Organization Organizationtype Country History Comment Rolen Dave 98383770 Maor Kathy 98383840 Cherry Jay 89753140 Direct Rolen Dave Finance Corporate US History Ef Direct Maor Kathy Finance Corporate us History g Direct Cherry Jay Finance Corporate US History g E Resources 2 A X d Hamel Name2 Name3 Violations Relationtype Description Managerid owner Location History Comment PUBLIC RACFPROD RACF22 Production Production RACF RACF POLI AO TES TRACHA RacETEST RACF22 Direct Test RACF 77292450 Ivine cA Histoy B RACFPROD RACF22 Direct 77292450 Irvine CA History Ef E Chid Roles 0 x X Name Violations Relationtype Description Type Organization Rule Owner History No Records Found E Parent Roles 0 v X gt Name Relationtype Description Type Organization Rule Owner History No Records Found RACF Test Developers Characteristic Characteristic Role 100 0 Role 100 0 Min 60 Min 60 ERED SEES IES RACF Developers Characteristic Role Characteristic Role 100 0 aes 100 0 Min 60 Min 60
390. rwritten To save the older version print or export it before you regenerate the report with new parameters Export a Report to a File 322 Portal User Guide You can save reports in several common formats This allows you to share them with others and include them in other documents To export a report to a file 1 Click on the left side of the window The Export Report dialog appears Select the document format output range and sizing options Click OK A prompt appears when the document is generated Do one of the following m Choose Save to save the file Choose Open to view the file Print a Report Print a Report You can send reports to a printer to share or archive information or to simplify review of longer format reports To print a report 1 Click on the left side of the report window The Print Report dialog appears 2 Choose an output format and print range and click OK A print preview appears in a new browser window 3 Configure printer settings and print Chapter 14 How to Generate Reports 323 Chapter 15 Using Administration Functions The administration menu provides a number of important processes that can be run only by administrators with the appropriate permissions This section contains the following topics Adding Campaigns see page 325 Start Approval Process from DNA see page 337 Setting a Universe see page 338 Setting Connectors see page 346 Job Scheduli
391. s Pending Action lt Due Date 19 01 2009 21 49 24 Priority Low lt G Minimal State open E Modified Date 19 01 2009 23 40 26 Date Created 19 01 2009 16 49 24 Role Approver Update Role Fifth av Applicative role Description Role Approver Update Role Fifth av Applicative role lt lt Less Details Configuration Name Model2_ConfigWithRoles Role Accountable Role Name Fifth av Applicative role Updated Field Updated Value Users To Add 91238730 767762440 4874732204 784774660 94738470 763291304 892134784 789123470 876234904 82653450 Child Roles To Add Parent Roles To Add Resources To Add Users To Remove Child Roles To Remove Parent Roles To Remove Resources To Remove PropertyType SAGE OldProperties PropertyType SAGE OldPropertyValues Approval Process Result Role Fields Role Links Users To Add 91238730 67762440 87473220 84774660 94738470 76329130 89213478 89123470 87623490 82653450 Add Attachment View Transaction Log View Initiators View Violations The Update Role Approver ticket supplies you with all the data you need to make the decision whether to approve or reject the Self Service provisioning request The Approver ticket also provides you with the required functionality to assist you in the process Chapter 12 Role Definition Tickets 307 Update Role Ticket Tree More information Self Service Request New Role Parent Ticket see page 2
392. s Policy Verification Report Certification Progress Report Chapter 5 Presenting the Home Page 65 The Reports Bar To add a report link to the list of reports displayed in the Reports Pane 1 In the Reports bar header click o The Select Links for My Reports screen opens in a separate browser window Select Links for My Reports Configuration Properties Configuration Users Attributes Configuration Roles Attributes Configuration Resources Attribut Configuration Users Full Configuration Roles Full Configuration Resources Full Overlapping Roles By Users Overlapping Roles By Resources Suspected Connections User Re 2 Inthe Available Links left hand panel select one or more using Ctrl Shift of the report links 3 Click 2 to transfer the selected link s to the Selected Links pane 4 Optional To change the order of the listed links in the Selected Links pane select a link and click UoN 5 To remove a report link from the Selected Links pane select the link and click B 6 When you finish making your selections click OK The selected links will now appear in the Home page Reports navigation bar 66 Portal User Guide The Business Processes Bar The Business Processes Bar The Business Processes navigation bar lets you easily navigate to your most popular business processes The business processes that are available are those procedures listed also in the Self Service menu You can click Q to
393. s They are limited to approving or rejecting the current links At times either following a campaign or following changes in corporate regulations or policies it is necessary to update the actual links between the corporate users and the systems roles and resources or to generate new roles This need is fulfilled by using the Self Service tasks Note The general functionality available in Self Service task screens is already documented in Using the Eurekify Portal Interface see page 19 and therefore will not be documented in this chapter Chapter 11 Running Self Service Tasks 197 Compliance Dashboard This chapter documents all the Self Service tasks available via the Eurekify Portal Managers will have access only to those features for which they have been provisioned For the purpose of this manual the Self Service tasks are divided into two groups Provisioning Tasks Includes all the tasks that manage a user s roles resources Manage my team s role assignments Manage my role assignments a Manage my team s resource assignments a Manage my resource assignments Defining Roles Tasks Includes the role definition tasks Request a new role definition m Request changes to a role definition Note If you find it necessary to run a Self Service task that does not appear in your Self Service menu please report this to your system administrator The Eurekify Portal lets you add links to your favorite Self Service tasks on the
394. s approval from entity managers For more information see Running Self Service Tasks see page 197 This ticket is the specific Self Service request manager ticket For each set of Approver tickets generated for a Self Service request and sent to the link s entity managers there is a parent ticket thus creating a sub tree for each rejected link For more information see Running Self Service Tasks see page 197 and Role Definition Tickets see page 261 The Approver tickets generated when a self serviced process requires approval from entity managers For more information see Running Self Service Tasks see page 197 The ticket generated when a self serviced process Approver wishes to consult another user regarding the specific request For more information see Running Self Service Tasks see page 197 Chapter 6 Tickets and the Ticket Queue 73 Ticket Life Cycle Name Ticket Type s Description Task Update Role Task A ticket generated when a specific task needs to be Notification performed usually as part of a larger procedure For example defining a new role s manager accountable For more information see Role Definition Tickets see page 261 Notification A task ticket that is generated for the purpose of passing information Import Export A ticket generated when an import or export event Import Export ticket Error ticket runs For more information see Running a Connector
395. s recommendations Select one or more roles to link to the chosen users Optional Click Test Compliance to review your selections and check for possible violations The Violations screen opens in a separate browser window Click X to close the Violations window Click Submit T The Requests screen opens Enterprise Role and Compliance Manager Home Ticket Queue Dashboards Self Service Entity Browser Reports Administration Logout AD1 EAdmin Person ID Name Privilege Violations Rodney Sergio 75676560 Rodney Sergio 75676560 Organization Database Administrators Characteristic Role 100 0 Min 40 Davis Brett 75675330 Davis Brett 75675330 Title DB Developer Characteristic Role 50 Davis Brett 75675330 Davis Brett 75675330 Organization Database Administrators Characteristic Role 100 0 Min 40 Doll Charles 89653230 Doll Charles 89653230 Organization Database Administrators Characteristic Role 100 0 Min 40 More information Approval Process Tickets see page 151 Filtering a Data Table see page 24 Setting the Number of Records Per Page see page 23 Customizing a Data Table see page 22 Test Compliance see page 200 Suggesting Entities see page 202 Introducing the Requests Table see page 257 Chapter 11 Running Self Service Tasks 217 Manage My Role Assignments Manage My Role Assignments 218 Portal User Guide As a user you may find it neces
396. s of the configuration similar to those used during the audit phase of role management These reports give a quick visual indication of how well the current role hierarchy matches usage patterns and what proportion of users have suspect patterns of access Role Management reports used to analyze the role hierarchy and perform before after and what if comparisons of different configurations Policy Management reports used to verify use of business policy rules BPRs Campaigns reports used to track the progress of certification campaigns and summarize changes made during a campaign Parameters and Filters for Report Generation Parameters and Filters for Report Generation To generate a report you must specify the configuration file or universe on which to base the report You may have to specify other parameters for some reports You can also specify parameters that filter the report contents This allows you to limit the report to specific data sets based on user account attributes geographic location network structure or organization business unit Additional parameters let you control the sorting of records in some reports or set statistical thresholds for charts and graphs The following parameters are used to generate reports Not all parameters are used for every report Configuration Specifies the configuration file upon which the report will be based The drop down lists all configuration files in the CA Eur
397. s ticket tree this means that you can view the parent tickets for the Request Parent ticket and for each Approver ticket Click View Parent to open the current ticket s parent ticket in a separate browser window View Children Post campaign Approval Process tickets are set up as hierarchal trees The View Children option allows you to see information concerning all the nodes leaves that are located below the current ticket For the Approval Process ticket tree this means that you can view the children tickets for the Approval Process Root ticket and for the Rejected Link Parent ticket You can control the number of records per page listed in the table by using the Records per page option Add Comment Add Attachment View Transaction Log View Initiators lt lt Close Children Action Owner Type Status Title Pending User Approval Request to delete resource office2003 2003 WinNT MS office2003 from user Keren Select Tailor Janet Approver a ction Cindy 77292450 Select Flag Lee DOMAIN Flag A prover Pending Resource Approval Request to delete resource office2003 2003 WinNT MS office2003 from user Keren Lee p Action Cindy 77292450 Chapter 9 Approval Process Tickets 163 Advanced Approval Process Ticket Functions The following fields appear in the View Children table Action The action you can take concerning this ticket For example Select opens the selected ticket in a separate browser window Owner The ticket o
398. s to generate a report in CA Eurekify Role amp Compliance Manager Step Refer to 1 Select a report to run Report Types see page 318 2 Select data files specify Parameters and Filters for Report customization parameters and Generation see page 319 generate the report 3 View the report in your browser Display a Report s Index see page 322 and Change Report Parameters see page 322 4 Export the report to a file or print Export a Report to a File see it page 322 or Print a Report see page 323 This section contains the following topics Report Types see page 318 Parameters and Filters for Report Generation see page 319 Display a Report s Index see page 322 Change Report Parameters see page 322 Export a Report to a File see page 322 Print a Report see page 323 Chapter 14 How to Generate Reports 317 Report Types Report Types 318 Portal User Guide Reports are accessed from the CA Eurekify Role amp Compliance Manager portal by choosing Reports from the main menu Reports are grouped into the following categories Configuration Reports detailed listings of users resources or roles and their links to other entities These reports let managers review in detail the privileges assigned to users or resources under their responsibility Privileges Quality Management graphical presentations of the most common significant pattern based analytical metric
399. sary for further information Indirect Certify indirect links for example hierarchal links see Glossary for further information Indirect links cannot be rejected during a campaign Chapter 15 Using Administration Functions 329 Adding Campaigns 330 Portal User Guide Only use links from audit card Optional Select to enable this option Sets the campaign to display only users and their links who have violations listed in the Audit Card Only use links not in audit card Optional Select to enable this option Sets the campaign to display only users and their links which do not appear in the AuditCard This is useful in case the AuditCard represents Approved Violations Permissions Override the Eurekify cfg permissions in order to ensure that campaign designated approvers are permitted access to the subjects of their approval Automatically provision campaign permissions Recommended Select to ignore the system permissions and automatically provision campaign permissions For example this shortcut is useful as it allows managers to view tickets that otherwise they wouldn t be allowed to view because the security administrator had to runa campaign even though the corporation is in the middle of setting up permissions When this option is disabled an Approver may receive a ticket yet the ticket will be empty if the permissions were not defined so as to allow this Approver to view the relevant links Genera
400. sary to request an update to your roles because of corporate changes personnel changes or following an audit process The Manage My Role Assignment screen allows you to manage your roles by generating a request to add new roles or by deleting existing roles The role management utility allows you to select a specific target role but it also provides you with suggested roles and the information necessary to make an informed choice The screen is divided into three sections General Provides descriptive information concerning the current action Currently Enrolled Roles The current roles linked to the selected users Other Roles A list of available roles The Other Roles section displays a customizable table Enterprise Role and Compliance Manager Home Self Service gt Business Area Business Process Description Currently Enrolled Roles Remove Ticket Queue Dashboards Manage My Roles Assignments Self Service Entity Browser Reports Administration Role Name BASIC ROLE Other Roles Showing Add o Customize 1 to 10 of 28 Role Name Organization Human Resources RACF Public access Organization Application Development Title Operator Sales Team Organization Database Administrators Organization System Management Organization Stamford Branch Title Branch Manager Organization Marketing_Dept Test Co
401. scalated you can view the list of users who received ownership of the campaign iew Initiators UserName Organization OrganizationType Email Location Title Cooper Amos IT Security Corporate 54672910 company com IT Manager Cooper Amos IT Security Corporate 54672910 company com IT Manager Eurekify Admin Eurekify Eurekify Admin Close The information provided by the View Initiators table is based on the campaign s configuration files To view the campaign s initiator list 1 Click Advanced at the bottom of the Ticket Properties Form 2 Click View Initiators The View Initiators table appears in a separate browser window 150 Portal User Guide Chapter 9 Approval Process Tickets This chapter is designed for managers who can run post campaign Approval Processes and for entity managers who may receive Approver tickets as part of the approval process Note As the post campaign Approval Process is always started by the current campaign owner the owner of the Approval Process tree s root ticket will be designated in this chapter as the campaign owner even if the current owner of the ticket is actually someone who received the ticket during the Approval Process as a result of an escalation or delegation operation Following a campaign your next task is to review all the rejections that were generated in the course of the campaign As you know the campaign itself is a straightforward review of the current links prese
402. screen opens Filter the data table to create a search pattern OF Pe uN Optional You can use the RACI based Advanced Search feature to include additional constraints on the search 6 Click Search A list of roles is displayed in the customizable Role table 7 Select the Add check box for the role you want to update 8 Click OK The Request Role Update screen opens 256 Portal User Guide Introducing the Requests Table More information Defining a New Role see page 244 Filtering a Data Table see page 24 Request New Role Definition Screen see page 245 Definitions for Role Name New Role Name see page 250 Introducing the Requests Table Each Self Service task requires you to submit a request to perform the changes generated via the task s screens When you have finished your selections in the selected Self Service screen and have clicked Submit the Requests screen appears This screen summarizes the requests you have made while performing the Self Service task Enterprise Role and Compliance Manager Home Ticket Queue Dashboards Self Service Entity Browser Reports Administration yut AD1 EAdmin Request Person ID Name Rodney Sergio 75676560 Rodney Sergio 75676560 Organization Database Administrators Characteristic Role 100 0 Min 40 Davis Brett 75675330 Davis Brett 75675330 Title DB Developer Characteristic Role 50 Davis Brett 75675330 Davis Brett 75675330 Organization Da
403. scusses the following procedures m The Connector Settings panel Create a new import connector R Create a new export connector m Runa connector m Edit a connector Delete a connector Connectors are defined specifically either as an import connector or as an export connector More information The Connector Settings Panel Tables see page 348 Creating a New Import Connector see page 350 Creating a New Export Connector see page 354 Running a Connector see page 357 Import Error Tickets see page 359 Chapter 15 Using Administration Functions 347 Setting Connectors The Connector Settings Panel Tables The Connector Settings panel provides two connector tables Import Connectors Table Export Connectors Table Enterprise Role and Compliance Manager Home Ticket Queue Dashboards Self Service Entity Browser Reports Administration Administration gt Settings gt Connector Settings Logout AD1 EAdmin Imports Name Description Basic import connector For demonstration purposes Exports lt Name No Records Found Each connector table displays a list of available connectors ID numbers description and provides the options to Edit Delete or Run a connector The Create New button located above each table allows you to generate a new import connector or a new export connector To access the connector tables 1 On the Administration menu click Settings The list of availabl
404. se Role and Compliance Manager Home Ticket Queue Dashboards Self Service Entity Browser Reports Administration Find Showing 1 to 10 of 83 4 14123456789 Res Name 1 Res Name 2 Res Name 3 Enrolled UGSYS TSSCREDIT TSS50 2 2 UGFIN1 TSSCREDIT TSS50 2 2 public UNXMARKT Solaris26 1 2 UGMPSYS RACFPROD RACF22 1 2 uagrksys UNXMARKT Solaris26 1 2 UGMTSYS RACFTEST RACF22 0 2 TESTDEV RACFTEST RACF22 0 2 UGMPOPR RACFPROD RACF22 0 2 UGADMGR Administration ROOT NOVELADM Novel4 0 2 UGMPMINI RACFPROD RACF22 0 2 Customize Records per page To see which users are using the selected resources click here the results are in the Users table OBOOOsnogogoo0o0 80 4 41234567 gt Person ID Name Organization Organization Type Enrolled 45489940 Steiven Pat System Management Corporate 1 2 86544420 Fred John System Management Corporate 1 2 67283470 Angel Ben System Management Corporate 1 2 98383770 Rolen Dave Finance Corporate 0 2 84847310 Goid Wiliam Human Resources Corporate 0 2 88311130 Goodman Bruce Marketing_Dept Corporate 0 2 67565330 Schwarts Barry Human Resources Corporate 0 2 83838380 Helmuth Howard Marketing_Dept Corporate 0 2 93773730 Tailor Janet Operations Corporate 0 2 58723810 Miles Buyer Purchasing Corporate 0 2 OOOOO00O0 8fkO0O Customize Records per page To see which resources are used by the selected users click here S the results are in the Resources table Copyright C 2008 Eurekify All Rights
405. ser Review L lt ss Details onfiguration Name Model2_ConfigWithRoles 77292450 TESTDEV RACFTEST RACF22 Person ID Add Comment Add Attachment View Transaction Log View Parent View Initiators View Violations View User View Resource CE Internet 100 More information Running Campaign owner Tickets see page 101 Campaign Approver Tickets see page 131 Approval Process Tickets see page 151 Info tickets see page 91 86 Portal User Guide The Ticket Properties Form Add Comment Using this function you can add specific comments in free style text This is in addition to system comments that may be added during a ticket s life cycle for example during a campaign a comment is added when a campaign is delegated Ticket Properties Form Windows Internet Explorer 7 http localhost 8080 eurekify tms ui wicket interFace 15 La Internet All the comments appear in the Comment s table Ticket Properties Form Windows Internet Explorer 7 http flocalhost 8080 eurekiFy tms uif wicket interface 16 Campaign Ticket Id 835 Owner Eurekify Admin AD1 Previous Owner Status pending Action Due Date 15 01 2009 00 00 00 Priority Normal Severity Medium lt State Open Modified Date 21 12 2008 13 28 43 Date Created 21 12 2008 12 51 2 Title User Review User Certification Description End of year user audit Universe Portal Campaign Type
406. ser is represented in this file by one line which includes comma separated values for the following fields in this order m PersonID the key m User name Organization name Organization type Additional fields optional m Up to 6 additional fields per user Example 234A745 Tony O Smith Sales US West Coast Sales San Francisco 234A111 5 373B234 Mark W Johnson San Jose Wireless Research R amp D San Jose 123B546 1 Appendix D Eurekify Sage Configuration Data Formats 427 Resource Database File Resource Database File Each resource is represented in this file by one line which includes comma separated values for the following fields in this order m Resource Name 1 m Resource Name 2 m Resource Name 3 Additional fields optional Up to 6 additional fields Example System Administrator Unix 348 Unix AIX ControlSA ESS Marketing Managers NT 720 NT Windows PR Planning Configuration File Each line in this file represents one entity and or one relationship Reference to Static Users and Resource Databases This section comprises the first two lines in the file and it provides a reference to the users and resource database files These lines have the following formats UsersDB lt Users Database File Name gt ResDB lt Resource Database File Name gt Multiple configurations may share the same users and resource database files even if only a small number of users and or resources actually participate in
407. siness Area General information descriptive This information will appear in the Description field of the ensuing Self Service Approval Root ticket Business Process General information descriptive This information will appear in the Description field of the ensuing Self Service Approval Root ticket Description Provide a concise and meaningful description of the changes you intend to make to your resources Submit Click to submit your request for changes To enter the data in the Manage My Resources General section 1 Select a Universe from the drop down list The Currently Enrolled Resources table and the Other Resources table shows resources belonging to the selected Universe s configuration 2 Enter the Business Area for the current action 3 Enter the Business Process associated with the current action 4 Enter a Description Note If the actions you want to take do not involve your currently enrolled resources you can skip the Currently Enrolled Resources table and skip to the Other Roles table If you do not want to manage the currently enrolled resources add resources to the selected users Chapter 11 Running Self Service Tasks 239 Manage My Resources Presenting the Currently Enrolled Resources Table Manage My Resources Screen This section lets you manage your current resource enrollment When you originally selected the Universe the Eurekify Portal provided the list of your current resour
408. sions 385 Permissions Filter Type Resources There are 3 types of filter resources a Filter_User m Filter_Role m Filter_Resource Res Name 3 Description FILTER RES Demot sd Filteri3 Campaign automatic filter FILTER Demol Filter14 L Campaign automatic filter FILTER Demol Filter15 L Campaign automatic filter FILTER gt type role A type resource sageUser PersonID Model_Configwit Read Access to campaign co DOC A Link Access to TMS Auto gen LINK Campaign automatic filter FILTER A type user sageUser PersonID Campaign automatic filter FILTER gt type role A type user sageUser PersonID Campaign automatic filter FILTER gt type resource A type user sageUser PersonID Campaign automatic filter FILTER A type role sageUser PersonID Campaign automatic filter FILTER gt type user A type role sageUser PersonID Campaign automatic filter FILTER gt type resource A type role sageUser PersonID Campaign automatic filter FILTER gt type role A type role sageUser PersonID Campaign automatic filter FILTER PersonID 99883136 Campaign automatic filter FILTER user 99883136 Campaign automatic filter FILTER user 99883136 Campaign automatic filter FILTER user 99883136 Campaign automatic filter FILTER A type user sageUser PersonID Campaign automatic filter FILTER gt type role A type
409. sources The screen is divided into three sections General Provides descriptive information concerning the current action Currently Enrolled Resources The current resources linked to the selected users Other Resources A list of available resources The Other Resources section displays a customizable table As the Manage My Resources screen allows many options and great flexibility the procedures will be broken up by section The fields in the General section m The Currently Enrolled Resources table options and functionality m The Other Resources table options and functionality To manage my resources click Mange My Resource Assignments on the Self Service menu The Manage My Resources screen appears More information Customizing a Data Table see page 22 Presenting the General Section Manage My Resources Screen see page 238 Presenting the Currently Enrolled Resources Table Manage My Resources Screen see page 240 Presenting the Other Resources Table Manage My Resources Screen see page 241 Presenting the General Section Manage My Resources Screen Manage My Resources Business Area Universe Portal s Business Process Description 238 Portal User Guide Manage My Resources The General section of the Managing My Resources screen contains the following fields Universe Select the Universe you wish to work with The users table and the available resources depend on the universe Bu
410. sources In Progress Add Role E select Accountable to Role Manage Human Resources Pending Action 01 02 2009 13 01 40 2244 Task After the Self Service task manager has selected a person who will be accountable for this role stage 1 stage 2 begins and a new ticket is generated Stage 2 Ticket Description 7 Approval Root ticket Same ticket 2 Self Service Main Request Same ticket Parent Ticket Select Accountable This Task ticket has been completed and is currently archived Approver Ticket The Role Approver ticket This is an Add Role approver ticket It is sent to the Role manager It contains all the requests to add a link between the new role and other entities For more information see Role Approver Ticket Add Role see page 291 Note Ifthe role manager rejects the request submitted in the Role Approver ticket the Approval Process ends and the relevant emails and info tickets are generated gt WD Tite 2220 E G Add Role Approval Root Request 2221 2222 2223 E amp New Role Corporate Security Select Accountable to Role Corporate Security Role Approver New Role Corporate Security State Status Open In Progress Open In Progress Archived Completed Archived Approved Chapter 12 Role Definition Tickets Children Type Received Approval 01 02 2009 Root 00 29 04 A 01 02 2009 Add Role 00 29 05 01 02 2009 00 29 17 01 02 2009 00 35 53 Task Add Role Own
411. ss Name of the Workflow process More information Setting Connectors see page 346 Step 3 Importing Entity Data Step 3 Importing Entity Data Import refers to downloading the system s current user resource and role when available configuration data You can use the import connector that you created in Step 2 to download the entity data from the enterprise endpoints You can also use the Import option on the Eurekify Sage DNA Data Management menu bar to import the entity data see Chapter 2 in the CA Eurekify Role amp Compliance Manager Sage DNA Data Management Guide The output of the import process is a Sage configuration document cfg file which sets the stage for the role discovery process More information Running a Connector see page 357 Step 4 Generating Master Model Configurations When you created the Universe you provided the names of two configurations files one was the master configuration file and the other was the model configuration file The master configuration file contains the data imported from the system s endpoints The model configuration file is initially a copy of this data which will be processed and updated as the role modeling and audit processes proceed Use the instructions in Appendix A Duplicating a Configuration see page 403 to generate the master model configuration files using the Eurekify Sage DNA module If necessary edit the Universe so that the
412. ss two types of functions m Link related actions Ticket related actions Link related actions can be found in the Campaign Approver tickets Ticket related actions depend on the ticket type Ticket functionality includes general functions such as Close or Save that are generic for all ticket types and specialty functions that are available for specific types of tickets such as the View Campaign Progress option which is unique to campaign owner tickets or Acknowledge which is found in info tickets Chapter 6 Tickets and the Ticket Queue 69 The Business Processes Bar 70 Portal User Guide The complexity and extensive functionality available through the Eurekify Portal tickets is described in six separate chapters Chapter 6 Provides information concerning general ticket data and functionality shared by all types of tickets Chapter 7 Campaign Tickets Provides information concerning data and functionality available in campaign related tickets Chapter 8 Campaign Approver Tickets Approver tickets are generated by campaigns They contain the list of links that need to be audited as part of the campaign Chapter 9 Post campaign Approval Process Tickets These tickets provide a final review of any link that was rejected during the campaign Chapter 11 Self Service Provisioning Tickets These tickets provide a final review of Self Service requests m Severing an existing link m Adding a new link Chapter 12
413. t tag gt lt tag gt lt tag id PrivilegesQualityManagement gt lt type gt internal lt type gt lt label gt Privileges Quality Management lt label gt lt checkPermission gt true lt checkPermission gt lt tag id OverlappingRolesByUsers gt lt type gt report lt type gt lt label gt Overlapping Roles By Users lt label gt lt data gt com eurekify web reports parameters overlappingroles OverlappingRolesByUsersParametersPage lt data gt lt checkPermission gt true lt checkPermission gt lt tag gt lt tag id OverlappingRolesByResources gt lt type gt report lt type gt lt label gt Overlapping Roles By Resources lt label gt lt data gt com eurekify web reports parameters overlappingroles OverlappingRolesByResourcesParametersPage lt data gt lt checkPermission gt true lt checkPermission gt lt tag gt lt tag id SuspectedConnectionsUserRes gt lt type gt report lt type gt lt label gt Suspected Connections User Resource lt label gt lt data gt com eurekify web reports parameters suspectedconnections SuspectedConnectionsUserResParametersPage lt dat a gt lt checkPermission gt true lt checkPermission gt lt tag gt lt tag id SuspectedConnectionsUserRole gt lt type gt report lt type gt lt label gt Suspected Connections User Role lt label gt lt data gt com eurekify web reports parameters suspectedconnections SuspectedConnectionsUserRoleParametersPage lt dat a gt lt checkPermission gt true
414. t Queue Archived tickets the old ticket and the new ticket create a hierarchal tree in which the original ticket the Status is set to Delegated is the root ticket and the new ticket is the next node Enterprise Role and Compliance Manager Home Ticket Queue Dashboards Ticket Queue gt Archived Tickets ID Title State Status Children Type User Approval Request to delete role Delete P 1778 E organvat tabase Administrators Characteristic Archived Escalated Link User Role Role 100 P 1824 Self Service Entity Browser Reports Administration Logout Eurekify Rami 19 01 2009 Rami Sas 17 47 43 Eurekfy Ram User Approval Request to di ole Pendin E organization Database Administrators Characteristic New Penang Role 100 Delete Rami Sas a Eurekify Rami 19 01 2009 23 11 22 Herman Barbara 94 Portal User Guide Info tickets To delegate a ticket select a user from the list of appropriate users Browse Tickets Windows Internet Explorer 7 http localhost 8080 eurekify tms ui 2wicket interface 9 Find Escalate Users Where Choose Field Where Choose Field v contains v contains Choose Field v contains OK Showing 1 to 30 of 140 UserName Rodney Sergio Moris Bill Rolen Dave Fred John Deer Alex Goid Wiliam Sharon Johnson Moos Steve Rojer Dave Steiven Pat Organization Database Administrators System Management Finance
415. t Tables The Ticket Queue enables you to display and interact with tickets that are displayed in table format You can view your own tickets and tickets that were generated by you even though they have a different owner The columns are customizable The Ticket Queue menu provides a set of display filters The available filters are Open New Done Presents tickets whose state is Open New or Done New Tickets Presents new tickets Overdue Tickets Presents the tickets whose end date has already passed Approver Tickets Presents the current user s Approver tickets This is most relevant to Administrators who can view their own tickets and the Approver tickets associated with campaigns they own Campaign Tickets Presents Campaign tickets Archived Tickets Presents tickets that were sent to be archived Enterprise Role and Compliance Manager eure ify Home Ticket Queue Dashboards Self Service Entity Browser Reports Administration Logout DOMAIN Cooper Amos Ticket Queue gt Approver Tickets P ID Title State Status Type Received Owner Campaign 5 Cooper Amos Manager 21 12 2008 DOMAIN Cooper Approver Amos Campaign 5 Cooper Amos Manager sanoa DOMAIN Cooper Approver S Amos Pending 872 User Certification Cooper Amos User Review New Action Pending Action 717 z Role Certification Cooper Amos Role Certification Hidden After selecting a display mode from the menu you can inte
416. t bookmarkablePage com eurekify tms web template DeFaultTicketPagesticketId 1053 he 1053 Helmuth Howard Previous Owner Purple Mary DOMAIN Status pending Action 15 01 2009 00 00 00 Priority Normal lt Severity Medium lt State open v Modified Date 25 12 2008 13 42 44 Date Created 24 12 2008 14 28 15 user Certification Purple Mary User Review User Certification Purple Mary User Review Reassigned From Purple Mary DOMAIN Purple Mary Approver Progess l 0 10 0 v X gt Progress Violations PersonID UserName Organization OrganizationType Comment Ez 444 Purple Mary 67762440 Purple Mary Fifth Ave Branch Branches E Attachments comments Add Comment Add Attachment View Initiators View Transaction Log 144 Portal User Guide Auditing Links To reassign a user link 1 In the Ticket Properties Form click next to the user you wish to audit The associated Roles and Resources tables appear Select the check box in the reassign column next to the user s role s and or resource s you want to reassign Note If you select more than one role resource they will all be reassigned to the same Approver Click Save and Reassign The Find Reassign Users screen opens in a separate browser window Optional Click Select to filter the table Browse Tickets Windows Internet Explorer 9 http flocalhost 8080 eurekiFy tms ui wicket interface 1
417. t from one or more managers When you activate this service a View Consult Results button appears in the Advanced functions section of the Ticket Properties Form Approve Approve the request to delete the link between the two entities Once approved the link is severed Reject Reject the request to delete the link between the two entities This means that the link will not be severed More information Delegate see page 157 Escalate see page 154 Approve see page 183 Consult see page 178 Reject see page 184 Chapter 9 Approval Process Tickets 177 Approval Process Approver Tickets Consult You can use the Consult utility to send a request for a consult concerning a link that you are reviewing during an Approval Process You can consult more than one user at a time You also don t have to wait for an answer to your request before you actually approve or reject the link listed in the Approver ticket This feature is particularly useful when you are facing a deadline When you click Consult the Find Consult Users screen opens in a separate browser window Browse Tickets Windows Internet Explorer L http flocalhost 8080 eurekify tms ui wicketsinterface 11 11 Find Consult Users Where Choose Field Where Choose Field contains and where Choose Fes 7 contains Showing 1 to 30 of 140 A 412345 UserName Organization OrganizationType Email i Title Database Administrators Moris Bill System M
418. tabase Administrators Characteristic Role 100 0 Min 40 Doll Charles 89653230 Doll Charles 89653230 Organization Database Administrators Characteristic Role 100 0 Min 40 Depending on the Self Service task the Request screen may contain additional information For example when generating a new role request the Requests screen will also include the Attribute data for the new role Enterprise Role and Compliance Manager Home Ticket Queue Dashboards Self Service Entity Browser Reports Administration Logout DOMAIN Senior manager in charge of local IT 54672910 Organizational Role TT Security Branch Corporate Organization IT Security Name Steiven Pat 45489940 Steiven Pat 45489940 Fred John 86544420 Fred John 86544420 User Angel Ben 67283470 Angel Ben 67283470 Resource UGFIN1 TSSCREDIT TSS50 Top Secret on MVSCREDIT UGFIN1 TSSCREDIT TSS50 Top Secret on MVSCREDIT Resource UGFINMGR TSSCREDIT TSS50 Top Secret on MVSCREDIT UGFINMGR TSSCREDIT TSS50 Top Secret on MVSCREDIT Chapter 11 Running Self Service Tasks 257 Introducing the Requests Table The columns in the Links table provided in this screen depend on the type of Self Service request you have just processed Highlighted data gives you access to the relevant entity cards and further information This information always includes the following two columns Request Presents the nature of the Self Service request The options
419. tart a campaign the state changes to New An email notification is sent to all the campaign s Approvers notifying them that a campaign has begun and that they have links to approve Stop Campaign This allows you as the campaign owner to arbitrarily stop a campaign at any time Restart Campaign This function is active only after a campaign has been stopped Archive Provides you with the option of moving the campaign from the main ticket table to the archive Start Approval Processes As the campaign progresses not all the links are approved The rejected links have to be sent through a secondary approval process View Campaign Progress Opens a separate browser window where you can view the campaign progress for each individual approver Send Reminder Lets you send email reminders to approvers whose performance is not acceptable under the campaign s deadline More information Approval Process Tickets see page 151 Chapter 7 Running Campaign owner Tickets 117 Campaign Management Functions Running the Campaign Start Campaign 118 Portal User Guide This section examines the management functions Start Campaign Stop Campaign Restart Campaign Start Approval Processes m Archive Once you have added a campaign to the system and the campaign ticket has been generated it resides in your Ticket Queue Until you as the campaign owner start the campaign none of the approvers assigned to this
420. te a new campaign you can see all the Approver tickets associated with your campaign as well as the main campaign ticket and your own Approver tickets where relevant The Approver tickets are listed in your ticket queue as branches of the campaign ticket tree Which entity managers are assigned to a campaign as approvers depends on the nature of the campaign For a user certification campaign user managers will be assigned as approvers Fora role certification campaign role managers will be assigned as approvers Fora resource certification campaign resource managers will be assigned as approvers Each approver is in charge of reviewing the links between the entity they are managing and the other entity types For example in a user certification campaign user managers will be charged with reviewing their team s links to roles and resources You can open any of the Approver tickets view the contents and reassign any of the listed entity links You cannot add comments attachments view the initiators or view the transaction log from within a Ticket Properties Form that you do not own see Owner field in the upper part of the screen Ticket Properties Form Windows Internet Explorer BEE http localhost 8080 eurekify tms ui wicket bookmarkablePage com eurekify tms web template Default TicketPage amp ticketId 1112 v r Campaign Manager Approver Ticket Id 1112 Owner Flag Lee DOMAIN Fla Previous Owner Status P
421. ted Delete Allows you to delete the job when you don t want it to run anymore The Transaction Log The Transaction Log The Eurekify Transaction Log TxLog provides detailed information concerning all the actions taken within the system The entries are listed by date Enterprise Role and Compliance Manager Home Ticket Queue Dashboards Self Service Entity Browser Reports Administration Administration gt TxLog Page mm as Showing 1 to 10 of 552 4412345678910 ID Date Source Owner Ticket SDatal SData2 SData3 SData4 SData5 SData6 SData7 SData8 Parameters ola EurekifyScheduler EurekifyScheduler TriggerMisfired aaa 17 11 2008 SAVE 15 08 13 pressed Ticket 17 11 2008 15 08 14 TMS fl UPDATE updated by GUI 25 11 2008 SAVE 21 30 20 pressed Ticket 25 11 2008 21 30 22 TMS UPDATE updated by GUI 25 11 2008 SAVE 21 30 31 pressed 25 11 2008 TMS 1 isun TMS 1 isun TMS cul Ticket Aes UPDATE updated by 21 30 31 GUI SAVE teun pressed Ticket 25 11 2008 When you first open the Transaction Log page the table is empty and you can see a filter that you can use to select which transactions you want to view Enterprise Role and Compliance Manager Home Ticket Queue Dashboards Self Service Entity Browser Reports Administration Logout AD1 EAdmin Administration gt Txlog Page ID Date Source Owner Ticket SDatal SData2 SData3 SData4 SData5 SData6 SData7 SData8 Parameters No Records Found
422. ted Link Parent Ticket This is a Delete Link Entity1 Entity2 ticket This ticket belongs to the campaign owner This node is the parent of the actual approval process Approver tickets that are sent to the Approvers The number of sub trees of this type present in an approval process tree depends on the number of rejected links being processed Approver Tickets This is a Delete Link Entity1 Entity2 ticket Two tickets of this kind are generated one for each entity manager per each rejected link For example when the rejected link is a user role link then one ticket will go to the user s manager and the second ticket will go to the role s manager Enterprise Role and Compliance Manager __eureXify Ticket Queue Dashboards Self Service Entity Browser Reports Administration Logout AD1 EAdmin State Status Children Typey Received Owner Previous Owner Approval 29 12 2008 Root 13 46 29 __ Request to remove user to resource association Delete ems B Gres UGMPER RACFPROD RACF22 Production Open In Progress 2 Link User 29 12 2008 Eurekify Admin lt kok Use 134630 AD1 EAdmin esource proval Requ Delete S Se S UGMPBR RACFPROD RACF22 Production RACF fromOpen Pending Link User 29 12 2008 rbe user Joe Dass T Resource 77 alts s Resource Approval Request to delete resource Delete S ucmper RACFPROD RACF22 Production RACE fromNew era Link User user Joe r 9 Resource Open In Progress 17 Eurekify Admin Keren Cin
423. the Currently Enrolled Resources Table Manage My Roles Screen see page 230 Presenting the Other Resources Table MMT Resources Screen see page 233 Presenting the General Section MMT Resources Screen Universe Portal Chapter 11 Running Self Service Tasks 227 Manage My Team s Resources The General section of the Managing My Team s Resources screen contains the following fields Universe Select the Universe you wish to work with The users table and the available resources depend on the universe Business Area General information descriptive This information will appear in the Description field of the ensuing Self Service Approval Root ticket Business Process General information descriptive This information will appear in the Description field of the ensuing Self Service Approval Root ticket Description Provide a concise and meaningful description of the changes you intend to make to your team s resources Submit Click to submit your request for changes To enter the data in the MMT Resource General section 1 Select a Universe from the drop down list 2 Enter the Business Area for the current action 3 Enter the Business Process associated with the current action 4 Enter a Description Presenting the Users Table MMT Resources Screen Users Showing 1 to 10 of 69 4 41234567 gt Add Person ID Name Organization Organization Type o 98383770 Rolen Dave Finan
424. the cache More information Load Cache see page 366 Clear Cache see page 367 Load Cache This utility is used to swiftly load a specific configuration into the Eurekify Server s memory cache Enterprise Role and Compliance Manager eurekify Home Ticket Queue Dashboards Self Service Entity Browser Reports Administration Logout AD1 EAdmin Administration gt Load Cache Load Configuration to Cache Choose Configuration Choose One To load a specific configuration into the Eurekify Server s memory cache 1 On the Administration menu click Load Cache The Load Configuration to Cache screen opens 2 Select a Configuration from the drop down list 3 Click OK 366 Portal User Guide Cache Manipulation Clear Cache This utility is used to swiftly clear the Eurekify Server s memory cache It is useful in the special case where you updated the configuration data for example changing permissions in the DNA and you want to make sure that anyone running the system will use the updated data Enterprise Role and Compliance Manager Home Ticket Queue Dashboards Self Service Entity Browser Reports Administration Logout AD1 EAdmin Administration gt Gear Cache Clear Caches To load a specific configuration into the Eurekify Server s memory cache 1 On the Administration menu click Clear Cache The Clear Cache screen opens 2 Click Clear Caches to clear the Eurekify Server s memory cache Chapter 15 Using
425. the links in an entity link table When you first open the CMA s Ticket Properties Form you will find that the hierarchal entities tree is collapsed The visible entity is the target of the campaign For example in a user campaign you will see a table of users Ticket Properties Form Windows Internet Explorer DER L http localhost 8080 eurekiFy tms ui wicket bookmarkablePage com eurekify tms web template Default TicketPage amp ticketId 818 v Campaign Manager Approver Ticket Id 818 Owner Katz Nancy DOMAIN Previous Owner Status pending Action Due Date 15 01 2009 00 00 00 Priority Normal lt Severity Medium State Open Modified Date 11 01 2009 14 06 52 Date Created 21 12 2008 12 28 40 Title Description User Certification Katz Nancy Resource certification User Certification Katz Nancy Resource certification Close Save and Reassign Hide Selected Reassigned From Approver Progess 0 40 0 1w X T Progress Violations PersonID UserName Organization OrganizationType Comment Taskoni Bob 97847110 Taskoni Bob Silicon Valley Branch Branches E Ez Yoham Anne 93872110 Yoham Anne Silicon Valley Branch Branches Katz Nancy 97373330 Katz Nancy Silicon Valley Branch Branches E Kistor Steve 93988710 Kistor Steve Silicon Valley Branch Branches Attachments Comments Add Attachment View Transaction Log La Internet
426. the selected users More information Customizing a Data Table see page 22 Filtering a Data Table see page 24 Setting the Number of Records Per Page see page 23 Presenting the Currently Enrolled Roles Table Manage My Roles Screen This section allows you to manage the current roles enrollment for your selected users The options available to you depend on how many users you have selected for the current action In the case of single user selection click Get Roles You will now be able to view the list of roles linked to your selected user Currently Enrolled Roles Add Remove Role Name Description Type Organization Rule Owner BASIC ROLE Basic role for all users that have Org Role Enterprise No Rule 82922230 access to IT Organization Database Characteristic Role 100 0 Min Database Organization Database Administrators Administrators Administrators Title DB Developer Characteristic Role 50 Org Role Title DB Developer Title DB Developer 77371120 99883135 40 Org Role 212 Portal User Guide Manage My Team s Role Assignments In this case the only option available to you in this section is to select the Remove check box next to a role thereby severing the link between the user and the selected role If you choose more than one user the Currently Enrolled Roles table will present an additional column Enrollment Currently Enrolled Roles Remove Enrollment Role N
427. ticket generated by the Eurekify portal during the third stage of the Add New Role Approval Process While the Approval Root ticket controls the lifecycle of the whole tree the New Role Request Parent ticket controls the lifecycle of the approver ticket generated during the third stage of the Approval The ticket s type is the same as the Approver ticket below it but it is intended to be a management ticket The ticket owner in this case is the role manager Ticket Properties Form Windows Internet Explorer DER e http localhost 8080 eurekify tms ui wicket bookmarkablePage com eurekify tms web template Default TicketPage8ticketId 2224 N Link User Role Ticket Id 2224 Owner Cooper Amos DOMA Previous Owner Status In Progress x Due Date 11 02 2009 00 38 36 Priority Low lt Severity Minimal State open Modified Date 02 02 2009 00 06 52 Date Created 01 02 2009 00 38 36 Title Request to add user to role association role Corporate Security user 89213720 Description Request to add user to role association role Corporate Security user 89213720 Request was submitted on Universe Portal from Add Role lt lt Less Details onfiguration Name Model2_ConfigWithRoles Person ID 89213720 Role Name Corporate Security Approval Process Result Add Comment Add Attachment View Transaction Log View Parent View Initiators View Children gt gt View User View Role ir K
428. tion TMS stands for Ticket Management System Tickets are work items used to track information run jobs or notify users of events Tickets are generally not removed from the system except when you click Cancel Process They are archived Tickets should be considered undeletable But nevertheless in extreme circumstances it s possible to delete all the system tickets Important We highly recommend that you back up your system before deleting the system ticket and or ticket types Administration gt 7MS Administration MS Administration Page Delete All Tickets Delete All Tickets and Ticket Types 378 Portal User Guide System Checkup The TMS Administration utility provides you with two options Delete All Tickets Delete All Tickets and Ticket Types Click Delete next to the serviced that you want to run When completed a message appears MS Administration Page Delete All Tickets Delete All Tickets and Ticket Types Delete All Tickets succeeded More information Tickets and the Ticket Queue see page 69 System Checkup System checkup is an administrative tool that allows you to examine whether certain processes are working correctly At this time you can only check whether the Eurekify Portal s SMTP process is working correctly Enterprise Role and Compliance Manager Home Ticket Queue Dashboards Self Service Entity Browser Reports Administration Administration gt System Checkup SMTP Ch
429. tities listed within When you click on the campaign ticket title the top level of the campaign tree the Ticket Properties Form opens in a separate browser window Ticket Properties Form Windows Internet Explorer DER 7 http localhost 8080 eurekify tms uij wicket bookmarkablePage com eurekify tms web template DefaultTicketPagesticketId 465 i Campaign Ticket Id 465 Owner Eurekify Admin AD1 Previous Owner Status pending Action v Due Date 01 01 2009 00 00 00 Priority Normal Severity Medium lt State open vi Modified Date 16 12 2008 18 41 40 Date Created 16 12 2008 18 37 42 Title User Certify Dec 2008 User Certification Description User Certification Campaign for the end of 2008 Universe Portal Campaign Type USER Auto Generate Permissions true Configuration Model2_ConfigWithRoles Link Filter Direct Dual Audit Card Entity Filter No Filter Attachments Comments Campaign Management Start Campaion E 7 Acie _ Start Approval Processes View Campaign Progress Send Reminder Add Attachment View Transaction Log View Children gt gt internet 100 104 Portal User Guide Info tickets Campaign Ticket data and general functions Provides the ticket and campaign information This section also provides several high level functions such as Close Save Ticket Properties Form Windows Internet Explorer DER 7 http localhost 8080 eurekify tms uif wicket bookmarkablePa
430. to access data connected with the info ticket More information Add Comment see page 87 Add Attachment see page 89 View Transaction Log see page 90 View Parent see page 163 View Initiators see page 162 Chapter 9 Approval Process Tickets 191 Chapter 10 How to Use Dashboards Dashboards use graphs and charts to provide a useful overview of role based configurations and the results of statistical and rule based analysis There are three standard dashboards The Configuration Dashboard describes the connections between users roles and resources in a selected configuration universe m The Audit Card Dashboard summarizes alerts generated by statistical analysis of a configuration The Compliance Dashboard summarizes alerts generated by applying Business Policy Rules BPRs to a configuration This section contains the following topics Configuration Dashboard see page 193 Audit Card Dashboard see page 194 Compliance Dashboard see page 195 Configuration Dashboard The configuration dashboard is a portal page that provides a graphical overview of the entities users resources and roles in a specified configuration and the connections between them A graphic at the top of the page summarizes the users resources and roles in the specified configuration 23 345 268 n T a aiin 69 97 83 217 Chapter 10 How to Use Dashboards 193 Audit Card Dashboard In the configuration s
431. tomize function to select the columns fields that will appear in the tables and their order Enterprise Role and Compliance Manager Home Ticket Queue Dashboards Self Service Entity Browser Reports Administration Logout DOMAIN Cooper Amos Ticket Queue gt Open New Done Tickets Customize Refresh gt ID Title Status Children Type Received Owner Previous Owner Campaign 21 12 2008 Cooper Amos Pending 872 User Certification Cooper Amos User Review Action 19 Manager ea DOMAIN Cooper Approver aras Amos 21 12 2008 12 29 06 Eurekify Admin AD1 EAdmin Pending Action 834 E Resource certification User Certification 9 Campaign Cooper Amos The default structure of the Ticket Queue table contains the following columns Field Description gt Marks an overdue ticket Ticket ID Each ticket has a distinct ticket ID number Title The ticket title State The ticket s state Status The ticket s status Children The meaning of this number depends on the ticket type For campaign owner tickets this provides the 78 Portal User Guide Field Type Received Owner Previous Owner Ticket Tables Description number of Approvers assigned to a specific campaign For Approver tickets this provides the number of entities listed in the ticket whose links need to be reviewed Provides the ticket type Provides the date and time when the ticket was received The owner of the specific ticket Th
432. ttern User Doll Charles 89653230 Tue Jan 06 1 Out of Pattern User Helmuth Howard 83838380 UGADGEN2 Administration ROOT N UGADMGR Administration ROOT N UGAPPLDEV Administration ROOT N UGAPPLDEV Administration ROOT N UGAPPLDEV Administration ROOT N UGFINGL RACFPROD RACF22 Suspected Suspected Suspected 2 Ea Fa Fa F4 Ea Fa Fd z kd Fa Ed KZ Fd Ed T Fa Fa id id Tue Jan 06 1 Tue Jan 06 1 Tue Jan 06 1 334 Portal User Guide Out of Pattern User Out of Pattern User Out of Pattern User Allen Sherman 99883135 Joe Dassin 99883136 Katz Nancy 973733301 UGMPBR RACFPROD RACF22 UGMPBR RACFPROD RACF22 UGMPBR RACFPROD RACF22 Adding Campaigns You can take advantage of Audit Cards and utilize them during a certification campaign by providing the name of the Audit Card in the Add Campaign screen In this case the Audit Card provides a kind of overlay over the entities being certified enabling the display of the current violations The campaign entities are matched with the violations in the selected Audit Card and for each such entity or link that is found to have a violation associated with it the campaign presents the entity or related entity in case of link in red and the number of violations is displayed in red as well in the Approver ticket s entity link table in the Violations column Save Save and Reassign Hide S
433. ty Organizational Role 54672910 Role provid 892137204 4546729104 912363704 89123140 848473104 Parent Roles To Add Organization IT Security R urces To Add public UNXMARKT Solaris26 PUBLIC RACFPROD RACF22 UGMTSYS RACFTEST RACF22 4 Approval Process Result Click Continue to go to the next stage of the Add New Role Approval Process More information Filtering a Data Table see page 24 Select Accountable Ticket General Functions see page 288 Chapter 12 Role Definition Tickets 287 Add New Role Ticket Tree Select Accountable Ticket General Functions 288 Portal User Guide The Select Accountable Task ticket for the Self Service Request Add New Role task provides the following General functionality Close Closes the ticket Save Saves the changes made to the ticket Delegate Transfers the ticket tree to another manager Escalate Transfers the ticket tree to another manager Select Accountable Provides the new role s accountable After an accountable is selected the Continue button is enabled Continue This button is disabled until an Accountable is selected Click to continue to stage 2 of the Add New Role Approval Process More information Delegate see page 157 Escalate see page 154 Select Accountable Function see page 286 Add New Role Ticket Tree Select Accountable Ticket Advanced Functions The Select Accountable Task ticket for the Self Service Request Add N
434. u can access the following Online and telephone contact information for technical assistance and customer services Information about user communities and forums Product and documentation downloads CA Support policies and guidelines Other helpful resources appropriate for your product Provide Feedback If you have comments or questions about CA product documentation you can send a message to techpubs ca com If you would like to provide feedback about CA product documentation complete our short customer survey which is also available on the CA support website found at http ca com support CA Product References This document references the following CA products CA Eurekify Role amp Compliance Manager m CA Identity Manager Contents Chapter 1 Introduction 13 About This Guide 1104 iccuiecvheceseaess ieee c ese cacao ee eee eyeeee ices eases sesso eeeeeeaes 14 AEL Iela aeearct pete Rec rae ee ee Ne ee ee E E 15 Typical ProceSSES 2 4 2604044545 Abo 545 4440S FESS AEEEEE ES AEE GRE ta dadada ta de EE ERERERERERDE ERE EE h 15 Opening the Eurekify Portal o nats ae teen elnw ann eta S nang wee eee SS 17 Chapter 2 Using The Eurekify Portal Interface 19 User Ust de ee TTT 19 General Features 6 22424 454445 4645 A GEESE GEES BERS REARS EET EEE BREE IES 20 D ta Table Features ss asec seus RR REER we tase whee we dune tee ves eee eho tee ee ee ee 21 The Entity Cards 3 596444544444 56445444485 4594 84484648
435. u sure you want to delete lt Universe gt 2 Click Yes to delete the universe Chapter 15 Using Administration Functions 345 Setting Connectors Setting Connectors 346 Portal User Guide Connectors are defined for specific converters which are service programs necessary for importing and exporting user and user privileges information entities and the links between them from corporate security systems into CA Eurekify Role amp Compliance Manager Import Export processes can be performed either from the Eurekify Sage DNA Data Management DM client tool or through the Eurekify Portal User and user privileges information can be imported directly into Eurekify Sage by using the Import option on the CA Eurekify Role amp Compliance Manager Sage DNA Data Management DM menu bar see Chapter 2 in the CA Eurekify Role amp Compliance Manager Sage DNA Data Management manual This option enables importing Active Directory CSV RACF or SQL files into Eurekify Sage by creating a communications link to the downloading production server Eurekify Sage database files are simple text files However Eurekify Sage converters ensure that imported files will adhere to Eurekify Sage file format rules The DM module provides a number of converters Each converter supports a specific type of data source There are three basic types of data sources Platform specific These converters enable the download upload of information stored in th
436. u wish to take you may find that after selecting the appropriate check boxes in this section you have completed the task In this case you can ignore the Other Resources and submit your requests by clicking Submit at the bottom of the Manage My Resources screen To make selections in the Currently Enrolled Resources table in the Currently Enrolled Resources table click the relevant check boxes in the Remove column At this point you can choose to End the process at this point m Add resources If you do not want to add new resources submit your requests Manage My Resources Presenting the Other Resources Table Manage My Resources Screen Other Resources Showing 1 to 10 of 74 4 412345678 Add Img o Customize Find Resources Test Compliance Suggest Resources This section allows you to enroll in additional resources of your choice The actual enrollment will take place following a review process In addition to managing the resources that you are currently linked to you can also request that the system provide you with a list of recommended resources for yourself This list of resources will be displayed in the section Other Resources Res Name 1 Res Name 2 Res Name 3 UGMTSYS RACFTEST RACF22 UGSYS TSSCREDIT TSS50 TESTDEV RACFTEST RACF22 UGMPMINI RACFPROD RACF22 UGADGEN1 Administration ROOT NOVELADM Novel4 UGSAPPUR SAPPROD SAPR3 secmgr UNXMARKT Solaris26 UGADGEN2 Administration ROOT NOVEL
437. uest was submitted on universe 2 from 3 request to delete resource 1 from user 0 is already in process the request to delete resource 1 from user 0 is already in process request was submitted on universe 2 from 3 request to add role 0 to role 1 rejected request to add role 0 to role 1 failed the request to add role 0 to role 1 was rejected request was submitted on universe 2 from 3 Field changeapproval child add role role info descripti on failed errcode changeapproval child add role role notification t ile errcode changeapproval child add role role notification description errcode changeapproval child remove role role info title rejected errcode changeapproval child remove role role info title failed errcode changeapproval child remove role role info description rejected errcode changeapproval child remove role role info description failed errcode changeapproval child remove role role notificati on title errcode changeapproval child remove role role notificati on description errcode changeapproval child add role resource info titl e rejected errcode changeapproval child add role resource info titl e failed errcode changeapproval child add role resource info description rejected errcode changeapproval child add role resource info des cription failed errcode changeapproval child add role resource notificat ion title errcode changeappro
438. uggest Entity service to obtain a list of recommended entities and yet the Test Compliance utility will find that the suggested links are in violation of system BPRs The reason is that the Suggest Entity service is based on analytical pattern based technology while the Test Compliance utility examines the rules written by the system s administrators rules that may or may not override the findings of the analytical pattern based examination of the corporation s configuration files For example the system may find that under certain conditions a specific application role is recommended for a group of users and yet the Test Compliance utility will record this as a violation because the application is licensed and there are no free licenses available at this time More information Test Compliance see page 200 Suggesting Entities see page 202 Chapter 11 Running Self Service Tasks 199 General Self Service Functions Test Compliance During a Self Service provisioning task you can select to link users to roles and or resources In other screens you can assign users and resources to specific roles You also have the ability to remove links between various entities during Self Service tasks After making your selection s you can test the compliance of your selections with the existing BPRs security regulations and policies For further information on violations stemming from non compliance and other security issues see the CA Eur
439. uide Update Role Ticket Tree After the Role manager has approved the enrollment of all the users in the Approver ticket stage 2 begins and a new set of tickets is generated Stage 2 S e E Ticket eS Approval Root ticket Description This ticket is identical to other Approval Process Approval Root tickets 2 Self Service Main Request An Update Role parent ticket Parent Ticket Approver Ticket Only one An Update Role approver ticket The following sub trees are examples of possible Request sub trees for an Update Role ticket tree Ticket Approver Ticket Self Service Request Parent ticket Approver Ticket Self Service Request Parent ticket Approver Ticket Description This Role Approver ticket has been completed and is now archived A Link User Role parent ticket Only one A Link User Role approver ticket A Remove Link Role Resource parent ticket Only one A Remove Link Role Resource approver ticket Chapter 12 Role Definition Tickets 301 Update Role Ticket Tree Note If the Self Service request included removing links the sub trees generated in stage 2 will include Remove Entity Link type tickets The number of Remove Link Link User Role subtrees depends on the number of entity role requests that were originally submitted If a request was made to enroll 10 users to a role then there will be 10 Link User Role subtrees generated during the second stage of the Self Service Approval P
440. user sageUser PersonID Portal Filter31 Campaign automatic filter FILTER gt type resource A type user sageUser PersonID Model2_ConfigWi Read Access to campaign c DOC A L L L L L L L L L L L L L L L L L Portal Filter33 L Campaign automatic filter FILTER PersonID 99883136 L L L L L L L L L L L L L L L L L Demo1 Filter18 Demot Filter19 Demo Filter20 Demo Filter21 Demot Filter22 Demot Filter23 Demot Filter24 Demot Filter25 Demol Filter26 Demol Filter27 Demo Filter28 Portal Filter29 Portal Filter30 Portal Filter34 Campaign automatic filter FILTER user 99883136 Portal Filter35 Campaign automatic filter FILTER user 99883136 Portal Filter36 Campaign automatic filter FILTER user 99883136 Portal Filter37 Campaign automatic filter FILTER PersonID 64646410 Portal Filter38 Campaign automatic filter FILTER user 64646410 Portal Filter39 Campaign automatic filter FILTER user 64646410 Portal Filter40 Campaign automatic filter FILTER user 64646410 Portal Filter41 Campaign automatic filter FILTER A type role sageUser PersonID Portal Filter4 2 Campaign automatic filter FILTER gt type user A type role sageUser PersonID Portal Filter43 Campaign automatic filter FILTER gt type resource A type role sageUser PersonID Portal Filter44 Campaign automatic filter FILTER gt type role A type role s
441. users have different needs and system usage The Eurekify Portal has a comprehensive Role based security and permissions structure aimed at ease of use on one hand and maintaining appropriate security on the other hand This chapter discusses the Eurekify Portal s security issues and solutions both on the general level and on the user level This section contains the following topics Security see page 381 Permissions see page 384 Software security is intended to prevent both unintentional and malicious harm There are various ways of achieving this goal This section presents the Eurekify Portal s solutions for specific security issues This section covers the following topics Turning security on or off Authentication settings Encryption More information Turning Security On Off see page 382 Authentication Settings see page 383 Encryption see page 383 Chapter 16 About Security amp Permissions 381 Security Turning Security On Off 382 Portal User Guide Software security can have one of two default positions Default Deny Under these conditions everything not explicitly permitted is forbidden While it may improve security it does so at a cost in functionality Default Permit Everything is permitted The advantage of this kind of security operation is that it allows greater functionality and it may be adequate for the initial phases of setting up and testing the system By defau
442. val child add role resource notificat ion description errcode Code tkt018 tkt019 tkt020 tkt021 tkt022 tkt023 tkt024 tkt025 tkt026 tkt027 tkt028 tkt029 tkt030 tkt031 tkt032 Eurekify Sage Error Messages Description the request to add role 0 to role 1 failed request was submitted on universe 2 from 3 request to add role 0 to role 1 is already in process the request to add role 0 to role 1 is already in process request was submitted on universe 2 from 3 request to delete role 0 from role 1 rejected request to delete role 0 from role 1 failed the request to delete role 0 from role 1 was rejected request was submitted on universe 2 from 3 the request to delete role 0 from role 1 failed request was submitted on universe 2 from 3 request to delete role 0 from role 1 is already in process the request to delete role 0 from role 1 is already in process request was submitted on universe 2 from 3 request to add resource 1 to role 1 rejected request to add resource 0 to role 1 failed the request to add resource 1 to role 0 was rejected request was submitted on universe 2 from 3 the request to add resource 1 to role 0 failed request was submitted on universe 2 from 3 request to add resource 1 to role 0 is already in process the request to add resource 1 to
443. ver ticket supplies you with all the data you need to make the decision whether to approve or reject the request The Role Approver ticket also provides you with the required functionality to assist you in the process Chapter 12 Role Definition Tickets 291 Add New Role Ticket Tree More information Self Service Request New Role Parent Ticket see page 294 Self Service Request New Role Approver Ticket see page 297 Approve see page 183 Reject see page 184 Role Approver Tickets General Functions see page 292 Role Approver Tickets Advanced Functions see page 293 Role Approver Tickets General Functions 292 Portal User Guide The Role Approver ticket provides the following General functionality Close Closes the ticket Save Saves the changes made to the ticket Delegate Transfers the ticket tree to another manager Escalate Transfers the ticket tree to another manager Consult Allows you to request a consult from one or more managers When you activate this service a View Consult Results button appears in the Advanced functions section of the Ticket Properties Form Approve Approve the Self Service request In this case this leads to the second stage of the Approval Process where the user review Approval Process sub trees are generated and the Approver tickets are sent to the user managers Reject Reject the Self Service request Note It is important to remember that when reviewing a Role Ap
444. wner Type The ticket type Status The ticket status Title The ticket title Comments The last comment added to this ticket To view a ticket s children tickets 1 Click Advanced at the bottom of the Ticket Properties Form screen 2 Click View Children A table opens at the bottom of the Ticket Properties Form screen The View Children gt gt button becomes the lt lt Close Children button 3 Optional Click Select in the Action column to navigate to the ticket listed in that row The selected ticket opens in a separate browser window 4 Click Close to close the selected ticket 5 Click Close Children to close the ticket children table 164 Portal User Guide View Entity Advanced Approval Process Ticket Functions The purpose of the Approval Process is to review the rejected links recorded during the original campaign run This task is performed by the various entity managers An important aid to this is the ability to view the link s entity cards during the approval process View Entity opens the entity s card in a separate browser window http localhost 8080 eurekify portal userBrowser configurationName Model2_ DER Z http localhost 8080 eurekiFy portal userBrowser configurationName Model2_ConfigWithRoles amp personId 9383387 Y Enterprise Role and Compliance Manager lt ITY Free Georgia 93833870 Configurtion Model2_ConfigWithRoles Person ID 93833870 Name Free Georgia O
445. word for admin user incorrect password for batch user failed to authorize user 0 the user does not exist in 1 configuration an error has occurred for more information please view the log file to relogin please click here error conflicts in the master configuration login field found 0 duplicate logins please review could not load bpr file 0 proceeding without no bpr file defined proceeding without no universes available error starting approval process description field is required no user is selected no requests made missing raci configurations error getting raci configurations missing accountable for 0 raci error for 0 error fetching connector object 0 error fetching connector object request to delete role 1 from user Chapter 17 Troubleshooting 395 Eurekify Sage Error Messages Field rejected errcode changeapproval child remove user role info title failed errcode changeapproval child remove user role notificati on title errcode changeapproval child add user resource info titl e rejected errcode changeapproval child add user resource info titl e failed errcode changeapproval child add user resource info description rejected errcode changeapproval child add user resource info description failed errcode changeapproval child remove user resource info title rejected errcode changeapproval child remove user resource info title failed e
446. y com Developer Branch Deer Alex Fifth Ave Branch Branches 91238730 company com Officer Clerk Goid Wiliam Human Resources Corporate 84847310 company com Psychologist Fifth Ave Branch Branches 8912347N comnanv com Branch _ v LE internet 1i00 7 142 Portal User Guide Auditing Links The screen is divided into of two sections m Users Filter List of possible approvers The list of users provided in this screen is governed by the following property tms campaign entity Certification reassign filter GFilter specific filter Once you select the user to whom you intend to reassign the link the gt Taskoni Bob 97847110 Taskoni Bob SOT 7 Yoham Anne Roles 3 E Resources 6 4 X d Namel Name2 Name3 Violations UGSILVMGR NTSILV WinNT i i RC Silicon V br Manager NTSILV WinNT Manager ugrkgen1 UNXMARKT Solaris26 Marketing LU LU Marketing Sun Server UNXMARKT Solaris26 Server o aa MS 2003 WinNT MS officed o e mail outlook WinNT MS email o UGMPBR RACFPROD RACF22 Production RACF UGTELSILV TSSCREDIT TSS50 Top Secret on MVSCREDIT outlook WinNT MS email RACFPROD RACF22 TSSCREDIT TSS50 You can view the reassignment details in a ToolTip that appears when you move the pointer over the md icon E Resources 6 4 X d Namel Name2 Name3 Violations Description Managerid owner gt UGSILVMGR NTSILV WinNT Silicon V br Silicon V br Manager Manager Marketing Sun
447. y1 name Entity2 Entity2 name For example Request to remove user to resource association resource UGMPMRK RACFPROD RACF22 Production RACF user Garr Jim 77371120 Description A description of the ticket It includes the details of the request Request was submitted on Universe Universe name from Campaign Title For example Request to remove user to resource association resource UGMPMRK RACFPROD RACF22 Production RACF user Garr Jim 77371120 Request was submitted on Universe Portal from User Review Use this ticket s functionality when you wish to transfer the specific link s sub tree to the management of another user or to cancel this specific review You can use the options in the ticket s Advanced section to access additional information concerning the current ticket and the rest of the tickets in the tree More information The Ticket Properties Form see page 83 Chapter 9 Approval Process Tickets 173 Rejected Link Parent Ticket Rejected Link Parent Ticket General Functions 174 Portal User Guide The Rejected Link Parent ticket provides the following General functionality Close Closes the ticket Save Saves the changes made to the ticket Delegate Transfers the ticket tree to another manager Escalate Transfers the ticket tree to another manager Cancel Process Allows you to manually stop the Approval Process at any stage More information Delegate see page 157 Escalate see
448. you with both data and functionality The top part of the screen is always the same and contains the ticket information Field Description lt Ticket The type of ticket you are viewing appears in the screen s Title gt first line Ticket ID Each ticket has a distinct ticket ID number Owner The owner of the specific ticket The functionality of the ticket changes according to who is viewing the ticket Only the owner will have access to all the functions available for the specific ticket type Previous During campaigns or approval processes tickets may be Owner delegated escalated to other managers If a ticket was sent to the owner from another user that user s name not the current owner appears in this field Status Provides the ticket status Due Date Each ticket has a due date by which the action s ascribed Chapter 6 Tickets and the Ticket Queue 83 The Ticket Properties Form 84 Portal User Guide Field Priority Severity State Modified Date Date Created Title Description Description to the ticket have to be performed Shows the current priority level The available options are m Low Normal m Rush m Critical Shows the current severity level The available options are a Minimal Medium m Serious m Urgent m Critical Shows the current ticket s state The possibilities are m New m Open ma Hidden m Done m Archived m Canceled Shows the date and time when the content
Download Pdf Manuals
Related Search