Portal User Guide
Contents
1. 226 Portal User Guide Manage My Team s Resources In this case the only option available to you in this section is to click the Remove check box next to a resource thereby severing the link between the user and the selected resource If you choose more than one user the Currently Enrolled Resources table will present an additional column Enrollment Currently Enrolled Resources Add RemoveEnrollment Res Name 1 Res Hame 2 Res Hame 3 Description ManagerID Owner Location 1 4 25 PUBLIC RACFPROD RACF22 RACFPROD RACF22 Production RACF 77292450 Irvine CA UGADGEN1 Administration Active Directory O 1 4 25 ROOT NOVELADM Novel4 Admini UGADMGR Administration Active Directory D 1 4 25 ROOT NOVELADM Novel Manager 1 4 25 UGHR RACFPROD RACF22 RACFPROD RACF22 Production RACF 77292450 Irvine CA San Mateo CA San Mateo CA San Mateo CA NOVELADM Novel4 67283470 Portland OR NOVELADM Novel4 67283470 Portland OR 3 4 75 e mail outlook WinNT outlook WinNT MS email 91236370 3 4 75 office2003 2003 WinNT 2003 WinNT MS office2003 91236370 1 4 25 public UNXMARKT Solaris26 UNXMARKT Solaris26 Marketing Sun Server 89123140 Chapter 10 Running Self Service Tasks 227 Manage My Team s Resources 228 Portal User Guide In the case of multiple user selection you can m Click the Remove check box next to a resource thereby severing the link betwee2. Mandatory Fields User Interface Fields marked with an asterisk are mandatory Attempting to go to the next stage of a process without filling in these fields causes an error message to be displayed next to each vacant field Create New Import Import client name Description Universe Settings XML file Mapping XML file Enrichment settings file Remote system login password Max duration time seconds Connector Java Class Workflow process name Ticket Type Priority Severity Choose One X ee missing name field GENCSTOO 1 missing description field GENCSTO02 missing universe field GENCST004 was unable to find the settings XML file null GENCSTO05 was unable to find the settings XML file null GENCSTO05 missing password field GENCST008 error parsing MaxDuration field please use integer values GENCSTO10 Choose One Choose One Choose One X SAGE Medium X missing connector client class to use GENCSTO11 missing Work flow Process GENCSTO 12 missing ticket type GENCST013 Note The sentences in red are error messages Data Table Features When appropriate the Eurekify Portal displays data in table format data table This is true for entity for example user role resource data and for tickets that are generated as you work with the Eurekify Portal There are several features that repeat themselves for most of the data tab
3. Novell Title Organizati Stamford Branch 40 Organization IT Security Organization Fifth Ave Branch 40 Organizati Finance HR Application Add Role Name Description Matching Rights HR Pattern Privileges Pattern Matching Rule Details e aaisa Role 100 0 Min 4 1 1 1 1 1 Details fo Title Operator Characteristic Role 50 1 1 Organization Human Characteristic Role 85 7 Min Resources 40 1 1 Details polls Role 100 0 Min Details 0 Title Branch Officer Clerk Characteristic Role 50 l Details ondekt Role 100 0 Min Details e Role 100 0 Min Details Title Branch Manager Characteristic Role 50 Details Dagang Role 40 0 Min Details Accountant Characteristic Role 50 l Details Records per page HR Find Roles Test Compliance Suggest Roles Chapter 10 Running Self Service Tasks 219 Manage My Role Assignments After making your selection s you can test the compliance of your selections with the existing BPRs and policies Violations Violations First Second Third Rule Description Score Fifth av Fifth ave Only Applicative role people from Fifth oy poopie 100 Role By 2 Ave alowed in Ave Roles Resources Fifth Ave Roles Herman Barbara 64646410 You can decide to make the request despite any violations or you can amend your selections To link to additional roles 1 In the Manage My Roles screen s
4. Approver Progess 0 13 0 1 X d progress Violations PersonID UserName Organization OrganizationType Comment E oO Z1 Sterling Kent 86023090 Sterling Kent Human Resources Corporate Ef E o 78 Bean Frank 99883110 Bean Frank Purchasing Corporate E aoe e Chapter 4 Showcasing the Eurekify Portal 51 Running a Campaign A Case Study Allen has two users listed in his ticket Nancy selects the Reassign gt check box located next to both users and clicks Save and Reassign The Find Reassign Users screen opens Browse Tickets Windows Internet Explorer re http flocalhost 8080 eurekiFy tms ui wicket interface 9 3 Find Reassign Users Where Organization X contains Silicon Valley Branch and Where Choose Field contains and Where Choose Field N contains UserName Organization OrganizationType Email i Title Katz Nancy Silicon Valley Branch Branches 97373330 company com Branch Manager Kistor Steve Silicon Valley Branch Branches 93988710 company com Branch Officer Clerk Yoham Anne Silicon Valley Branch Branches 93872110 company com Branch Officer Clerk Katz Nancy Silicon Valley Branch Branches 97373330 company com Branch Manager Yoham Anne Silicon Valley Branch Branches 93872110 company com Branch Officer Clerk Kistor Steve Silicon Valley Branch Branches 93988710 company com Branch Officer Clerk TaskoniBob Silicon Valley Branch Branches 97847110 company com Branch Officer Clerk Silicon
5. user 938721 10 Permissions The following columns provide important information when the resource s type is Filter Res Name 1 The resource name Res Name 2 The Universe name Res Name 3 Filter number Description A description of the filter Type The resource s type Filter1 A Gfilter For example gt type role A type user sageUser PersonID More information Gfilters see page 375 Gfilters This section explains the syntax of the filter used in the Filter type resources The filtering is based on LDAP filtering of Sage entities The Sage LDAP filter is designed implicitly define a set of Sage entities users roles or resources The filter is based on the standard LDAP filter format with some minor adjustments Chapter 14 About Security amp Permissions 375 Permissions Filter Format 376 Portal User Guide The filter format relies on the LDAP pre fix filter The filter is constructed from an expression which in turn may be constructed from sub expressions Each expression should by surrounded by round brackets and should represent a set of Sage entities The simplest form of expression is a pair of a Sage entity field name and a regular expression representing desired values with an equality sign between them For example Location Cayman or PersonID 86 Another simple form of expression is Location gt Cayman which will bring users whose Location fi
6. DOMAIN Cooper Cooper Amos Amos DOMAIN Herman Herman Barbara Barbara 74 176 42 0 200 0 DOMAIN LeviJay Levi Jay 0 63 0 DOMAIN Schwarts Schwarts Barry Barry 0 18 0 IBMR50 Kistor Steve Kistor Steve 13 13 100 a internet 100 The information in this screen lets Nancy know how much progress has been made by the campaign s approvers More information View Campaign Progress see page 123 56 Portal User Guide Running a Campaign A Case Study Sending Reminders to the Approvers As the campaign s due date nears Nancy decides to send reminders to the Approvers who have not yet started reviewing their Approver tickets In the campaign owner ticket Nancy clicks Send Reminder The Send Reminder screen opens in a separate browser screen Send Reminder Windows Internet Explorer SEE 7 http flocalhost 8080 eurekify tms uif wicket bookmarkablePage popuppagemap_ViewSendl Y ow Send reminder when progress ig equal to 0 x ote a comment containing the sent mail summary will be added to the ticket Send Mail CE internet R100 Chapter 4 Showcasing the Eurekify Portal 57 Running a Campaign A Case Study Nancy selected the option equal to 0 and clicks Send Mail All the Approvers who have not yet begun to approve reject the links in their approver tickets will receive email notification When the process is completed a comment is generated by the system
7. Main Parent Ticket General Functions Role Definition The Role Definition Main Parent ticket provides the following General functionality Close Closes the ticket Save Saves the changes made to the ticket Delegate Transfers the ticket tree to another manager Escalate Transfers the ticket tree to another manager Cancel Process Allows you to manually stop the Approval Process at any stage More information Escalate see page 154 Delegate see page 157 Cancel Process see page 170 Chapter 11 Role Definition Tickets 271 Role Definition Main Request Parent Ticket Main Parent Ticket Details Section The More Details gt gt and lt lt Less Details buttons located below the general function buttons toggle between showing additional data and hiding the same data The type of data available is the same whether the ticket is an Add Role main parent ticket or an Update Role main parent ticket The content of the fields depends on the original Role Definition task being processed Delegate Escalate Cancel Process lt lt Less Details onfiguration Name Model2_ConfigWithRoles DOMAIN Cooper Amos Corporate Security Rule Organization2 Organization Type Owner Description Organization34 Organization IT Security null null Enterprise IT Security Organizational Role 54672910 Role provides resources to use 892137204 754672910 4912363704 7891231404 84847310F1F Organization IT Security
8. Model2_ConfigWithRoles BASIC ROLE Enterprise Org Role 82922230 No Rule Basic role for all users that have access to IT 45489940 Organization2 Enterprise Organization3 Corporate Create Date Approval Date 09 05 2007 10 36 00 Approval Status Approved Expiration Date Showing 1 to 10 of 66 4 41234567 Person ID Organization Type 45489940 Steiven Pat System Management Corporate 47868650 Moris Bill System Management Corporate 52656727 Rodman Adam System Management Corporate 54672910 Cooper Amos IT Security Corporate 57644540 Alex Patrick Application Development Corporate 58723810 Miles Buyer Purchasing Corporate 64646410 Herman Barbara Operations Corporate 65656540 Pheonix Wiliam Application Development Corporate 67283470 Angel Ben System Management Corporate 67565330 Schwarts Barry Human Resources Corporate Customize Filter Chapter 2 Using The Eurekify Portal Interface 31 User Interface The Role Card includes separate lists under discrete tabs of the following linked information in table format Users Provides a list of all the users linked to this role Resources Provides a list of all the resources linked to this role Sub Roles Provides a list of sub roles This is a hierarchal link of the type role to role Users who are members of the parent role the current role are automatically members of the sub role listed in this table and therefore provisioned with all the sub role s privileges Parent Rol
9. Over time as the various users respond to the request for a consultation by approving the request to delete a link or rejecting it the table shows the various responses http localhost 8080 eurekify tm BAR http flocalhost 8080 eurekify tms ui wicket bookmarka Y View Consult Results Action Counter No Answer 1 Approve 3 Reject 1 Close E internet R 100 Click View Consult Results to view the View Consult Results screen in a separate browser window Click Close to close the browser window 188 Portal User Guide Approval Process Info Tickets Approval Process Info Tickets When specific Approver ticket s owner completes an approval process that is the designated Approvers approved or rejected a request to sever a link between two entities all the users connected to the process are informed of the decision The Eurekify Portal sends a ticket to inform the concerned parties that a change has taken place regarding a specific link The users who will receive this ticket are The Approvers entity managers who approved or rejected the link The Campaign Manager m When the reviewed link involves a user then the user is informed of the change All the info tickets for a specific event provide the same information and functionality independent of who receives them The ticket is marked by the icon b After it is opened the icon changes to O Enterprise Role and Compliance Manager
10. Received X 16 12 2008 22 58 41 Owner Note Eurekify Admin The Approvers have not begun Chapter 7 Running Campaign owner Tickets 111 General Campaign Ticket Functions This section also provides the following functions Close Closes the Ticket Properties Form browser window Save Saves any changes made to the campaign ticket Delegate Allows you to delegate the campaign to a more junior manager Once this is done the campaign ticket will be relocated to your Ticket Queue archive Escalate Allows you to transfer the campaign to a more senior manager Once this is done the campaign ticket will be relocated to your Ticket Queue archive Delegating a Campaign This function allows you to delegate the campaign to another administrator Once you have selected the new campaign administrator the campaign s ticket is archived and will no longer appear in your list of active tickets When a campaign is delegated a new root ticket is generated with the new owner listed in the Owner field and the administrator who delegated the campaign is listed in the Previous Owner field 7 http flocalhost 8080 eurekify tms ui wicket bookmarkablePage com eurekify tms web template Default TicketPage amp ticketId 834 K Campaign a Ticket Id 834 Owner Cooper Amos Previous Owner Eurekify Admin AD1 Status pending Action Due Date 15 01 2009 00 00 00 Priority Normal Severity Medium State Open E
11. jpdated Value Organization IT Security null null Enterprise IT Security Organizational Role 54672910 Role provides resources to users who are invoh sers To Add 892137204 7546729104 91236370F 1489123140 784847310414 d Roles To Add arent Roles To Add Organization IT Security ources To Add public UNXMARKT Solaris26 PUBLIC RACFPROD RACF22 UGMTSYS RACFTEST RACF224 s To Remove Child Roles To Remove Parent Roles To Remove Resources To Remove Approval Process Result Role Fields Rule Organization2 Organization Type Owner Description Organization IT Security null null Enterprise TT Security Organizational Role 54672910 Role provides resources to users who are involved with security Resources To Add Parent Roles To Add 89213720 public UNXMARKT Solaris26 Organization IT Security 54672910 PUBLIC RACFPROD RACF22 91236370 UGMTSYS RACFTEST RACF22 89123140 84847310 Add Attachment View Transaction Log View Initiators View Children gt gt lt gt v Chapter 11 Role Definition Tickets 269 Role Definition Main Request Parent Ticket In this section you will find information specific to the Request Parent tickets generated for Self Service provisioning requests lt Ticket Title gt According to source of the request either Add Role or Update Role Title Title Role For example New Role Corporate Security Description Description Role For example Update Role Organization Marketi
12. public UNXMARKT Solaris26 PUBLIC RACFPROD RACF22 UGMTSYS RACFTEST RACF224 Parent Roles To Remove Resources To Remove Approval Process Result Organization2 Organization Type Owner Description Enterprise IT Security Organizational Role 54672910 Role provides resources to users who are involv Resources To Add Parent Roles To Add public UNXMARKT Solaris26 Organization IT Security PUBLIC RACFPROD RACF22 UGMTSYS RACFTEST RACF22 The Role Fields table refers to the role s rules This table will have content only when a new role included a rule or when a rule is added changed during an update role process As the first step in any role definition approval process is to allow the role manager to approve the links added to the role the Role Links table provides a list of the entities that were listed as Add requests in the Requests table Requests to remove links are processes separately This table provides lists for each possible entity m Users to add m Resources to add m Parent roles to add Children roles to add If any of the options are empty it will not appear in the table This section is informational only Note You cannot access any of the entity cards for the entities listed here 272 Portal User Guide Role Definition Main Request Parent Ticket Main Parent Ticket Advanced Functions Role Definition The Role Definition Main Parent ticket provides the following Advanced functionality Add Comment
13. Click Refresh to update the ticket list displayed on screen Administrator View User View Administrator View User View The Admin View User View button allows you to toggle between two views of the Ticket Queue User View The standard Ticket Queue features available to all users dependent on their permissions Admin View Allows you to view all the campaign tickets in the system even those that were created by other managers The Admin View option is only available to the super administrator The buttons will only appear for users that are linked to the role defined in Eurekify properties as the system administrator role The default out of the box option is sage admin role Eurekify Admin Role More information About Security amp Permissions see page 369 Eurekify Properties see page 397 Chapter 6 Tickets and the Ticket QUeue 83 The Ticket Properties Form The Ticket Properties Form When you click on a ticket listed in the ticket queue the Ticket Properties Form for that ticket opens in a separate browser window The content of this screen depends on the type of ticket you are viewing Ticket Properties Form Windows Internet Explorer 7 http localhost 8080 eurekify tms ui wicket bookmarkablePage com eurekify tms web template DefaultTicketPagesticketId 465 Campaign Ticket Id 465 Owner Eurekify Admin AD1 Previous Owner Due Date 01 01 2009 00 00 00 Priority Normal x Severity Medium
14. Delete Pending Link User Action ere 19 01 2009 Rami Sas 23 11 22 Herman Barbara Eurekify Rami When the escalated ticket is viewed in the Approval Process owner s Ticket Queue when applicable the old ticket and the new ticket create a new sub tree within the original Approval Process tree in which the original ticket Status is set to Escalated is the parent ticket Ticket Queue gt Open New Done Tickets gt D Title State Status Children Type Received Owner Pending 2 Approval 19 01 2009 Action Root 18 24 11 gt Pending 2 Approval 19 01 2009 Action Root 18 16 38 gt Approval 19 01 2009 Root 17 47 30 Request to remove user to role association Delete 19 01 2009 Cooper Amos gt AS role Organization Database Administrators Open In Progress Link 17 47 30 DOMAIN Cooper Characterist User Role Amos Request to remove user to role association Delete 19 01 2009 Cooper Amos gt role Organization Database Administrators New In Progress 17 47 30 DOMAIN Cooper gt FA 2 Link of Team to Role s Approval Root Request Done Cooper Amos E 2 Link of Team to Role s Approval Root Request Done Cooper Amos E tink of Team to Role s Approval Root Request New In Progress 4 Cooper Amos Characterist User Role Amos User Approval Request to delete role Delete amp Organization Database Administrators Characteristic Archived Escalated Link Role 100 User Role User Appro
15. More information Using The Eurekify Portal Interface see page 19 Presenting the Home Page see page 63 18 Portal User Guide Chapter 2 Using The Eurekify Portal Interface This guide assumes that you are familiar with CA Eurekify Role amp Compliance Manager Sage DNA and Sage Data Manager modules and know how to access them to obtain required data file names and locations and to generate necessary files For more information see the CA Eurekify Role amp Compliance Manager Sage DNA User Manual and the CA Eurekify Role amp Compliance Manager Sage Data Manager User Manual The user interface menus and options are fully described in this chapter Not all users will have full administrative privileges and therefore not all the described options will be available for all users This section contains the following topics User Interface see page 19 Menu Bar see page 35 User Interface for Non Administrators see page 39 User Interface To open the CA Eurekify Role amp Compliance Manager Portal follow the instructions in Opening the Eurekify Portal see page 17 The Eurekify Portal Home Page opens Enterprise Role and Compliance Manager eure ify Home Ticket Queue Dashboards Self Service Entity Browser Reports Administration out AD1 EAdmin State Status Children Type Received Owner E Gi Link of Team to Role s Approval Root Request New In Progress Approval ear prad E Link of Team to Role s
16. Ticket Id Due Date 1112 Owner Flag Lee DOMAIN Fia Previous Owner Status Pending Action 15 01 2009 00 00 00 Priority Normal Severity Medium lt State Hidden v Modified Date 25 12 2008 19 24 12 Date Created 25 12 2008 19 24 12 Title Description Role Certification Flag Lee Role Review Role Certification Flag Lee Role Review Reassigned From Approver Progess L 0 18 0 1S X Progress Violations RoleName Description Organization Type Comment m Active Directoty Branch Users Characteristic Role Characteristic Role 44 4 Compan Applicative E 44 4 Min 40 Min 40 i Role Fifth Ave Applicative g Branch Role Applicative IE Role 2 Fifth av Applicative role Role By 2 Resources Role By 2 Resources Active Directory Domain Users Characteristic Role Characteristic Role 100 0 ree 100 0 Min 60 Min 60 pany 128 Portal User Guide CI internet 100 Campaign Approver Tickets More information Campaign Approver Tickets see page 131 Auditing Links see page 136 Chapter 7 Running Campaign owner Tickets 129 Chapter 8 Campaign Approver Tickets This chapter is intended for users who receive Campaign Manager Approver CMA tickets When a new campaign is generated Eurekify ERCM generates Campaign Manager Approver CMA Approver tickets tickets Entity managers are assigned to a campaign as approvers based on
17. Ticket Id 2302 Katz Nancy DOMAIN Previous Owner Status Pending Action Due Date Normal Date Created 14 02 2009 21 12 38 Severity Medium v State open lt User Certification Katz Nancy First User Audit 2009 User Certification Katz Nancy First User Audit 2009 ApproverProgess eas PersonID E Roles 3 v X gt Name Organization Silicon Valley Branch Characteristic Role 100 0 Min 40 Title Branch Manager D Characteristic Role 50 BASIC ROLE Basic role D for all users that have access to IT Relationtype Direct BBB D H Resources 8 v N Namel UGSILVMGR NTSILV WinNT OO aan v br Manager D D Name2 WName3 NTSILV WinNT 1 UGSILVGEN NTSILV WinNT Silicon V br br User General NTSILY WinNT 1 Yoham Anne 93872110 Katz Nancy 97373330 0 40 0 UserName Organization Silicon Valley Branch Yoham Anne Katz Nancy Description Characteristic Role 100 0 Min 40 Org Role Characteristic Role 50 Basic role for all users that have access to IT Org Role Org Role Direct Direct Silicon Valley Branch Type Organization Rule Silicon Valley Branch Title Branch Manager Enterprise Violations Relationtype Description Steon V br Manager Siicon V br br User General Comment S
18. lt checkPermission gt true lt checkPermission gt lt tag gt lt tag id PrivilegesStatisticsReportForRoles gt lt type gt report lt type gt lt label gt Privileges Statistics For Roles Report lt label gt lt data gt com eurekify web reports parameters universeconfigurationreports PrivilegesStatistics ForRolesParametersPage lt data gt lt checkPermission gt true lt checkPermission gt lt tag gt lt tag id PrivilegesStatisticsReportForResources gt lt type gt report lt type gt lt label gt Privileges Statistics For Resources Report lt label gt lt data gt com eurekify web reports parameters universeconfigurationreports PrivilegesStatisticsForResourcesParametersP age lt data gt lt checkPermission gt true lt checkPermission gt lt tag gt lt tag id AuditBasicAlerts gt lt type gt report lt type gt lt label gt Audit Basic Alerts lt label gt lt data gt com eurekify web reports parameters auditalerts AuditBasicAlertsParametersPage lt data gt lt checkPermission gt true lt checkPermission gt lt tag gt lt tag gt lt tag id RoleManagement gt lt type gt internal lt type gt lt label gt Role Management lt label gt lt checkPermission gt true lt checkPermission gt lt tag id RolesAnalysisReport gt lt type gt report lt type gt lt label gt Roles Analysis Report lt label gt lt data gt com eurekify web reports parameters roleanalysis RolesAnalysisParametersPage lt data gt l
19. A warning screen opens Confirmation Are you sure you want to Start Approval Processes 2 Click Yes to confirm The Executing bar appears More information Approval Process Tickets see page 151 Chapter 7 Running Campaign owner Tickets 121 Campaign Management Functions Archive This feature allows you to completely shut down a campaign by transferring it to your archived tickets While a campaign that has been manually stopped can be restarted an archived campaign cannot be rerun By archiving a campaign while it is running you also close down the ability to run approval processes on any links that have already been processed and rejected during the time the campaign was active Archiving a campaign after it has been completed but before the Approval Processes have been run will prevent any possibility of running an approval process based on this campaign s rejected links To archive a campaign 1 Click Archive in the campaign s Ticket Properties Form to manually archive a campaign A warning pop up opens Confirmation 2 Are you sure you want to Archive 2 Click Yes The campaign is archived and completely shut down 122 Portal User Guide Campaign Management Functions View Campaign Progress The progress of the campaign is measured by the number of links that need to be audited by the various campaign approvers and have already been approved or rejected The View Campaign Progress
20. Audit Settings file Parameters and settings which define the audit and pattern based checks that will be performed on the master configuration each time it s imported Important Each Universe has a unique configuration associated with it Do not create more than one universe for any master model configuration Chapter 13 Using Administration Functions 329 Setting a Universe 330 Portal User Guide To create a Universe 1 On the Administration menu click Settings The list of available options appears Click Universe Settings The Universe list appears displaying existing universes Click Create Universe The Create New Universe screen opens Provide a unique Universe Name and Description Provide a unique Master configuration name Provide a unique Model configuration name Note We recommend that when generating a new Universe that you use the terms Master Model as part of the configuration file names For example Master_configWithRoles cfg and Model_configWithRoles cfg respectively The remaining fields depend on the existence of the configuration provided Note If the configuration exists and it is located in the database the Eurekify Portal autocomplete feature will allow you to select content from a list of options for each field Universe name Portal Description For Portal Manua Master configuration name Model configuration name Approved AuditCard Configuration login field Configuration email
21. Filter35 Filter36 Filter37 Filter38 Filter39 Filter40 Filter41 Filter42 Filter43 Filter44 Filter45 Filter46 Filter47 Filter48 Filter49 Filter50 Filter51 L L L L L L L L L L L L L L L L L L L L L L L L L L L L L L L L L L L L L L Campaign automatic fil Campaign automatic fil Read Access to campaign co Link Access to TMS Auto gen Campaign automatic fil Campaign automatic Fil Campaign automatic fil Campaign automatic fi Campaign automatic fil Campaign automatic Fi Campaign automatic Fil Campaign automatic fil Campaign automatic Fil Campaign automatic Fi Campaign automatic fil Campaign automatic fil Campaign automatic Fil Campaign automatic fil Read Access to campaign co Campaign automatic fi Campaign automatic Fi Campaign automatic fil Campaign automatic fil Campaign automatic fil Campaign automatic Fil Campaign automatic fil Campaign automatic fil Campaign automatic Fil Campaign automatic fil Campaign automatic fil Campaign automatic Fi Campaign automatic fil Campaign automatic fil Campaign automatic fi Campaign automatic Fi Campaign automatic fil Campaign automatic Fil ter ter Iter ter ter Iter ter ter ter ter ter Iter ter ter ter Iter ter ter Iter ter ter Iter ter ter ter ter ter ter ter ter ter Iter Iter ter Campaign automatic fil Iter FILTER FILTER DOCA LINK FILTER FILTER FILTER FILTER FILTER FI
22. Filtering a Data Table see page 24 Setting the Number of Records Per Page see page 23 Customizing a Data Table see page 22 Test Compliance see page 196 Suggesting Entities see page 198 Introducing the Requests Table see page 253 Chapter 10 Running Self Service Tasks 213 Manage My Role Assignments Manage My Role Assignments 214 Portal User Guide As a user you may find it necessary to request an update to your roles because of corporate changes personnel changes or following an audit process The Manage My Role Assignment screen allows you to manage your roles by generating a request to add new roles or by deleting existing roles The role management utility allows you to select a specific target role but it also provides you with suggested roles and the information necessary to make an informed choice The screen is divided into three sections General Provides descriptive information concerning the current action Currently Enrolled Roles The current roles linked to the selected users Other Roles A list of available roles The Other Roles section displays a customizable table Enterprise Role and Compliance Manager Home Ticket Queue Dashboards Self Service gt Manage My Roles Assignments Self Service Entity Browser Reports Manage My Role Assignments Administration Remove Role Name BASIC ROLE Other Roles Showing 1 t
23. Home Ticket Queue Dashboards Self Service Entity Browser Reports Administration eure Logout DOMAIN Angel Ben State Status Children Type Received Owner Previous Owner Request to delete role Organization System 1979 Management Characteristic Role 100 0 Min 40 New fending Link 29 01 2009 DOMAIN Angel Ben from ction Angel Ben User 09 15 10 Role The ticket type is the same as the original Approver ticket Delete Link Entity1 Entity2 But the functionality is limited Delete Link User Role kert Id 1979 Owner Due Date 29 01 2009 14 15 10 Priority Modified Date 29 01 2009 09 18 06 Pate Created Low lt Severity 29 01 2009 09 15 10 Angel Ben DOMAIN 4 Previous Owner E Pending Action Minimal x Open Request to delete role Organization System Management Characteristic Role 100 0 Min 40 from user Angel Ben 67283470 Approved and Completed Su Pescription The request to delete role Organization System Management Characteristic Role 100 0 Min 40 from user Angel Ben 67283470 was approved and comple successfully Request was submitted on Universe Portal from Link of Team to Role s Delegate Acknowledge Add Comment Add Attachment View Transaction Log View Parent View Initiators Chapter 9 Approval Process Tickets 189 Approval Process Info Tickets 190 Portal User Guide In thi
24. Name Ticket Type s Approval Process Approval Root Root ticket completed This ticket tree includes the Approver tickets associated with the campaign s rejected links that are being sent for review to the managers of the linked entities For more information see Approval Process Tickets see page 151 A ticket generated after a campaign is stopped or Rejected Link Parent Delete Link Entity1 completed This ticket is the specific rejected link s manager ticket For each pair of Approver tickets sent to the link s entity managers there is a parent ticket thus creating a sub tree for each rejected link For more information see Approval Process Tickets see page 151 A ticket generated after a campaign is stopped or completed The rejected links are sent for re evaluation to the managers of the linked entities For example a link between a role and resource will generate tickets to both the role manager and the resource manager The Approver Ticket can be escalated delegated to another approver by the ticket owner For more information see Approval Process Tickets see page 151 A ticket generated when an Approver wishes to ticket Entity2 Approval Process Delete Link Entity1 Approver ticket Entity2 Consult ticket Delete Link Entity1 Entity2 consult with another user regarding the specific rejected link For more information see Approval Process Tickets See page 151 The Self Service request
25. Normal Severity State open C user Certification Eurekify Admin User Review User Certification Eurekify Admin User Review Save and Reassign Hide Selected Reassigned From Approver Progess L 2 6 33 14 X Progress Violations PersonID UserName Organization OrganizationType Comment E Oooo 2 6 Joe Dassin 99883136 Joe Dassin Sales Corporate E Basic resources approved Attachments jomments Done L internet Qio More information Tickets and the Ticket Queue see page 69 The Ticket Properties Form see page 84 Auditing Links see page 136 General CMA Ticket Functions see page 147 Advanced CMA Ticket Functions see page 149 Chapter 8 Campaign Approver Tickets 135 Auditing Links Auditing Links The Eurekify Portal generates Campaign Manager Approver tickets Approver tickets CMA tickets as part of a campaign These tickets contain links that have to be examined The Approver is responsible for approving rejecting or reassigning links between entities This section describes actions available for Approver tickets m Presenting the Entity Links Table Approving a link m Rejecting a link m Reassigning a link m Adding comments to a specific link Presenting the Entity Links Table Campaign Manager Approver tickets CMA Approver tickets present all the links for each entity listed in the ticket based on the campaign definitions Every Appr
26. Pending Administration Type Received 21 12 2008 Campaign 13 51 21 Campaign Warager 23 22 2008 Approver Campaign 21 12 2008 Manager Apprewer 1225121 Campaign Manager Ea Approver Campaign Manager 21 12 2008 Approver a Paion 21 12 2008 Logout AD1 EAdmin Owner Eurekify Admin AD1 EAdmin Eurekify Admin AD1 EAdmin Herman Barbara DOMAIN Herman Barbara Purple Mary DOMAIN Purple Mary Goodman Bruce DOMAIN Goodman Bruce Cooper Amos Note The campaign owner can stop a campaign whenever he chooses to do so If he does the Campaign Manager Approver tickets will be hidden from the Approvers Approver CMA tickets contain two types of operations Link related actions Ticket related actions Ticket related actions that are shared by all ticket Ticket related actions unique to specific types of tickets are described in the relevant sections This section contains the following topics CMA Ticket Properties Form see page 134 Auditing Links see page 136 General CMA Ticket Functions see page 147 Advanced CMA Ticket Functions see page 149 Chapter 8 Campaign Approver Tickets 133 CMA Ticket Properties Form CMA Ticket Properties Form As an approver your goal is to examine the links listed within your CMA ticket and approve reject or reassign them by the campaign s due date Ticket Properties Form Windows Internet Explo
27. g Owner History Organization Siicon Valey Branch 93872110 History Title Branch Manager 67762440 History No Rule 82922230 History g Managerid owner Location 91236370 History Comme g Eg Houson TX History 91236370 Houson TX History Following the instructions found in Campaign Approver Tickets see page 131 Nancy approves or rejects the various links The other Approvers assigned to this campaign also review the links assigned to them More information Campaign Approver Tickets see 60 Portal User Guide page 131 Running a Campaign A Case Study Starting the Approval Process When all the approvers have approved or rejected the links assigned to them or when the campaign is manually ended the campaign owner can start the Approval Process The purpose of the Approval Process is to review the links rejected during a campaign This time the review is performed by the links two managers While campaigns are focused on one entity user role or resource the Approval Process sends the rejected link to the managers of both ends of the link For example if the rejected link is a user role link then the relevant user manager and the relevant role manager will receive tickets as part of the Approval Process Only if both managers agree to reject the link will the link be severed within the universe s configuration files To start the Approval Process Nancy clicks Start Approval Proces
28. proval Request to delete resource te D 1200 E Ueu CFPROD RACF22 Production RACF fromNew Pending Action 29 12 2008 Keren Cindy 13 47 21 DOMAIN Keren Cindy Entity managers are assigned as approvers to an Approval Process based on the link type For example for a Delete Link User Role process the user s manager and the role s manager will be assigned as approvers Users can become approvers for other users only if the Approver s name appears in the manager column of the Universe s Model configuration files for the specific user Users can become approvers for Roles and or Resources only if they are listed in the configuration s RACI representation under Accountable that is a specific user becomes accountable for a specific entity Therefore if you are listed as an entity manager you will receive Approver tickets when an administrator runs an Approval Process involving your assigned entity The campaign owner has overall control of the approval process They can transfer responsibility of the process to another manager or cancel the process when necessary This can be done for the complete ticket tree or for a single sub tree General Approval Process Ticket Functions As an approver you are tasked with making the decision whether to approve the rejection or not To aid you in the decision making process you have the ability to consult with other managers Important As several complex procedures are documented in
29. role Archived Approved e Request to add user to role association role Fifth av Applicative role user 91238730 Link User 31 01 2009 Role 19 28 04 Open Tn Progress User Approval Request to add role Fifth av E appiicative role Role By 2 Resources to user New Deer Alex A rues to add user to role association role Fifth av Applicative role user 67762440 User Approval Request to add role Fifth av A Applicative role Role By 2 Resources to user New Purple Mar New F Request to add user to role association role Fifth av Applicative role user 87473220 New tz 3 Request to add user to role association role Fifth av ya Pending Action In Progress Pending Action In Progress 31 01 2009 Role Link User 31 01 2009 Role 19 28 04 31 01 2009 19 28 20 Link User 31 01 2009 Role 19 28 04 Link User 31 01 2009 Purple Mary DOMAIN Purple Mary Flag Lee DOMAIN Flag Lee Purple Mary DOMAIN Purple Mary Flag Lee DOMAIN Flag Lee Flag Lee The Remove Link Link User Role parent and approver tickets are standard tickets More information Eurekify Properties see page 397 Updating Role Definitions see page 251 Running Self Service Tasks see page 193 Manage My Team s Role Assignments see page 203 Self Service Request New Role Parent Ticket see page 290 Self Service Request New Role Approver Ticket see page 293
30. 298 Portal User Guide Update Role Ticket Tree Self Service Request Update Role Parent Ticket The Self Service Request Update Role Parent ticket is a management ticket generated by the Eurekify portal when a request made using the business process Managing My Team s Roles involves a number of users that exceeds the system threshold While the Approval Root ticket controls the lifecycle of the whole tree the Update Role Request Parent ticket controls the lifecycle of the approver ticket generated during stage 1 of the Approval Process and also all the sub trees generated during stage 2 of the Approval Process Ticket Properties Form Windows Internet Explorer Lal http Hocalhost 8080 eurekiFy tms ui wicket interface 5 Eurekify Admin AD1 Previous Owner E E Status Jp Progress Low Severity Minimal v State Open te Created 19 01 2009 16 48 55 Update Role Fifth av Applicative role Update Role Fifth av Applicative role Delegate Escalate Cancel Process More Details gt gt Add Attachment View Transaction Log View Initiators View Ghiaren gt gt LE internet Chapter 11 Role Definition Tickets 299 Update Role Ticket Tree In this section you will find information specific to the Self Service Request Update Role Parent ticket lt Ticket Title gt Update Role Title Update Role Role Name Description Update Role Role Name The More Details gt gt lt lt Less
31. 305 407 Approver Ticket lt 36 Approver Ticket lt 69 Approver Ticket s 72 Approver Ticket s 77 Approver Ticket lt 133 Approver Ticket lt 136 Approver Ticket lt 138 Approver Ticket lt 144 Approver Ticket lt 153 Approver Ticket s 179 Approver Ticket lt 259 Approver Ticket lt 278 Approver Ticket lt 289 Approver Ticket lt 295 Approver Ticket e 298 Approver Ticket lt 305 Approver Ticket 407 Archive e 96 98 119 120 124 156 159 Attachment e 91 100 128 163 173 178 188 194 268 275 287 291 294 297 304 307 B BPR e 288 C Campaign Ticket 36 48 69 77 89 91 110 121 128 129 133 407 Campaign Ticket lt 36 Campaign Ticket lt 48 Campaign Ticket lt 69 Campaign Ticket lt 77 Campaign Ticket lt 89 Campaign Ticket e 91 Campaign Ticket e 110 Campaign Ticket lt 121 Campaign Ticket lt 128 Campaign Ticket e 129 Campaign Ticket lt 133 Campaign Ticket lt 407 Comment s 57 89 96 98 100 127 128 138 151 156 159 163 173 178 188 194 268 275 287 291 294 297 304 307 Connector e 38 45 72 330 336 338 340 344 347 351 407 Consult e 72 155 163 180 188 189 259 290 291 296 297 306 307 Converter s 340 344 Customize 80 D Delegate s 24 71 95 96 113 114 155 159 171 177 180 193 267 273 286 290 293 296 303 306 347 349 374 Direct Link e 323 DM client tool s 336 340 344 DNA
32. 92 cne s 9 gea EE poe be Redwine ba Ra oaks TRA Ree es R aN ES 354 Load Cache 0cccstsee sed nis seaweeds dewew eee deere oe decee eeu ous E E tee peee eee ee 354 Clear Cache 2 2 29306 be AR eed boas ARR RE A ARA ETRE Le dad ied aber bbasds gecdianueds 355 Properties SettingS 0s 0sn0c 0o5e eich Pied doe See ede tines s Reis Keke es BAM EE a eee Bee as 356 Accessing the Common Properties Settings Page 0 cece cece eee cette eens 358 Creating a New Property Key 2 00 000 ccc cee cease cece eae aese ee ceseeeteaeseeees seus 359 Editing a Property Key e e e ee 360 Eurekify Configuration SettingS 0 ccc ccc eee c ete rnnr eerren 362 RACI Operation s3 3 22 50 5s2tnacliess camer rT ESE aa dence ees pede ders agentes aaa ESTER 364 Create RACI ic cts oc es boceee bie deebekd bob eeoe Ree oust LES E S E blicob ead cide eres 364 Contents 9 Synchronize RAC 0 ccc ene ne een n teen eee n eee e eee enae TMS AGMINISEFALION cnc 9 2 R oh co NN Veco eed tite a KE NR WERE Dae antes Fa ne wean System Checkup ccecccceescetariseae unas aheaveees does EEE es eeetetnee desea Chapter 14 About Security amp Permissions SOGUMLY a 6 9 3 R cess ideend edhe tahoe tec hd ede de cad tae LENA ARNALA woe Turning Security On Off esscr neien eiras cee cece ANER TAN RRR NR Authentication SettingS 0 ccc rror enorer errenneren nre ENnGry ptiOny isere tie n cedtedeiss dies E EE E EE bans RR EER ST V
33. Action c e 11 11 2008 1 E basic ResourceCertification Campaign Para You can navigate the tickets by clicking on E Clicking an active link in the Title column opens the Ticket Properties Form in a separate browser window Clicking on the link in the Owner column will open the listed ticket owner s User Card in a separate browser window The following table presents the icons used in the Ticket pane and their description Icon Description New ticket folder a Ticket folder This is a task ticket that has children tickets The ticket tree headed by this folder could have been generated when this ticket was first generated or later in the process i New info ticket N Info ticket 64 Portal User Guide Icon Description DHIR Y More information New task ticket Overdue ticket The Reports Bar Task This icon appears next to every ticket that refers to an action Appears when a ticket refers to a process that includes errors Click to expand the ticket tree Click to collapse the ticket tree Tickets and the Ticket Queue see page 69 Running Campaign owner Tickets see page 101 Campaign Approver Tickets see page 131 The Reports Bar The Reports navigation bar lets you easily navigate to your most popular reports Click Enterprise Role and Compliance Manager Ticket Queue Dashboards Self Service 835 E User Review User Certification My Reports Audit Basic Alerts
34. Advanced lt lt Less Details onfiguration Name Model_ConfigWithRoles Person ID 75676560 Role Name Organization Database Administrators Approval Process Result Advanced 160 Portal User Guide Advanced Approval Process Ticket Functions The data fields and their content depend on the ticket type and it is in general self explanatory To toggle between the two modes click the visible option More Details Less Details Advanced Approval Process Ticket Functions Ticket Type Approval Root The Ticket Properties Forms for the various Approval Process tickets share many of the same functions Add Comment m Add Attachment m View Transaction Log The following Advanced functions are described in this section View Initiators R View Parent View Children View Entity where entity is either user role or resource The following table provides a summary of all the Advanced functions available for the various Approval Process tickets Advanced Functions a Add Comment campaign Approval Process owner ticket a Add Attachment a View Transaction Log a View Children a View Statistic Chapter 9 Approval Process Tickets 161 Advanced Approval Process Ticket Functions Ticket Type Advanced Functions Delete Link Entity1 Entity2 Rejected Link Parent ticket Add Comment a Add Attachment a View Transaction Log m View Parent a View Initiators a View Children a View Entity1 a View
35. Approval Root Request New In Progress Approval ee Tarki E Link of Team to Role s Approval Root Request Open None n pe eii j Eurekify E User campaign for demo UserCertification Open In Progress Campaign on Admin ADI ers EAdmin El amp basic ResourceCertification Open berian Campaign ae I Admin AD1 12 14 50 Eadmin Chapter 2 Using The Eurekify Portal Interface 19 User Interface General Features Autocomplete Eurekify Portal s home page contains the following main features menu bar Tickets pane Reports navigation bar and Business Processes navigation bar When the Eurekify Portal opens the Tickets pane displays any active new open done tickets More information Presenting the Home Page see page 63 There are several features that repeat themselves in most of the screens you will access while working with the Eurekify Portal Some of the Portal s screens have fields with an enabled Autocomplete feature This feature provides a data list matching the field requirements from which you can make a selection To view the data list click the Backspace key on your keyboard Import client name Description Universe Choose One Settings XML file Mapping XML file C Program Files Eurekify Eurekify Sage Client Tools io A Enrichment settings file Remote system login password Max duration time seconds Connector Java Class Choose One 20 Portal User Guide
36. Dashboards Self Service Entity Browser Reports Administration Person ID Goid Wiliam 84847310 Sterling Kent 86023090 Sterling Kent 86023090 Ron Mark 99883134 Ron Mark 99883134 Ron Mark 99883134 Ron Mark 99883134 Moos Steve 87623450 Moos Steve 87623450 Name Goid Wiliam 84847310 Sterling Kent 86023090 Sterling Kent 86023090 Ron Mark 99883134 Ron Mark 99883134 Ron Mark 99883134 Ron Mark 99883134 Moos Steve 87623450 Moos Steve 87623450 More information Privilege UGSILVLAN NTSILV WinNT Silicon V br User Lan UGSILVLAN NTSILV WinNT Silicon V br User Lan PUBLIC RACFPROD RACF22 Production RACF office2003 2003 WinNT MS office2003 UGSILVLAN NTSILV WinNT Silicon V br User Lan e mail outlook WinNT MS email PUBLIC RACFPROD RACF22 Production RACF UGSILVLAN NTSILV WinNT Silicon V br User Lan PUBLIC RACFPROD RACF22 Production RACF Approval Process Tickets see page 151 Customizing a Data Table see page 22 Setting the Number of Records Per Page see page 23 Filtering a Data Table see page 24 Suggesting Entities see page 198 Test Compliance see page 196 Logout Herman Barbara Manage My Resources Manage My Resources As a user you may find it necessary to request an update to your resources because of corporate changes resource changes or following an audit process The Manage My Resources screen allows you to manage your resources
37. Entity1 Entity2 Update Role Task A ticket generated when a specific task needs to be performed usually as part of a larger procedure For example defining a new role s manager accountable For more information see Role Definition Tickets see page 257 Notification A task ticket that is generated for the purpose of passing information Import Export A ticket generated when an import or export event runs For more information see Running a Connector see page 345 Error Ticket generated when system error occur For more information see Troubleshooting see page 379 The following lists the various possible ticket states New Indicates a new ticket that hasn t yet been opened by the user Open Indicates that the ticket has been opened Hidden Indicates a ticket that is not visible to its assigned user Done Indicates that the action referred to by the ticket has been completed Archived Indicates that the ticket has been archived Canceled Indicates that the ticket was canceled Ticket Status Ticket Life Cycle The following lists the various possible ticket statuses Active Indicates that the ticket is active Completed Indicates that the links listed in the ticket have been audited Delegated Indicates that the ticket was delegated by a more junior manager Done Indicates that the ticket s job has been completed Escalated Indicates that the ticket was reassigned to a more senior manager In Pr
38. Eurekify Configuration Settings 362 Portal User Guide The Eurekify master configuration handles user access to the Eurekify Portal A user has access to the Eurekify Portal only if they are listed in the Eurekify configuration Eurekify cfg which is actually the configuration of internal CA Eurekify Role amp Compliance Manager permissions When you add a new Universe to the system prior to updating the RACI configurations you have to make Sure that all the users associated with the Universe via the configuration have access to the Eurekify Portal This is necessary since the users listed in the universe s configuration may need to access the portal to perform self service tasks users or approval tasks managers or certifications tasks managers This process is also important when new users have been added to the universe s configuration As all persons in an organization probably already have accounts on the organization s main authorization authorities such as for example Active Directory the best way to update Eurekify configuration is from this source which actually is one or more of the end points already imported to ERCM and residing as a configuration universe within its database To check the Eurekify configuration for new users when creating a new Universe 1 On the Administration menu click Eurekify Configuration Settings Administration gt Eurekify Configuration Settings Eurekify Configuration Setting
39. Solaris26 UNXMARKT Solaris26 office2003 2003 WinNT 2003 WinNT appidev UNXMARKT Solaris26 UNXMARKT Solaris26 UGSILVLAN NTSILV WinNT NTSILV WinNT UGADSYS Administration ROOT NOVELADM Novel NOVELADM Novel UGSILVSYS NTSILV WinNT NTSILV WinNT e mail outlook WinNT outlook WinNT UGSAVELAN NTSAVE WinNT NTSAVE WinNT unixdev UNXMARKT Solaris26 UNXMARKT Solaris26 Find Resources Test Compliance A Ane fh hh hE LH A Ane hh Hf Hie Add o m o Oo Oo o Oo oO S m After making your selection s you can test the compliance of your selections with the existing BPRs and policies Violations Violations First Second Third Rule Description Role Mgr 1 Only people in role Finance aar del Finance can access the listed the TSS mgr resource Moos Steve O ganization Finance UGFINMGR TSSCREDIT TSS50 87623450 aae e Top Secret on MVSCREDIT can access the listed the TSS mgr resource Role Mar 1 Only people in role Finance can access the listed the TSS mgr resource Role Mar 1 Only people in role Finance can access the listed the TSS mgr resource Role Mgr 1 Only people in role Finance can access the listed the TSS mar resource Only people in role Finance can access the listed the TSS mgr resource Organization Finance Characteristic Role 100 0 Min 40 Ron Mark 99883134 UGFINMGR TSSCREDIT TSS50 Top Secret on MVSCREDIT Only people in role Finance can access the liste
40. State open x Modified Date 01 02 2009 16 33 24 Date Created 01 02 2009 14 05 45 Title Update Role Approval Root Request Description Approval Root Request Request was submitted on Universe Portal from Update Role Close m oe a Ee lt lt Less Details onfiguration Name Model2_ConfigWithRoles Add Comment Add Attachment View Transaction Log View Children gt gt View Statistic E internet R100 In this section you will find information specific to the Approval Root ticket type for Self Service provisioning requests lt Ticket Title gt Approval Root Title Self Service Task Approval Root Request For example Add Role Approval Root Request Description A description of the ticket It includes The universe name and the source of the request For example Approval Root Request Request was submitted on Universe Portal from Update Role This section covers the following topics m The Role Definition Approval Root ticket s General functions m The Role Definition Approval Root ticket s Advanced functions 264 Portal User Guide Role Definition Approval Root Ticket More information The Ticket Properties Form see page 84 Approval Root Ticket General Functions Role Definition see page 265 Approval Root Ticket Advanced Functions Role Definition see page 266 Approval Root Ticket General Functions Role Definition The Role Definition Approval Root ticket provides the following G
41. by generating a request to add new resources or by deleting existing resources Enterprise Role and Compliance Manager Home Ticket Queue Dashboards Self Service Entity Browser Reports Administration Self Service gt Manage My Resources Assignments Business Process Description 3 Currently Enrolled Resources Remove Res Name 1 Res Name 2 Res Name 3 Description ManagerID Owner Location UGSAVESYS NTSAVE WinNT NTSAVE WinNT Fifth Av br System Admin 91236370 Houson TX UGADMGR Administration ROOT NOVELADM Novel4 NOVELADM Novell4 Active Directory Manager 67283470 Portland OR UGMPOPR RACFPROD RACF22 RACFPROD RACF22 Production RACF 77292450 Irvine CA UGMTOPR RACFTEST RACF22 RACFTEST RACF22 Test RACF 77292450 Irvine CA UGSILVSYS NTSILV WinNT NTSILV WinNT Silicon V br System Admin 91236370 Houson TX UGSTAMSYS NTSTAM WinNT NTSTAM WinNT Stamford br System Admin 91236370 Houson TX e mail outlook WinNT outlook WinNT MS email 91236370 San Mateo CA office2003 2003 WinNT 2003 WinNT MS office2003 91236370 San Mateo CA unixoper UNXMARKT Solaris26 UNXMARKT Solaris26 Unix operator 89123140 San Mateo CA Oo o E E E E Oo o oO Other Resources Showing 1 to 10 of 74 4 412345678 gt Res Name 1 Res Name 2 Res Name 3 UGMTSYS RACFTEST RACF22 UGSYS TSSCREDIT TSS50 TESTDEV RACFTEST RACF22 UGMPMINI RACFPROD RACF22 UGADGEN1 Administration ROOT NOVELADM Novel UGSAPPUR SAPPROD SAPR3 secmgr UNXMARKT Solaris26 UGADGEN2 Admini
42. enroll m You can use the Find Resources filter option to find specific resources and then make a selection from the filtered list of resources m You can click Suggest Resources and use the information provided by this feature to find resources to which you should enroll Other Resources Showing 1 to 10 of 74 Res Name 1 UGFINAR RACFPROD RACF22 secmgr UNXMARKT Solaris26 appldev UNXMARKT Solaris26 UGSILVLAN NTSILV WinNT UGADSYS Administration ROOT NOVELADM Novell4 UGSAVELAN NTSAVE WinNT unixdev UNXMARKT Solaris26 uarksys UNXMARKT Solaris26 UGMTDBA RACFTEST RACF22 ugrkgen1 UNXMARKT Solaris26 44472345678 gt Res Name 3 HR Pattern Privileges Pattern Details RACF22 1 1 Details Solaris26 Solaris26 WinNT Novel WinNT Solaris26 Solaris26 RACF22 Solaris26 Res Name 2 RACFPROD UNXMARKT UNXMARKT NTSILV NOVELADM NTSAVE UNXMARKT UNXMARKT RACFTEST UNXMARKT Details Details Details Details Details Details Details Details Details Records per page 10_ 7 Suggest Resources After making your selection s you can test the compliance of your selections with the existing BPRs and policies Violations Violations First Herman Barbara Second Fifth av Applicative role Role By 2 Resources 64646410 Rule Fifth ave Only people from Fifth Ave allowed in Fifth Ave Roles Description Only people from Fifth Ave a
43. lt type gt external lt type gt lt label gt Archived Tickets lt label gt lt data gt SAGE_SERVICE_URL tms ui credential filter ST ATE_ARCHIVED lt data gt 406 Portal User Guide lt checkPermission gt false lt checkPermission gt lt tag gt lt tag gt lt tag id DashBoard gt lt type gt external lt type gt lt label gt Dashboards lt label gt lt data gt lt l Sample Portal Structure XML http localhost 8080 group eurekify configuration usertoken USER_TOKEN group eurekify configuration usertoken USER_TOKEN lt data gt lt checkPermission gt true lt checkPermission gt lt tag gt lt tag id SelfService gt lt type gt mark lt type gt lt label gt Self Service lt label gt lt checkPermission gt true lt checkPermission gt lt tag id manageTeamRoles gt lt type gt internal lt type gt lt label gt Manage My Team s Role Assignments lt label gt lt data gt com eurekify web selfservice RolesT eamServicePage lt data gt lt checkPermission gt true lt checkPermission gt lt tag gt lt tag id manageSelfRoles gt lt type gt internal lt type gt lt label gt Manage My Roles Assignments lt label gt lt data gt com eurekify web selfservice RolesSelfServicePage lt data gt lt checkPermission gt true lt checkPermission gt lt tag gt lt tag id manageTeamResources gt lt type gt internal lt type gt lt label gt Manage My Team s Resources Assignments
44. purchase UNXMARKT Solaris26 Marketing Sun Request to remove user to resource association a resource ugrkgen1 UNXMARKT Solaris26 Marketing Sun Request to remove user to resource association resource UGMPBR RACFPROD RACF22 Production RACF Request to remove user to resource association G resource UGMPBR RACFPROD RACF22 Production RACF Status In Progress In Progress Archived Completed New In Progress Archived Completed New In Progress New In Progress Archived Completed Children Received 21 01 2009 23 02 52 21 01 2009 23 02 52 Type Approval Root Delete Link Delete Link User Resource Delete Link User Resource Delete Link User Resource Delete Link User Resource Delete Link User Resource Delete Link User Resource 21 01 2009 23 02 52 21 01 2009 23 02 52 21 01 2009 23 02 52 21 01 2009 23 02 52 21 01 2009 23 02 52 21 01 2009 23 02 52 Owner Eurekify Admin Eurekify Admin AD1 EAdmin Eurekify Admin AD1 EAdmin Eurekify Admin AD1 EAdmin Eurekify Admin AD1 EAdmin Eurekify Admin AD1 EAdmin Eurekify Admin AD1 EAdmin Eurekify Admin AD1 EAdmin The number of sub trees for any Approval Process Root ticket is listed in the Ticket Queue s Children column Each sub tree consists of a Rejected Link Parent ticket and two Approver tickets one for each of the entities that make up the rejected link that is
45. resource UGADGEN2 Administration ROOT NO 93833870 Request was submitted on Universe Portal from User campaign with Audit Card onfiguration Name Model2_ConfigWithRoles ID 93833870 UGADGEN2 Administration ROOT NOVELADM Novell4 Add Comment Add Attachment View Transaction Log View Parent View Initiators View Children gt gt View Resource Click View User View Resource View Role to see the entity s card in a separate browser window More information The Entity Card see page 28 Approval Process Root Ticket Approval Process Root Ticket The Approval Root ticket is the root ticket that appears in the Ticket Queue belonging to the manager administrator who started the Approval Process When expanded you can see a set of sub trees one for each rejected link that has to be reviewed Enterprise Role and Compliance Manager Home Ticket Queue Dashboards Ticket Queue gt Open New Done Tickets Self Service Entity Browser Reports Administration in View B amp User campaign with Audit Card Approval Root Request Request to remove user to resource association E resource UGADGEN2 Administration ROOT NOVELADM No Request to remove user to resource association amp resource UGMPBR RACFPROD RACF22 Production RACF Request to remove user to resource association resource UGADGEN1 Administration ROOT NOVELADM No Request to remove user to resource association E resource
46. see page 397 tms delegate filter see page 403 tms escalate filter see page 403 tms campaign campaign type reassign filter see page 404 Sample Properties File An example of a Eurekify properties file eurekify portal name Eurekify Portal sleepDelay 2500 sage master configuration Eurekify sage admin login AD1 EAdmin sage admin password eurekify sage batch login AD1 EBatch sage batch password eurekify sage admin role Eurekify Admin Role sage batch role Eurekify Batch Role Appendix B Eurekify Properties 397 Sample Properties File 398 Portal User Guide sage v32 homeDir C Program Files Eurekify Eurekify Sage Client Tools V3 2 Software sage v32 DMFile EurekifySageDM V32 exe sage v32 DNAFile EurekifySageDNA V32 exe sage v32 connecters workingDirectory C Program Files Eurekify Eurekify Sage Client Tools V3 2 Software workingDin sage v32 connecters oracleConnectorHomeDir C Program Files Eurekify Eurekify Sage Client Tools V3 2 Software Converters Oracle OIMConvert sage v32 connecters oraclelmportJarName importFromOIM jar sage v32 connecters oracleE xportUarName exportToOIM jar sage v32 connecters BMCConnectorHomeDir C Program Files Eurekify Eurekify Sage Client Tools V3 2 Software Converters BMC BMCConvert sage v32 connecters BMClmportJarName importFromBMC jar sage v32 connecters BMCExportJarName exportT oBMC jar sage v32 connecters IBMConnectorHomeDir C Prog
47. user 0 is already in process request was submitted on universe 2 from 3 user password not found try wicket wicket as the user name password combination 0 failed the value 0 is not allowed in 1 the command id 0 was not found the command id 0 is not enabled fail to save attachment please fill the field name the filter 0 has a syntax error 1 the user does not exist fail to revoke ticket 0 missing job tickets 1 Eurekify Sage Error Messages Field Code tms010 Description error command revokecmd msg2 errcode tms011 fail to revoke ticket 0 with job tickets 1 there are 2 activity tickets outside the ticket tree error command linkcommands errcode tms012 fail to create commands 0 1 error command startjobcommand errcode fail to start job for ticket 0 ticket has already reference for job 1 error command startjobcommand checkjobticket exists errcode error workflow connection errcode tms013 tms014 fail to commit activity checkjobticketexists in job 1 of ticket 0 check tms port in workpoint wftms web service fail to connect to workpoint url 0 tms015 info 1 no ticket parent error service createconsulttickets errcode error service createconsulttickets2 errcode tms016 tms017 fail to find consulting users 0 fail to create consulting tickets 0 error service createconsulttickets3 errcode error se
48. 0 is not read only the master configuration 0 has a parent configuration the model configuration 0 is not logged the model configuration 0 is not read only the model configuration 0 has a parent configuration the model configuration 0 is not logged the following issues were found would you like to auto fix them Eurekify Sage Error Messages Field Code Description error workpoint dbconnection errcode wp001 workpoint database connection is closed Chapter 15 Troubleshooting 389 Appendix A Duplicating a Configuration Note Duplicating a configuration is performed in the CA Eurekify Role amp Compliance Manager Sage DNA module In the course of your work with the Eurekify Portal you may need to duplicate a configuration whether to use while learning the Eurekify Portal or because you need to generate a master model configuration set that can be used as the base line for a Universe you will create later in the Eurekify Portal This set of configurations can be based on an existing configuration which you would like to keep as is The new configuration pair can also be based on a partial configuration that you wish to investigate A Eurekify configuration consists of a configuration file cfg a user database file udb and a resource database file rdb The configuration file contains references to the user and resource database files Therefore you cannot use the operating sy
49. 1491 1492 1494 1498 1501 1512 1517 1537 1556 50 Portal User Guide Ticket Queue Dashboards Self Service Customize Title State 8 Geist User Audit User Certification New E User Certification Katz Nancy First User Audit Hidden E user Certification Goodman Bruce First User Audit Hidden E user Certification Allen Sherman First User Audit Hidden E user Certification Purple Mary First User Audit Hidden E user Certification Katz Nancy First User Audit Hidden E user Certification Cooper Amos First User Audit Hidden E user Certification Herman Barbara First User Audit Hidden IS user Certification Levi Jay First User Audit Hidden Entity Browser Status Pending Action Pending Action Pending Action Pending Action Pending Action Pending Action Pending Action Pending Action Pending Reports Administration Type Received 12 01 2009 Campaign 10 36 45 Campaign Manager 12 01 ie 09 Approver 7 Campaign Manager EnF i Approver Y Campaign Manager 12 01 2009 Approver Campaign Manager 12 01 2009 Approver Campaign Manager 12 01 2009 Approver 7 Campaign Manager 12 01 2009 Approver Campaign Manager 12 01 2009 Approver Campaign Manager lrag Logout D Katz Nancy Owner Katz Nancy DOMAIN Katz Nancy Katz Nancy DOMAIN Katz Nancy Goodman Bruce DOMAIN Goodman Bruce Allen Sherman DOMAIN Ilan
50. 19 24 13 Title Description Role Certification Keren Cindy Role Review Role Certification Keren Cindy Role Review lReassigned From Approver Progess 0 17 0 L X gt Progress Violations RoleName Description Organization Type Comment RACE Public access Characteristic Role Characteristic Role 100 0 100 0 Min 60 Min 60 Company Applicative Role E E users 3 vy X gt Name Violations Relationtype Username Organization Organizationtype Country History Comment B Resources 2 ae Direct Rolen Dave Finance Corporate us History e Direct Maor Kathy Finance Corporate us History R Direct Cherry Jay Finance Corporate us History v X Namel Name2 Name3 Violations Relationtype Description Managerid owner Location History Comment PUBLIC RACFPROD RACF22 A Production tory Production RACF RACFPROD RACF22 Direct RACE 77292450 Irvine CA History PUBLIC RAC TEST RACF22 pa cetecT RACF22 Direct Test RACF 77292450 Irvine CA History Test RACF E Chid Roles 0 x X Name Violations Relationtype Description Type Organization Rule Owner History No Records Found E parent Roles 0 w X Name Violations Relationtype Description Type Organization Rule Owner History No Records Found 132 Portal User Guide RACF Test Developers Characteristic Characteristic Role 100 0 Role 100 0 Min 60 Min 60 Company Appiicative Rol
51. 265 38 eadeegng sla taanh dus Said He and J omldchaew acd SiR Rd kiin naaa i MR dae a RAG ees 165 Approval Process Root Ticket 0 cece ccc eee cence nent tenet een e teenies 167 Approval Root Ticket General Functions 0 ccc cece cette eet teen eens 169 Approval Root Ticket Advanced Functions 00 cece cece eee teen eens 171 Rejected Link Parent Ticket se e e RR ccc cece ee eee RRR RRR RRR eee RRR RRR RRR RRR RRR RR RRR aS 173 Rejected Link Parent Ticket General Functions 0 cece cece eee eect eee ees 175 Rejected Link Parent Ticket Advanced Functions 00 c cece eee eee eee e eee ees 176 Approval Process Approver Tickets 0 c eect eee e rnnr errenneren 177 Approver Tickets General Functions 00 ccc eee cece ence teen eet eee eeeees 178 Approver Tickets Advanced Functions 0 00 cece cece cece e eee e teen eens 186 Approval Process Info TicketS 0 00 cece ccc eee een e eee rreren rroen 189 General Approval Process Info Ticket Functions 0 cc cece ccc cece tenn eens 191 Advanced Approval Process Info Ticket Functions 0 cece cece eee eee eens 192 Contents 7 Chapter 10 Running Self Service Tasks 193 General Self Service FUNCtIONS 0 22 9 KE T a 9 9 N KR cede weed aces es eee Er UOUN SATE KRA A RRR A nee 195 Test COMPLIANCE 20 nn een eee eee RRR RRR RR a 196 Suggesting Entities 2 c cccnccsiad
52. 4123 gt Organization Human Resources Company Application Development Title Operator Sales Database Administrators System Management Stamford Branch Title Branch Manager Marketing Dept Records per page 10 Other Roles Manage My Role Assignments The Other Roles section provides the following options Add A column of check boxes one per role Select one or more Role Name Click any highlighted role name listed in this column to open its Role Card Customize Allows you to determine the columns that will appear in the Other Roles table Records per page Select the number of records that will appear in the Other Roles table per page Find Roles Opens the Select Role filter screen to assist you in locating specific roles Test Compliance Checks whether the selections made in the Other Roles table comply with existing policies and BPRs Business Practice Rules Suggest Roles Provides a list of possible roles based on the Eurekify ERCM pattern recognition technology This table presents you with several options m You can manually select one or more roles to which you wish to enroll R You can use the Find Roles filter option to find specific roles and then make a selection from the filtered list of roles R You can click Suggest Roles and use the information provided by this feature to find roles to which you should enroll Showing 1 to 10 of 28 41123
53. 83popuppagemap_Popu VY View Violations Name Description license Only 5 people may access role ADMNMGR licensing v a Internet R 100 The View Violations table has three columns Name The violation title Description Provides the details of the violation Score The score as listed when the BPR was first generated Click View Violations to view the View Violations screen in a separate browser window Click Close to close the browser window Add New Role Ticket Tree Role Approver Ticket Add Role Add Role Ticket Id Due Date The second stage of the Add New Role Approver Process starts after you have selected an user as the role s accountable and clicked Continue A Role Approver ticket is generated This Approver ticket is sent to the new role s manager It contains a table listing all the links that were requested during the Request New Role Definition task 2223 Owner Cooper Amos DOMA Previous Owner Pending Action v 01 02 2009 05 35 53 Priority Low gt Severity Minimal Open C Modified Date 01 02 2009 00 37 11 Date Created 01 02 2009 00 35 53 Role Approver New Role Corporate Security Role Approver New role Corporate Security onfiguration Name Model2_ConfigwithRoles DOMAIN Cooper Amos Corporate Security Rule Organization2 Organization Type Owner Description Organization34 Organization IT Security null null Enterprise IT Security Organiza
54. Approval Process Approver Tickets More information Reject see page 185 Approve see page 184 Approver Tickets General Functions The Approval Root ticket provides the following General functionality Close Close the ticket Save Saves the changes made to the ticket Delegate Transfers the ticket tree to another manager Escalate Transfers the ticket tree to another manager Consult Allows you to request a consult from one or more managers When you activate this service a View Consult Results button appears in the Advanced functions section of the Ticket Properties Form Approve Approve the request to delete the link between the two entities Once approved the link is severed Reject Reject the request to delete the link between the two entities This means that the link will not be severed More information Delegate see page 157 Escalate see page 154 Approve see page 184 Consult see page 179 Reject see page 185 178 Portal User Guide Approval Process Approver Tickets Consult You can use the Consult utility to send a request for a consult concerning a link that you are reviewing during an Approval Process You can consult more than one user at a time You also don t have to wait for an answer to your request before you actually approve or reject the link listed in the Approver ticket This feature is particularly useful when you are facing a deadline When you click Consult the Find Consult
55. Approver ticket provides the following General functionality Close Closes the ticket Save Saves the changes made to the ticket Delegate Transfers the ticket tree to another manager Escalate Transfers the ticket tree to another manager Consult Allows you to request a consult from one or more managers When you activate this service a View Consult Results button appears in the Advanced functions section of the Ticket Properties Form Approve Approve the Self Service request Reject Reject the Self Service request More information Delegate see page 157 Escalate see page 154 Consult see page 179 Approve see page 184 Reject see page 185 Add New Role Ticket Tree New Role Approver Tickets Advanced Functions The Approver ticket provides the following Advanced functionality Add Comment Manually add a comment to the ticket Add Attachment Add an attachment or URL to the ticket View Transaction Log The transaction log provides a history of the ticket related actions executed since the creation of the ticket View Parent Opens the current ticket s parent s ticket View Initiators View of list of the users who launched this ticket View Violations This button is disabled View Entity Opens the entity s card Two buttons are provided one for each side of the link under review View Consult Results This button appears only when the Consult service has been activated More information Add C
56. Branch Title Branch Manager Organization Marketing_Dept Description Characteristic Role 85 7 Min 40 Characteristic Role 100 0 Min 60 Characteristic Role 100 0 Min 40 Characteristic Role 50 Role By 2 Users Characteristic Role 100 0 Min 40 Characteristic Role 100 0 Min 40 Characteristic Role 100 0 Min 40 Characteristic Role 50 Characteristic Role 100 0 Min 40 Type Org Role Applicative Role Org Role Org Role Org Role Org Role Org Role Org Role Org Role Org Role Defining a New Role name in the Users 1123 Organization Human Resources Company Application Development Title Operator Sales Database Administrators System Management Stamford Branch Title Branch Manager Marketing Dept Records per page 10 Y ild Roles Showing 1 to 10 of 30 Add Role Name 41123 Oo Customize SAV Active Directory Domain Users Active Directoty Branch Users BASIC ROLE Fifth av Applicative role Novell HR Application Organization Application Development Organization Database Administrators Organization Fifth Ave Branch Organization Finance Description Fifth Av Br Team Iterated Characteristic Role 100 0 Min 60 Characteristic Role 44 4 Min 40 Basic role for all users that have access to IT Role By 2 Resources Characteristic Role 40 0 Min 40 Characteris
57. Chapter 7 Running Campaign owner Tickets Eurekify Admin AD1 EAdmin Flag Lee DOMAIN Flag Lee Ange Ben DOMAIN Angel Ben Godheart Dan DOMAIN Godheart Dan Keren Cindy DOMAIN Keren Cindy Allen Sherman DOMAIN Iian Sharoni manually 119 Campaign Management Functions Restart Campaign gt IW Title The ability to restart a campaign is enabled only when you manually stop a campaign Campaign Management Start Carnp When you restart a campaign the approver tickets are once again accessible to the Approvers You will see them listed as state New in your Ticket Queue but their status will reflect their status prior to the campaign s manual cessation For example if an Approver managed to complete his assigned reviewing tasks while the campaign was running this Approver s ticket status will be Completed After you restart the campaign this Approver ticket s status will show that the process has been already completed 619 E G Resource Resource Certification 620 639 645 E resource Certification Flag Lee Resource1 resource Certification Angel Ben Resource1 Resource Certification Godheart Dan Resource1 E resource Certification Keren Cindy Resource1 E resource Certification Allen Sherman Resource1 State Open New New New New New Status Children In Progress Pending Action Completed Pending Action Pending Action P
58. Corporate Security New Resource Approval Request to add resource E PUBLIC RACFPROD RACF22 Production RACF to New role Corporate ey Request to add role to resource association 3 E fesource UGMTSYS role Corporate Securty a This ticket is identical to other Approval Process Approval Root tickets For more information see Self Service Approval Root Ticket see page 263 Status In Progress In Progress Completed Approved In Progress In Progress Pending Action In Progress In Progress In Progress In Progress Pending Action In Progress In Progress Pending Action In Progress Add New Role Ticket Tree gt Self Service Main Request Parent An Add Role parent ticket sent to the Self Service Ticket task manager For more information see Role Definition Main Request Parent Ticket see page 271 Select Accountable A Task ticket sent to the Self Service task manager For more information see Select Accountable Ticket Add New Role see page 280 ID Title State Status Children Type Received S Approval 01 02 2009 Eurekify 2242 E Gadd Role Approval Root Request New In Progress 1 Root 13 01 32 Ain Eurekify 01 02 2009 Admin 13 01 32 AD1 EAdmin 01 02 2009 Eurekify 13 01 40 Admin 2243 B new Role Manage Human Resources New In Progress 1 Add Role j Select Accountable to Role Manage Human 2244 E Resourced Pending aaas Action 0 Task After the Self Servi
59. Details option provides more information than in other parent tickets In this case you can see a full list of the ID numbers for all the users that you or the Self Service manager requested to enroll in this role Eurekify Admin AD1 Previous Owner Status In Progress Severity Minimal v State Open Update Role Fifth av Applicative role Update Role Fifth av Applicative role Delegate Escalate Cancel Process Model2_ConfigWithRoles Fifth av Applicative role 912387304 677624402 587473220 847746604 947384 70 76329130 1489213478F 89123470 gt 87623490 78265345041 Resources To Remove Property Type SAGE Old properties Organization ST Type Owner Rule Description Reviewer Organization2 Organization3 CreateDate ApprovalDate ApprovalStatus ExpirationDate pertyType SAGE OldPropertyValues Fifth Ave Branch Applicative Role 912363704 No Rule Role By 2 Resources 45489940 Branch Corporate 31 03 2007 03 33 00 409 05 2007 10 36 00 Approved Approval Process Result Role Fields Role Links 300 Portal User Guide Update Role Ticket Tree Use this ticket s functionality when you wish to transfer the specific link s sub tree to the management of another user or to cancel this specific review You can use the options in the ticket s Advanced section to access additional information concerning the current ticket and the rest of the tickets in the sub
60. Directory nameS Domain Users NTSILV WinNT Configurtion Model2_ConfigWithRoles_A Description Active Directory 9 ManagerID Owner 91236370 Houson TX Name Organization Organization Type DOMAIN Flag Lee A Flag Lee IT Security Corporate Customize 34 Portal User Guide Menu Bar Menu Bar The menu bar provides access to Eurekify Portal s functions The menu bar is functionally organized and includes the following main items Home m Ticket Queue Dashboards m Self Service m Entity Browser m Reports Administration Some of the menu bar items contain submenus with additional options Where relevant the name of the active window is indicated below the menu bar in italics Home Ticket Queue Dashboards Self Service Entity Browser Reports Administration Entity Browser Entity Browser Universe Portal S Configuration Model2_ConfigwithRoles M Home Click Home to return to the Eurekify Portal s home page More information Presenting the Home Page see page 63 Chapter 2 Using The Eurekify Portal Interface 35 Menu Bar Ticket Queue Menu Dashboards Menu Self Service Menu The Ticket Queue allows you to filter your tickets based on various criteria Show the active ticket list This includes tickets whose Status is Open New or Done m Show the New Tickets list m Show the Overdue Tickets list Overdue tickets are flagged d Show the Approver Tickets list This enables
61. EAdmin I h r RR Cowan ole 205 Sharoni Allen Sherman DOMAIN Ilan Sharoni Allen Sherman DOMAIN Ilan Sharoni Allen Sherman DOMAIN Ilan Sharoni Allen Sherman DOMAIN Ilan Sharoni Allen Sherman DOMAIN Iian 2259 update Role Approval Root Request New In Progress 2260 a update Role Organization Marketing_Dept New In Progress 2261 Role Approver Update Role Organization Marketing_Dept Archived Approved Link User 01 02 2009 Request to add user to role association Kaa amp Role 14 07 34 role Organization Marketing_Dept user 84847310 Mew in Propress Remove 01 02 2009 Request to remove user to role association a a User Role 14 07 34 role Organization Marketing_Dept user 77371120 new mn pinges Remove 01 02 2009 Request to remove user to role association s a User Role 14 07 34 role Organization Marketing_Dept user 88382990 Open In Progress Request to add role to resource association Ras N a resource UGMTSYS role Organization Marketing_Dept Link Role 01 02 2009 Hew laat Resource 14 07 34 Request to remove role to resource association Remove 2266 a resource UGADGEN2 Administration New In Progress Role as Resource 01 02 2009 14 07 34 Chapter 11 Role Definition Tickets 261 Introducing the Requests Table Entity managers are assigned to an Approval Process as approvers based on the link type For example for a Delete Link User Role process t
62. Entity2 Delete Link Entity1 Entity2 Approver ticket x Add Comment a Add Attachment a View Transaction Log m View Parent a View Initiators a View Violations a View Entity1 a View Entity2 a View Consult Results toggle More information Advanced Ticket Functions see page 86 162 Portal User Guide Advanced Approval Process Ticket Functions View Initiators The View Initiators button opens the View Initiators list in a separate browser window This list in table format provides the sequence f users who that launched this post campaign Approver Process ticket For example you can find here the name of the campaign owner When a ticket has been delegated or escalated you can view the list of users who received ownership of the ticket http locathost 8080 eurekify tms ui wicket bookmarkablePage popuppagemap com eurekif Z el le http localhost 8080 eurekify tms ui wicket bookmarkablePage popuppagemap com eurekify tms web common viewParentsPage amp T Y iew Initiators UserName Organization OrganizationType Email Location Title Tailor Janet Operations Corporate 93773730 company com Operator Cooper Amos IT Security Corporate 54672910 company com IT Manager Cooper Amos IT Security Corporate 54672910 company com IT Manager a internet R100 The information provided by the View Initiators table is based on the campaign s configuration files To view the ticket s initiator list 1 Click Advan
63. Eurekify Portal 21 12 37 14 02 2009 21 12 38 14 02 2009 21 12 38 14 02 2009 21 12 38 14 02 2009 21 12 38 14 02 2009 21 12 38 14 02 2009 21 12 39 14 02 2009 21 12 40 14 02 2009 21 12 42 14 02 2009 21 12 43 14 02 2009 21 27 43 Katz Nancy DOMAIN Katz Nancy Goodman Bruce DOMAIN Goodman Bruce Allen Sherman DOMAIN Ilan Sharoni Purple Mary DOMAIN Purple Mary Katz Nancy DOMAIN Katz Nancy Cooper Amos DOMAIN Cooper Amos Herman Barbara DOMAIN Herman Barbara Levi Jay DOMAIN Levi Jay Schwarts Barry DOMAIN Schwarts Barry Allen Sherman DOMAIN Iian Sharoni Kistor Steve 53 Running a Campaign A Case Study When Steve Kistor will check his Ticket Queue he will find the new Approver ticket Ticket Properties Form Windows Internet Explorer DAR 7 http localhost 8080 eurekify tms ui wicket bookmarkablePage com eurekify tms web template Default TicketPage amp ticketId 2361 vi Campaign Reassigned Approver Ticket Id Owner Previous Owner Allen Sherman DOMA Status Pending Action Due Date 21 02 2009 00 00 00 Priority Normal v Severity Medium State Open v Modified Date 14 02 2009 21 56 43 Date Created 14 02 2009 21 27 43 Title User Certification Allen Sherman First User Audit 2009 User Certification Allen Sherman First User Audit 2009 a Close Save and Reassign Hide Selected Reassigned From Allen Sherman DOMAIN Ilan Shar
64. Home Directory gt lt Converter Directory gt The installation provides a default mapping xmI file For more information see the CA Eurekify Role amp Compliance Manager DNA Data Management User Guide Enrichment settings file Optional The data is usually downloaded from a specific endpoint You can enrich the original data by adding additional information from a second source For example you can download user information from a security related endpoint and you can then enrich the data by accessing additional data from a human resources database This data may include for example user addresses which were not available from the primary source of information For further information see Chapter 4 of the CA Eurekify Role amp Compliance Manager Sage DNA Data Management User Guide Remote system login password The password is not saved within the system settings Provide it at this point Max duration time seconds Provide an estimate of how long the import process takes This is useful when you know how long it should take and therefore a longer import time indicates that there is a problem You do not have to know exactly how long it takes You can provide an estimate The import process will end when the time specified is over Connector Java Class Select the Java Class that matches the converter you will be using to import the data from the system s endpoints Sbt classes enable the connection between the Eurekify Por
65. Manually add a comment to the ticket Add Attachment Add an attachment or URL to the ticket View Transaction Log The transaction log provides a history of the ticket related actions executed since the creation of the ticket View Parent Opens the current ticket s parent s ticket View Initiators View of list of the users who launched this ticket View Children Opens a table which provides you with information concerning all the nodes leaves that are located below the current ticket For the Approval Process Root ticket this means that you can view information concerning the various Approver Process tickets and sub subtrees generated during a Role definition Approval Process View Role Opens the role s card As the approval process focuses on a specific role this is the card that is available to you at this stage of the process More information Add Comment see page 88 Add Attachment see page 90 View Transaction Log see page 91 View Initiators see page 163 View Parent see page 163 View Entity see page 165 Chapter 11 Role Definition Tickets 273 Role Definition Main Request Parent Ticket View Children Role Definition Approval Process Role Definition Approval Processes proceed in stages During each stage the child tickets you can see when you click View Children will change During an Add Role approval process you will be able to see Stage 1 Only the Select Accountable task ticket is lis
66. Modified Date 21 12 2008 12 29 28 Date Created 21 12 2008 12 29 06 Title Resource certification User Certification Description End of year review Close Delegate Escalate Universe Portal Campaign Type USER Auto Generate Permissions Configuration Model2_ConfigWithRoles Link Filter Direct Dual Audit Card Entity Filter No Filter Attachments omments Received Owner Note X 21 12 2008 12 29 06 Eurekify Admin AD1 EAdmin Delegated to Cooper Amos Campaign Management Start Approval Processes View Campaign Progress 2 Done C internet R100 112 Portal User Guide General Campaign Ticket Functions A comment is generated stating that the campaign has been Delegated to current owner This comment appears in both the old root ticket and in the new root ticket The new root appears as the top level in the new owner s campaign ticket and as the second level in the previous owner s archived campaign ticket Ticket Queue gt Archived Tickets gt ID Title State Status Children Type Received Owner 755 E G Resource certification User Certification Archived Delegated 1 Campaign 21 12 2008 Eurekify Admin 12 28 38 AD1 EAdmin F pea Pending 21 12 2008 E Eurekify Admin AD 834 E 2 Resource certification User Certification Open Action 9 Campaign 12 29 06 Cooper Amos EAdmin l PEPI R Campaign p User Certification Eurekify Admin Resource Hidden Pending 1 Manager 22 12 2008 ce
67. Organization IT Security Organization Finance Novell HR Application RACF Developers Title Accountant Find Roles Test Compliance Description Characteristic Role 100 0 Min 40 Role By 2 Resources Characteristic Role 85 7 Min 40 Characteristic Role 50 Characteristic Role 50 Characteristic Role 100 0 Min 40 Characteristic Role 100 0 Min 40 Characteristic Role 40 0 Min 40 Characteristic Role 100 0 Min 60 Characteristic Role 50 Suggest Roles Matching Rights 10 10 10 10 10 10 1 10 1 10 HR Pattern 10 10 10 10 1 10 9 10 10 10 10 10 10 10 10 10 10 10 4 4123 gt Privileges Pattern Matching Rule Details 10 10 10 10 1 10 9 10 10 10 10 10 10 10 10 10 Details Details Details Details Details Details Details Details Details Details Records per page 10 _ 0 After making your selection s you can test the compliance of your selections with the existing BPRs and policies Violations Violations First Fifth av Applicative role Role By 2 Resources Second Third Rule license Only 5 people Only 5 people may may access role Description Score access role ADMNMGR 100 ADMNMGR licensing licensing You can decide to make the request despite any listed violations or you can amend your selections Important Remember that when selecting multiple users all role
68. Organization OrganizationType Comment Rolen Dave 98383770 Rolen Dave Finance Corporate E Progress i w 1 2 Yoham Anne 93872110 YohamAnne Silicon Valley Branch Branches Fidelity Bob 84848110 Fidelity Bob Operations Corporate Ester Roger 95477810 Ester Roger Operations Corporate Helmuth Howard 83838380 Helmuth Howard Marketing_Dept Corporate E Ange Ben 67283470 Angel Ben System Management Corporate g In the example in Figure 129 we see that the user Yoham Anne has two links that have to be reviewed and only one has been examined That is why Anne s row is still visible in the main entity table after clicking Hide Selected When the Hide Selected option is active the function menu bar changes and replaces the Hide Selected button with a Show All button Advanced CMaA Ticket Functions The Campaign Manager Approver ticket provides the following advanced functions at the bottom of the CMA s Ticket Properties From More information Add Comment see page 88 Add Attachment see page 90 View Transaction Log see page 91 View Initiators see page 150 Chapter 8 Campaign Approver Tickets 149 Advanced CMA Ticket Functions View Initiators The View Initiators button opens the View Initiators list in a separate browser window This list in table format provides the list of users that generated this Campaign Manager Approver ticket Usually you can find here the name o
69. Per Page see page 23 Chapter 13 Using Administration Functions 353 Cache Manipulation Cache Manipulation Using the Eurekify server s cache improves performance This is achieved by uploading the current Universe and configuration data to the cache Accessing the server s cache is much faster than accessing the hard drives so users can receive information more quickly than if they had to receive content from the server hard drives This section covers the following topics Loading the cache m Clearing the cache More information Load Cache see page 354 Clear Cache see page 355 Load Cache This utility is used to swiftly load a specific configuration into the Eurekify Server s memory cache Enterprise Role and Compliance Manager eureify Home Ticket Queue Dashboards Self Service Entity Browser Reports Administration Logout AD1 EAdmin Administration gt Load Cache Load Configuration to Cache Choose Configuration Choose One v To load a specific configuration into the Eurekify Server s memory cache 1 On the Administration menu click Load Cache The Load Configuration to Cache screen opens 2 Select a Configuration from the drop down list 3 Click OK 354 Portal User Guide Cache Manipulation Clear Cache This utility is used to swiftly clear the Eurekify Server s memory cache It is useful in the special case where you updated the configuration data for example changing permissions
70. Properties Form Windows Internet Explorer BE x ttp localhost 8080 eurekify tms ui wicket bookmarkablePage com eurekify tms web template DefaultTicketPage ticketId 465 K F Campaign Ticket Id 465 Owner Eurekify Admin AD1 Previous Owner Status pending Action v Due Date 01 01 2009 00 00 00 Priority Normal Severity Medium v State Open v Modified Date 16 12 2008 18 41 40 Date Created 16 12 2008 19 37 42 Title User Certify Dec 2008 User Certification Description User Certification Campaign for the end of 2008 Universe Portal Campaign Type USER Auto Generate Permissions true Configuration Model2_ConfigWithRoles Link Filter Direct Dual Audit Card Entity Filter No Filter Attachments Comments Campaign Management Start Approval Processes View Campaign Progress Add Attachment View Transaction Log View Children gt gt internet Qio 104 Portal User Guide Info tickets Campaign Ticket data and general functions Provides the ticket and campaign information This section also provides several high level functions such as Close Save Ticket Properties Form Windows Internet Explorer 7 http flocalhost 8080 eurekiFy tms ui wicket bookmarkablePage com eurekify tms web template DefaultTicketPagesticketId 465 Campaign SSS Ticket Id Owner Eurekify Admin AD1 Previous Owner ars Status pending Action Due Date 01 01 2009 00 00 00 Priority Normal Sever
71. Reject Click Yes and the Executing bar appears When done the approver ticket s status is Rejected and the ticket is archived The user whose privileges were altered by this decision receives a ticket and email notifying him of the change In the case of a role resource or role role hierarchy link the designated role resource managers are informed Enterprise Role and Compliance Manager Home Ticket Queue Dashboards Self Service Entity Browser Reports Administration Logout DOMAIN Angel Ben ID Title State Status Children Type Received Owner Previous Owner Delete Pending Link 29 01 2009 Action User 09 15 10 Role Request to delete role Organization System 1979 Management Characteristic Role 100 0 Min 40 New from Ange Ben DOMAIN Angel Ben More information Approval Process Info Tickets see page 189 Chapter 9 Approval Process Tickets 185 Approval Process Approver Tickets Approver Tickets Advanced Functions 186 Portal User Guide The Approver ticket provides the following Advanced functionality Add Comment Manually add a comment to the ticket Add Attachment Add an attachment or URL to the ticket View Transaction Log The transaction log provides a history of the ticket related actions executed since the creation of the ticket View Parent Opens the current ticket s parent s ticket View Initiators View of list of the users who launched this ticket View Violations This is d
72. Role Approval Process More information Filtering a Data Table see page 24 Select Accountable Ticket General Functions see page 284 Chapter 11 Role Definition Tickets 283 Add New Role Ticket Tree Select Accountable Ticket General Functions 284 Portal User Guide The Select Accountable Task ticket for the Self Service Request Add New Role task provides the following General functionality Close Closes the ticket Save Saves the changes made to the ticket Delegate Transfers the ticket tree to another manager Escalate Transfers the ticket tree to another manager Select Accountable Provides the new role s accountable After an accountable is selected the Continue button is enabled Continue This button is disabled until an Accountable is selected Click to continue to stage 2 of the Add New Role Approval Process More information Delegate see page 157 Escalate see page 154 Select Accountable Function see page 282 Add New Role Ticket Tree Select Accountable Ticket Advanced Functions The Select Accountable Task ticket for the Self Service Request Add New Role task provides the following Advanced functionality Add Comment Manually add a comment to the ticket Add Attachment Add an attachment or URL to the ticket View Transaction Log The transaction log provides a history of the ticket related actions executed since the creation of the ticket View Parent Opens the current ti
73. Role Modeling Methodologies Comparison Policy Verification Report Certification Progress Report to add links to your favorite reports Entity Browser Reports Administration Logout AD1 EAdmin State Status Children Type Received Owner Eurekify Admin AD1 EAdmin 21 12 2008 12 51 21 Pending Action 9 Campaign Open My Business processes Manage My Team s Role Assignments Manage My Team s Resources Assignments Chapter 5 Presenting the Home Page 65 The Reports Bar To add a report link to the list of reports displayed in the Reports Pane 1 In the Reports bar header click o The Select Links for My Reports screen opens in a separate browser window Select Links for My Reports A railable Li rk x Configuration Properties Configuration Users Attributes Configuration Roles Attributes Configuration Resources Attribut Configuration Users Full Configuration Roles Full Configuration Resources Full Overlapping Roles By Users Overlapping Roles By Resources Suspected Connections User Re M 2 In the Available Links left hand panel select one or more using Ctrl Shift of the report links Click gt to transfer the selected link s to the Selected Links pane 4 Optional To change the order of the listed links in the Selected Links pane select a link and click O50 5 To remove a report link from the Selected Links pane select the link and click B 6 When you finish making your selectio
74. Self Service task The parent ticket is always assigned to the Role manager gt Title ID 2220 E G Add Role Approval Root Request 2221 2222 2223 2224 2225 2234 2226 2227 2228 2229 2240 2230 2231 2236 2232 State Open e Corporate Security Open t Accountable to Role Corporate Security Archived S Role Approver New Role Corporate Security Archived Request to add user to role association H 3797 E ole Corporate Securty user 89213720 Open Request to add user to role association ka E G fole Corporate Securty user 54672910 may User Approval Request to add role Corporate security Role provides resources to users who areNew invol CN Request to add user to role association S Z liebe N m E ole Corporate Securty user 91236370 HS Request to add user to role association m D Mier corporate Securty usei 89123140 be equest to add user to role association le Corporate Security user 7 847310 ji a T ecd to add role to role association parent role Corporate Security child role Organization I New Approval Reque dd role Corporate Security IE Role provides resources to users who are invoked New Request to add role to resource association aS led N m E Fesource pubic role Corporate Security gij equest to add role to resource tion g amp Reuest to add role to resource association esource PUBLIC role
75. Sharoni Purple Mary DOMAIN Purple Mary Katz Nancy DOMAIN Katz Nancy Cooper Amos DOMAIN Cooper Amos Herman Barbara DOMAIN Herman Barbara Levi Jay DOMA A campaign owner can also be an approver either because the campaign owner is listed as a user s RACI Accountable or if there are users with no Accountable assigned to them they are sent to the campaign owner for approval In this case Nancy K is not only the campaign owner she is also a campaign Approver Running a Campaign A Case Study Reassigning Links to Another Approver Reviewing the campaign Approvers Nancy finds that Allen Sherman is an Approver but Allen is on vacation and is not expected to return in time to audit the users listed in his ticket Nancy decides to reassign the links in Allen s ticket to another Approver Ticket Properties Form Windows Internet Explorer 7 http localhost 8080 eurekiFy tms uif wicket bookmarkablePage com eurekiFy tms web template DefaultTicketPagesticketId 2288 Campaign Manager Approver Ticket Id Owner Allen Sherman DOMA Previous Owner Status pending Action v Due Date 21 02 2009 00 00 00 Priority Normal v Severity Medium State Hidden v Modified Date 14 02 2009 21 12 39 Date Created 14 02 2009 21 12 38 Title User Certification Allen Sherman First User Audit 2009 Description User Certification Allen Sherman First User Audit 2009 Save and Reassign Hide Selected
76. Task Title Select Accountable to Role Role Name For example Select Accountable to Role Corporate Security Description Instructions To continue please choose an accountable user to Corporate Security role GENTKT039 The More Details gt gt lt lt Less Details option provides far more information than in other parent tickets In this case you can see here a full list of the ID numbers for all the users that you or the Self Service manager requested to enroll in this role This section covers the following topics m Select Accountable Function Select Accountable Ticket General Functions Select Accountable Ticket Advanced Functions m View Violations More information The Ticket Properties Form see page 84 Select Accountable Function see page 282 Select Accountable Ticket General Functions see page 284 Select Accountable Ticket Advanced Functions see page 285 View Violations see page 286 Chapter 11 Role Definition Tickets 281 Add New Role Ticket Tree Select Accountable Function This purpose of the Select Accountable Task ticket is to select the role s manager the user who will act as the Approver whenever a request is made that is connected to this role Ticket Properties Form Windows Internet Explorer DER Eurekify Admin Previous Owner Status pending Action Severity State Open Low w e 2 SE SS SSS a A 01 02 2009 13 04 15 Date Created 01 02 2009 13 0
77. The Currently Enrolled Resources table provides the following options Remove A column of check boxes one per user Check one or more to remove the link between the selected users and the selected resources Res Name 1 Click any highlighted resource name listed in this column to open its Resource Card Depending on the type of action you wish to take you may find that after selecting the appropriate check boxes in this section you have completed the task In this case you can ignore the Other Resources and submit your requests by clicking Submit at the bottom of the Manage My Resources screen To make selections in the Currently Enrolled Resources table in the Currently Enrolled Resources table click the relevant check boxes in the Remove column At this point you can choose to m End the process at this point m Add resources If you do not want to add new resources submit your requests Manage My Resources Presenting the Other Resources Table Manage My Resources Screen Other Resources Showing 1 to 10 of 74 4 412345678 Add o Customize Test Compliance Suggest Resources This section allows you to enroll in additional resources of your choice The actual enrollment will take place following a review process In addition to managing the resources that you are currently linked to you can also request that the system provide you with a list of reco
78. Valley Branch Branches 97847110 company com Branch Officer Clerk CE internet R 100 To narrow down the number of users to choose from Nancy selects the filter Where Organization contains Silicon Valley Branch the filter is case sensitive For more information on using the filter options see Filtering a Data Table see page 24 Nancy selects to reassign the users to Kistor Steve and clicks OK Ticket Properties Form Windows Internet Explorer 7 http localhost 8080 eurekify tms ui wicket interface 10 Campaign Manager Approver Sess Ticket Id 2288 Owner Allen Sherman DOMA Previous Owner Status Completed E E i AUA Due Date 21 02 2009 00 00 00 Priority Normal Severity Medium v Hidden Modified Date 14 02 2009 21 27 45 Date Created 14 02 2009 21 12 38 Title User Certification Allen Sherman First User Audit 2009 Description User Certification Allen Sherman First User Audit 2009 Reassigned From a A 1 X d Progress Violations PersonID UserName Organization OrganizationType Comment 71 Sterling Kent 86023090 Sterling Kent Human Resources Corporate E 78 Bean Frank 99883110 Bean Frank Purchasing Corporate E 100 52 Portal User Guide Running a Campaign A Case Study As all the users have been reassigned the Approver progress bar shows that the process is 100 completed and the users have a reassign icon 75 next to them Returning to Nancy s Ticket Queue Alle
79. added settings raci create alreadyexist errcode adm002 raci configurations already exist for 0 settings raci create fail errcode adm003 failed to create raci configurations for 0 required errcode app001 field label is required iconverter errcode app002 input is not a valid type numbervalidator range errcode app003 input is not between minimum and maximum numbervalidator minimum errcode app004 input is smaller than the minimum of minimum numbervalidator maximum errcode app005 input is larger than the maximum of maximum numbervalidator positive errcode app006 input must be positive numbervalidator negative errcode app007 input must be negative stringvalidator range errcode app008 input is not between minimum and maximum characters long Chapter 15 Troubleshooting 379 Eurekify Sage Error Messages Field stringvalidator minimum errcode stringvalidator maximum errcode stringvalidator exact errcode datevalidator range errcode datevalidator minimum errcode datevalidator maximum errcode patternvalidator errcode emailaddressvalidator errcode creditcardvalidator errcode urlvalidator errcode equalinputvalidator errcode equalpasswordinputvalidator errcode user count roles alert description errcode user count resources alert description errcode role count users alert description errcode role count children alert description errcode role c
80. and added to the campaign owner s ticket Ticket Properties Form Windows Internet Explorer L http localhost 8080 eurekify tms ui wicket bookmarkablePage com eurekify tms web template DefaultTicketPage ticketId 2281 Campaign Ticket Id 2281 Owner Katz Nancy DOMAIN Previous Owner Status In Progress Due Date 21 02 2009 00 00 00 Priority Severity Medium State open Modified Date 4 92 2009 22 16 45 Date Created 14 02 2009 21 12 3 Title First User Audit 2009 User Certification Description Running the first Silicon Valley user certification campaign Universe Portal Campaign Type USER Auto Generate Permissions true Configuration Model2_ConfigWithRoles Link Filter Direct Indirect Dual Audit Card Model2_ConfigWithRolesAuditi Entity Filter No Filter Attachments omments Received Owner Note X 14 02 2009 22 16 45 Katz Nancy DOMAIN Katz Nancy Reminder was sent to 8 approvers Campaign Management Approval Processes Send Reminder 58 Portal User Guide Running a Campaign A Case Study Examining a User s Links When the campaign owner is also a user manager he will be assigned a Campaign Manager Approver ticket CMA ticket with links to roles and resources that have to be reviewed Nancy is also an Approver in this campaign and the number of Children listed is four indicating that she has to review links associated with four users Ticket Propertie
81. another manager Escalate Transfers the info ticket to another manager Acknowledge Click after reading the information provided by the info ticket The info ticket is archived Click Acknowledge to end the process The info ticket is archived Search Customize Refresh gt mp P 1970 1971 1973 1976 1977 Title State Status Children Type Received Owner Approval 26 01 2009 Root 17 12 39 Request to remove user to role association Delete 56 91 2099 Cooper Amos E amp role Organization System Management Characteristic Archived Completed Link 17 12 39 DOMAIN Cooper Rol User Role T Amos User Approval Request to delete role Delete 26 01 2009 Cooper Amos Ed Organization System Management Characteristic Archived Approved 17 12 57 DOMAIN Cooper Role 100 0 User Role T Amos Role Approval Request to delete role 26 01 2009 Steiven Pat Es Organization System Management Characteristic Archived Approved 17 12 57 DOMAIN Steiven Role 100 0 User Role T Pat _ Request to delete role Organization System Delete 29 01 2009 Cooper Amos B Management Characteristic Role 100 0 Min Archived Completed Link 09 15 10 DOMAIN Cooper User Role A El amp Link of Team to Role s Approval Root Request Open In Progress Cooper Amos More information Delegate see page 157 Escalate see page 154 Chapter 9 Approval Process Tickets 191 Approval Process Info Tickets Advanced Approval Process Info Tic
82. are generated by campaigns They contain the list of links that need to be audited as part of the campaign Chapter 9 Post campaign Approval Process Tickets These tickets provide a final review of any link that was rejected during the campaign Chapter 11 Self Service Provisioning Tickets These tickets provide a final review of Self Service requests m Severing an existing link m Adding a new link Chapter 12 Role definition tickets These tickets provide a final review of role definition requests Defining a new role a Updating the definition of an existing role This section contains the following topics Ticket Life Cycle see page 71 Ticket Tables see page 76 Administrator View User View see page 83 The Ticket Properties Form see page 84 Info tickets See page 92 Ticket Life Cycle Ticket Life Cycle The ticket s purpose and functionality governs its life cycle A ticket life cycle can be very simple or extremely complex You can gain information on a specific ticket s current situation by checking the fields State and Status either in the Ticket Queue table see page 76 or in the Ticket Properties Form window see page 84 Tickets are generated by the system and sent to their designated owner state New Status Pending Action Once they are opened even if no action has been taken the ticket state changes to Open Depending on the ticket type other types of action may be poss
83. being reviewed Enterprise Role and Compliance Manager Home Ticket Queue Dashboards Self Service ID Title 1158 E G User Review Approval Root Request Request to remove user to resource association E G resource UGMPBR RACFPROD RACF22 Production RACHIT User Approval Request to delete resource 1159 1199 user Joe Dass _ Resource Approval Request to delete resource 1200 user Joe Entity Browser S UGMPER RACFPROD RACF22 Production RACF fromOpen S UGMPBR RACFPROD RACF22 Production RACF fromNew Reports State Status Children Open In Progress Open In Progress Pending Action Pending Action Chapter 9 Approval Process Tickets Type Approval Root Delete Link User Resource Delete Link User Resource Delete Link User Resource Administration Received Owner Previous Owner 29 12 2008 13 46 29 29 12 2008 13 46 30 Eurekify Admin Eurekify Admin AD1 EAdmin 29 12 2008 13 47 21 Eurekify Admin AD1 EAdmin 29 12 2008 Keren Cindy 13 47 21 Cindy DOMAIN Keren 167 Approval Process Root Ticket Note Under some circumstances only a single ticket is located below a Rejected Link Parent ticket The ticket is then a Notification ticket that informs you of the reason why the expected approver tickets are not present When you click the ticket title you open the Ticket Properties Form in a separate browser window Ticket Properties Form Windo
84. ccc eee eee oterao S cece eeee eens RRR RRR 21 The Entity Card csscccscdedes cecde and eboebeuigid EN E R N eee Edson w ees eee eae 28 NIG sweets nerden daw eons E TEE Sines aeaee n Mae ead kena s Seve se eae eee ese 35 HOME L i E ule E A EA 35 Ticket Q e e Men 235 oicecdeedscet hv csc EEEE ade E EERO gout E E RR E E eee ee 36 Dashboards L 1 cc5 vee raw nase Sees BLOM Seo WES e ese E NCEA TERET RAMEE AEE Gees 36 Self Service Men lt w 0s 0 0 R K Gaede dh RAR KR R RR edhe KRE RR RRR ace deen aed dd 36 Entity lt rel LT 2 2206 o 20de0hheu8eoteoeaatdd Sovtrs nde dor eseeeeoud shee A E het eteeaeares 37 Reports M nu 2c204 0560000 cbc ected bb E bashes Ue dceesd ble sasesed EOE 37 Administration Menu vc ccevesevense aed tenes dee Mee oad Ghee ee Mace sae ET A dees 38 User Interface for Non Administrators 2 cece cece ene teen eee eeeneee 39 Chapter 3 Getting Started 41 Introducing Entities and LINKS X NK KR 0 XN NKRA K nn R R NR KK N RAN RRAS RANN NTR ees 42 Step 1 Creating a Universe 5 2 0 20000005 cee ce ee RRR ee ee eee ete eee ee RR RRR RRR RRR N 43 Step 2 Creating Import Connectors 0 6 een eee cnet eee n eee eens 44 Step 3 Importing Entity Data ee nn ene nener tenet eee n eens 45 Step 4 Generating Master Model Configurations 0 ccc ccc ce cee eee tenn een enes 45 Step 5 Creating a Campaign 0 nen eee n nett tenet eee e eens 46 Step 6 Exporting Entity Data 22 22
85. click Create New the Edit Property screen opens Save is disabled The reason is that for security reasons when you edit a property key the change is not saved directly to the properties file Instead the updated property key value is saved to the CA Eurekify Role amp Compliance Manager database The Eurekify Portal provides you with two databases to store your update key values DB_dynamic_properties The change is immediate You do not have to wait for the server to go offline to update the property values DB_static_properties The change will take place the next time that the server is restarted Chapter 13 Using Administration Functions 359 Properties Settings To create a new property key 1 In the Eurekify Properties page enter a name of a property key in the text box under Properties 2 Click Create New The Edit Property screen opens Enter a Property Value in the text box 4 Select a database Type from the drop down list Click Save The new property appears in the Properties Property Key approvals configuration updateResource minimumLinks Property Value Po Type Choose One Save Cancel Editing a Property Key Following system changes you may need to update the value of a property key For example if you change the name of the SMTP email server used by your corporation to send out emails When you click Edit next to an existing property key the Edit Property screen opens Pr
86. click Mange My Team s Role Assignments on the Self Service menu The Manage My Team s Roles screen opens 204 Portal User Guide Manage My Team s Role Assignments More information Customizing a Data Table see page 22 Presenting the General Section MMT Role Screen see page 205 Presenting the Users Table MMT Role Screen see page 206 Presenting the Currently Enrolled Roles Table Manage My Roles Screen see page 208 Presenting the Other Roles Table MMT Role Screen see page 210 Presenting the General Section MMT Role Screen Enterprise Role and Compliance Manager eure K ify Home Ticket Queue Dashboards Self Service Entity Browser Reports Administration Logout AD1 EAdmin Self Service gt Manage My Team s Role Assignments Business Area Business Process Description Fifth Ave Branch Universe Portal x Branch roles Adding relevant roles to users listed as Fifth Ave Branch The General section of the Managing My Team s Roles screen contains the following fields Universe Select the Universe you wish to work with The users table and the available roles depend on the universe Business Area General information descriptive This information will appear in the Description field of the ensuing Self Service Approval Root ticket Business Process General information descriptive This information will appear in the Description field of the ens
87. client tool s 19 44 45 315 327 336 340 344 357 364 366 374 393 Due Date e 85 110 315 Index 423 Email e 48 399 Entity Browser e 15 35 37 309 311 312 313 314 407 Escalate e 71 95 98 113 116 155 156 171 177 180 193 267 273 286 290 293 296 303 306 347 349 374 Eurekify cfg s 315 364 374 375 376 Export Connector e 46 336 338 344 F Filter e 24 80 81 112 144 353 358 362 374 376 377 G Gfilter e 376 H Home Page e 17 19 35 63 65 67 340 344 407 Import Connector s 41 336 338 340 Indirect Link s 323 Info ticket s 64 72 93 95 100 153 186 187 193 M Master s 41 43 46 315 328 330 364 393 Model s 41 43 46 133 153 259 328 330 393 P Permissions e 39 84 112 315 372 Properties s 38 55 64 69 71 72 77 84 85 87 89 91 92 96 98 109 110 112 113 114 116 119 120 121 124 127 128 129 130 133 136 138 144 151 152 155 156 159 163 165 166 169 174 180 265 269 290 296 298 306 315 358 360 361 362 407 R RACI e 31 33 38 45 48 133 153 259 282 315 328 330 364 366 367 379 407 Reassign e 138 144 149 399 Reminder e 57 119 127 424 Portal User Guide Reports e 19 35 37 63 65 407 S Scheduler lt 347 351 353 407 Search e 80 81 Security e 269 282 292 Self Service e 15 35 36 39 61 67 69 72 259 265 269 278 282 286 287 288 290 292 2
88. completed a Requests screen opens This screen has two tables m Attributes Attributes Role Name Organization Marketing_Dept Value Characteristic Role 100 0 Min 40 99883135 Org Role Marketing Dept Organization Corporate Organization Marketing_Dept Name Goid Wiliam 84847310 Goid Wiliam 84847310 Resource UGMTSYS RACFTEST RACF22 Test RACF UGMTSYS RACFTEST RACF22 Test RACF Devin Roger 88382990 Devin Roger 88382990 Garr Jim 1120 Garr Jim 77371120 GADGEN2 Administration ROOT NOVELADM Novell Active UGADGEN2 Administration ROOT NOVELADM Novel Active U Remove Resource p ectory Admin2 Directory Admin2 The next step is to submit all the requests for review by the relevant entity managers This process is known as an Approval Process Self Service role definition tasks are focused on the system s roles and the possibility of enrolling users in those roles assigning them various resources and creating hierarchal connections between different roles or on the possibility of severing an existing link between a role and another entity Therefore during the Approval Process review tickets are generated for both the role and the linked user resource role hierarchal This process is started by the manager who made the Self Service request the Self Service Manager When an instruction to begin an Approval Process is given the CA Eurekify Role amp Compliance Manager generates a hierarchal Appr
89. field Configuration user manager field Configuration role manager field Configuration resource manager field Audit settings file Save Cancel Master2_ConfigWithRoles Model2_ConfigWithRoles Choose One v LoginID email UserName Organization OrganizationType Country Location Title Cost Center Suspended ManagerlD email LoginID 8 Select the Configuration lt data gt login email user manager role manager and resource manager fields from the drop down lists 9 Optional Select an Audit settings file from the drop down list 10 Click Save The universe is created and will appear in the Universe List Note Sometime an issue exists for historical reasons that causes a message to appear At the bottom of the message you are asked if you want to auto repair the issues in this message Always click Yes Setting a Universe Enterprise Role and Compliance Manager eurekify Home Ticket Queue Dashboards Self Service Entity Browser Reports Administration The following issues were found GENUST014 1 the model configuration Model2_ConfigWithRoles A is not read only GENUSTO11 2 the model configuration Model2_ConfigWithRoles_A has a parent configuration GEN 3 the model configuration Model2_ ConfigWithRoles A is not logged GENUSTO13 would you like to auto fix them GENUSTO015 Logout AD1 EAdmin 11 Click Yes to auto fix the issues listed in this error message T
90. function opens a separate browser window where you can see a listing of all the campaign s approvers and view the progress they have made graphically numerically and in percentages Campaign Progress Windows Internet Explorer Approver Name Progress Completed AD1 EAdmin Eurekify Admin 0 6 0 DOMAIN Herman Barbara Herman Barbara f i l 0 202 0 DOMAIN Purple Mary Purple Mary 0 96 0 DOMAIN Goodmen Bruce Goodman Bruce S f i 0 26 0 DOMAIN Cooper Amos Cooper Amos 0 177 0 DOMAIN Schwarts Barry Schwarts Barry o 0 18 0 DOMAIN Katz Nancy Katz Nancy 18 38 47 DOMAIN Levi Jay Levi Jay 0 62 0 DOMAIN Ilan Sharoni Allen Sherman 0 13 0 La Ko Internet Chapter 7 Running Campaign owner Tickets 123 Campaign Management Functions 124 Portal User Guide The header of this window contains the following information Title Progress Provides the name of the campaign ticket Universe Provides the name of the universe on which the campaign is being run Configuration Provides the name of the configuration on which the campaign is being run The progress table contains the following columns Approver The Approver ID Name The Approver name Progress A graphical presentation of the amount of progress each Approver has made Completed Shows numerically of links have been audited total of links to be audited for example 0 40 means that none of th
91. gt lt label gt Certification Progress Report lt label gt lt data gt com eurekify w eb reports parameters campaign CertificationProgressParametersPage lt data gt lt checkPermission gt true lt checkPermission gt lt tag gt lt tag gt lt tag gt lt tag id Administration gt lt type gt mark lt type gt lt label gt Administration lt label gt lt data gt com eurekify web AdministrationPage lt data gt lt checkPermission gt true lt checkPermission gt lt tag id SetCampaign gt lt type gt internal lt type gt lt label gt Add Campaign lt label gt lt data gt com eurekify web campaign SetCampaignPage lt data gt lt checkPermission gt false lt checkPermission gt lt tag gt lt tag id ScheduledTasksPage gt lt type gt internal lt type gt lt label gt Job Scheduler lt label gt lt data gt com eurekify web ScheduledT asksPage lt data gt lt checkPermission gt true lt checkPermission gt lt tag gt lt tag id TxLogPage gt lt type gt internal lt type gt lt label gt T xLog Page lt label gt lt data gt com eurekify web T xLogPage lt data gt lt checkPermission gt true lt checkPermission gt lt tag gt Appendix C Portal Structure XML 411 Sample Portal Structure XML lt tag id LoadC acheP age gt lt type gt internal lt type gt lt label gt Load Cache lt label gt lt data gt com eurekify web LoadCachePage lt data gt lt tag gt lt tag id ClearCachesPage
92. gt lt type gt internal lt type gt lt label gt Clear Cache lt label gt lt data gt com eurekify web ClearC achesPage lt data gt lt tag gt lt tag id CreateRaciPage gt lt type gt internal lt type gt lt label gt Create RACI lt label gt lt data gt com eurekify web CreateRaciPage lt data gt lt checkPermission gt true lt checkPermission gt lt tag gt lt tag id SyncRaciPage gt lt type gt internal lt type gt lt label gt Syne RACI lt label gt lt data gt com eurekify web S yncRaciPage lt data gt lt checkPermission gt true lt checkPermission gt lt tag gt lt tag id TmsAdmin gt lt type gt external lt type gt lt label gt TMS Administration lt label gt lt data gt SAGE_SERVICE_URL tms ui admin lt data gt lt checkPermission gt true lt checkPermission gt lt tag gt lt tag id Settings gt lt type gt internal lt type gt lt label gt Settings lt label gt lt checkPermission gt true lt checkPermission gt lt tag id ConnectorSettings gt lt type gt internal lt type gt lt label gt Connector Settings lt label gt lt data gt com eurekify w eb settings ConnectorsSettingsPage lt data gt lt checkPermission gt true lt checkPermission gt lt tag gt lt tag id UniversesSettings gt lt type gt internal lt type gt lt label gt Universe Settings lt label gt lt data gt com eurekify w eb settings UniversesSettingsPage lt data gt lt checkPermission gt tr
93. http localhost 8080 eurekify tms ui wicket bookmarkablePage com eurekify tms web template Default TicketPage amp ticketId 1922 Delete Link User Resource Ticket Id 1922 Owner Previous Owner Cooper Amos DOMAJ Status In Progress v Due Date 21 01 2009 23 27 19 Priority Low Severity Minimal w State New Modified Date 21 01 2009 18 37 01 Date Created 21 01 2009 18 37 0 9 Request to remove user to resource association resource office2003 2003 WinNT MS office2003 user Keren Cindy 772924507 Description fe to remove user to resource association resource office2003 2003 WinNT MS office2003 user Keren Cindy 77292450 Request was submitted on Universe Portal from Resource certification Model2_ConfigWithRoles 77292450 office2003 2003 WinNT Owner Note X 21 01 2009 18 37 01 Cooper Amos DOMAIN Cooper Amos Delegated to Tailor Janet Advanced Chapter 9 Approval Process Tickets 157 General Approval Process Ticket Functions When a ticket is delegated a new ticket is generated with the new owner listed in the Owner field and the manager who delegated the ticket is listed in the Previous Owner field A comment is generated stating that the campaign has been Delegated to current owner This comment appears in both the old root ticket and in the new root ticket When viewed in the original ticket owner s Archive screen Ticket Queue Archived tickets the old ticket and the new
94. links in order to create the campaign s tickets When this option is disabled you will see a progress bar that shows the percentage of progress at any moment Adding Campaigns To add a certification campaign 1 R Oe D1 12 13 14 On the Administration menu click Add Campaign The Certification Campaign screen opens Provide a unique Campaign name Enter a Description In the Due date box enter a date or click the calendar icon and select a date In the Universe list type or select a universe In the Configuration list type or select a configuration Optional In the Audit Card list select an audit card In the Campaign Type list type or select a campaign type Select the relevant Privileges to Certify check boxes Direct Dual Indirect Clear the check boxes you want to disable Optional Select the Only use links from audit card check box 11 Optional Select the Only use links not in audit card check box Note Be sure to select either Only user links from audit card check box or the Only use links not in audit card check box You can select to ignore both options but you cannot enable both Recommended Select the Automatically provision campaign permissions check box Optional Select the Don t wait for ticket processing check box Click Create the Campaign Chapter 13 Using Administration Functions 319 Adding Campaigns The campaign has been created and a ticket will b
95. lt checkPermission gt false lt checkPermission gt lt tag id MailCheckup gt lt type gt internal lt type gt lt label gt SMTP Checkup lt label gt lt data gt com eurekify web checkup CheckupPage lt data gt lt checkPermission gt true lt checkPermission gt lt tag gt lt tag gt lt tag gt lt portal gt Sample Portal Structure XML Appendix C Portal Structure XML 413 Appendix D Eurekify Sage Configuration Data Formats Eurekify Sage uses three separate but related files in text based comma separated format to represent a configuration These files are m Users database file m Resources database file Configuration file The users and resources database files contain the basic features of users and resources The configuration file contains the dynamic parts of a configuration that is the roles and relationships connections This section contains the following topics Users Database File see page 415 Resource Database File see page 416 Configuration File see page 416 Users Database File Each user is represented in this file by one line which includes comma separated values for the following fields in this order m PersonID the key m User name Organization name Organization type m Additional fields optional Up to 6 additional fields per user Example 234A745 Tony O Smith Sales US West Coast Sales San Francisco 234A111 5 373B234 Mark W Johnson San Jose
96. m G Request to remove user to resource association resource e mail outlook WinNT MS email user Ker Request to remove user to resource association E G resource office2003 2003 WinNT MS office2003 use Request to remove user to resource association E 12 resource office2003 2003 WinNT MS office2003 use User Approval Request to delete resource IS office2003 2003 WinNT MS office2003 from user Keren Cindy ra Resource Approval Request to delete resource State Open New Archived Archived New Status Children None In Progress Completed In Progress Delegated In Progress Pending Action Pendina Type Received Delete Link 21 01 2009 User Role 18 28 10 Approval 21 01 2009 Root 18 27 19 Delete Link User Resource Delete Link User Resource Delete Link User Resource Delete Link User Resource Delete Link User Resource Delete Link 21 01 2009 18 27 19 21 01 2009 18 27 19 21 01 2009 18 27 19 21 01 2009 18 37 01 21 01 2009 18 28 12 21 01 2009 Owner Cooper Amos DOMAIN Cooper Amos Previous Owner Cooper Amos Cooper Amos DOMAIN Cooper Amos Cooper Amos DOMAIN Cooper Amos Cooper Amos DOMAIN Cooper Amos Cooper Amos DOMAIN Cooper Amos Tailor Janet Tailor Janet Flag Lee Find De General Approval Process Ticket Functions If the ticket that you chose to transfer is a
97. message appears MS Administration Page Delete All Tickets Delete All Tickets and Ticket Types Delete All Tickets succeeded More information Tickets and the Ticket Queue see page 69 System Checkup System checkup is an administrative tool that allows you to examine whether certain processes are working correctly At this time you can only check whether the Eurekify Portal s SMTP process is working correctly Enterprise Role and Compliance Manager Home Ticket Queue Dashboards Self Service Entity Browser Reports Administration out AD1 EAdmin Administration gt System Checkup SMTP Checkup Chapter 13 Using Administration Functions 367 System Checkup 368 Portal User Guide S MTP Checkup allows you to check two email systems TMS The Ticket Management System s email connections APP General Eurekify Portal email connections Administration gt System Checkup gt SMTP Checkup Checkup Options Send Mail Tms Send Mail App To perform an SMTP checkup 1 On the Administration menu click System Checkup A list of System Checkup options appears Click SMTP Checkup The Checkup Options screen opens To check the TMS email system Enter an email address in the Send Mail TMS box To check the App email system Enter an email address in the Send Mail App Click Send The Executing bar appears Check the email box to see if the email arrived If an email does not arrive th
98. name and path of the Enrichment Settings file Enter the Remote system login password for accessing the endpoint Provide an upper estimate in seconds for the Max duration time Select the appropriate converter s Connector Java Class Select the default Workflow process name Select the default import Ticket Type Select the Priority Select the Severity When the new import connector is created it appears in the Connector Settings Import table More information Tickets and the Ticket Queue see page 69 Chapter 13 Using Administration Functions 34 Setting Connectors Creating a New Export Connector Connectors utilize the Eurekify Sage converters to export data to the system s endpoints You will need to know which converter you intend to use and the name and location of the settings xml file and the mapping xml file for this converter For further information see the CA Eurekify Role amp Compliance Manager Sage Data Management User Guide Export client name Description Universe Choose One X Settings XML file Mapping XML file Remote system login password Max duration time seconds Connector Java Class Choose One Workflow process name Choose One Ticket Type Choose One Priority SAGE Normal Severity SAGE Medium 342 Portal User Guide Export client name Provide a name for the export connector Description Provide a descripti
99. of 69 4 41234567 Add Person ID Name Organization Organization Type Oo 98383770 Rolen Dave Finance Corporate 84847310 Goid Wiliam Human Resources Corporate 88311130 Goodman Bruce Marketing_Dept Corporate 67565330 Schwarts Barry Human Resources Corporate 83838380 Helmuth Howard Marketing_Dept Corporate 93773730 Tailor Janet Operations Corporate 58723810 Miles Buyer Purchasing Corporate 91724340 Hope Collin Finance Corporate 95477810 Ester Roger Operations Corporate 45489940 Steiven Pat System Management Corporate Customize E fio m To see which resources are used by the selected users click here Suggest Resources the results are in the Resources table Role Hierarchy Copyright C 2008 Eurekify All Rights Reserved Build 08 11 26 01 246 Portal User Guide Note The users marked with a green dot next to their table are users that are accountable to you RACI This screen is divided into three sections m Resources m Users m Role Hierarchy which can expand into two sections m Parent Roles m Children Roles Role Hierarchy Find Parent R Parent Roles Organization Human Resources RACF Public access Organization Application Development Title Operator Sales Team Organization Database Administrators Organization System Management Organization Stamford
100. of Year Resource Review Resource Certification New Action 5 Campaign 16 20 34 AD1 EAdmin dew r Approval 29 12 2008 P 1158 E User Review Approval Root Request Open In Progress 17 Root 13 46 29 Eurekify Admin Pending 25 12 2008 Eurekify Admin 1111 E Role Review Role Certification Open Action 15 Campaign 19 24 11 AD1 EAdmin 916 E Role Checkup Role Certification Open In Progress 15 Campaign 23 12 2008 Logout AD1 EAdmin The tickets are displayed in table format The table is fully customizable and you can use the Customize function to select the columns fields that will appear in the tables and their order Enterprise Role and Compliance Manager Home Ticket Queue Dashboards Self Service Entity Browser Reports Administration Ticket Queue gt Open New Done Tickets Logout DOMAIN Cooper Amos gt ID Title State Status Children Type Received Owner Previous Owner Campaign Cooper Amos 872 B user Certification Cooper Amos User Review New berze 19 Manager iy 08 DOMAIN Cooper Approver Amos Pending 21 12 2008 Eurekify Admin AD1 834 E Resource certification User Certification Open Action 9 Campaign 12 29 06 Cooper Amos EAdmin The default structure of the Ticket Queue table contains the following columns Field Description gt Marks an overdue ticket Ticket ID Each ticket has a distinct ticket ID number Title The ticket title State The ticket s state Status The ticket s status 78 Portal
101. on errcode settings strings universes errors namealreadyexi st errcode settings strings universes errors missingmaster errcode settings strings universes errors missingmodel errcode settings strings universes errors missingauditset tingsfile errcode settings strings universes errors masterisnotread only errcode settings strings universes errors masterhasparen t errcode settings strings universes errors masternotlogge d errcode settings strings universes errors modelisnotread only errcode settings strings universes errors modelhasparent errcode settings strings universes errors modelnotlogged errcode settings strings universes errors errorswasfound errcode settings strings universes errors wouldliketoauto fix errcode 388 Portal User Guide Code tms031 txd001 txs002 ust001 ust002 ust003 ust004 ust005 ust006 ust007 ust008 ust009 ust010 ust011 ust012 ust013 ust014 ust015 Description workpoint database connection is closed failed to run 0 please watch log files failed to run 0 please watch log files warning master and model configurations are the same missing name field missing description field duplicate name name already in use missing master configuration name field missing model configuration name field was unable to find the audit settings file 0 the master configuration
102. owner Each approval process has only one root ticket Rejected Link Parent Ticket This is a Delete Link Entity1 Entity2 ticket This ticket belongs to the campaign owner This node is the parent of the actual approval process Approver tickets that are sent to the Approvers The number of sub trees of this type present in an approval process tree depends on the number of rejected links being processed Approver Tickets This is a Delete Link Entity1 Entity2 ticket Two tickets of this kind are generated one for each entity manager per each rejected link For example when the rejected link is a user role link then one ticket will go to the user s manager and the second ticket will go to the role s manager Logout AD1 EAdmin Enterprise Role and Compliance Manager Ticket Queue Dashboards Self Service Entity Browser Reports Administration State Status Children Type Received Owner Previous Owner Approval 29 12 2008 Root 13 46 29 Delete Link User Resource Delete Link User Resource Delete Link User Resource 1158 E Gi user Re proval Root Request Open In Progress 17 Eurekify Admin Reque move user to resource association 1159 e UGMPBR RACFPROD RACF22 Production Open 29 12 2008 Eurekify Admin 1 In Progress 3 46 30 AD1 EAdmin User Approval Request to delete resource 1199 S uM CFPROD RACF22 Production RACF fromOpen Pending Action 29 12 2008 Eurekify Admin 13 47 21 AD1 EAdmin
103. reviewed and confirmed during the Approval Process by the link s entity managers For example when a link between a user and a role that has been rejected both the user s manager and the role s manager have to confirm that this link should be rejected Only then is the decision final Users whose links are rejected will be informed of the rejection 1Y X d Progress Violations PersonID aaa me 4 7 EEEE Free Georgia Marketing S FRP a L 0 9 ad Devin Roger Marketing Roles 3 E Resources 6 4 X Namel Name2 Name3 Violations Description Marketing Sun Server ucisusr UNXMARKT Solaris26 n D M D marketing Sun Sewer UNXMARKT Solaris26 m m m Public UNXMARKT Solaris26 1 10 by 06 R Marketing Sun Note You can reject all the links listed in a specific link table at once by clicking the column label X for that link table To reject a user link 1 In the Ticket Properties Form click next to the user you want to audit The associated Roles and Resources tables appear 2 Click the check box in the column next to the user s role s and or resource s that you want to reject Click Save 4 The selected links have been rejected and the relative progress made is reported on the Approver Progress bar The system default accepts the rejection as final only after the Approval Process Note Replace user in the above procedure with either resource or role for instructions on how to reject Role lin
104. roles and resources Improper entitlements can be rejected Role A campaign in which the approvers certify the connection of the roles under their management The certification is with regard to the role s linked users and resources The certification also examines role to role hierarchal links Improper entitlements can be rejected Resource A campaign in which the approvers certify the connection of the resources under their management The certification is with regard to the resource s linked users and roles Improper entitlements can be rejected Privileges to Certify Select one or more from the following possibilities Direct Certify only direct links between entities Dual Certify dual links see Glossary for further information Indirect Certify indirect links for example hierarchal links see Glossary for further information Indirect links cannot be rejected during a campaign Chapter 13 Using Administration Functions 317 Adding Campaigns 318 Portal User Guide Only use links from audit card Optional Select to enable this option Sets the campaign to display only users and their links who have violations listed in the Audit Card Only use links not in audit card Optional Select to enable this option Sets the campaign to display only users and their links which do not appear in the AuditCard This is useful in case the AuditCard represents Approved Violations Permissions Override the Eu
105. root ticket A ticket Self Service Approval Approval Root Process Root ticket generated when a self service process requires approval from entity managers For more information see Running Self Service Tasks see page 193 Self Service Request Link Parent ticket Entity1 Entity2 Delete Link Entity1 Entity2 Update Role This ticket is the specific Self Service request manager ticket For each set of Approver tickets generated for a Self Service request and sent to the link s entity managers there is a parent ticket thus creating a sub tree for each rejected link For more information see Running Self Service Tasks_ see page 193 and Role Definition Tickets see page 257 Self Service Link Approver Ticket Entity1 Entity2 Delete Link Entity1 Entity2 The Approver tickets generated when a self serviced process requires approval from entity managers For more information see Running Self Service Tasks see page 193 Update Role Chapter 6 Tickets and the Ticket Queue 73 Ticket Life Cycle Name Self Service Consult Ticket Type s Description Link The ticket generated when a self serviced process Entity 1 Entity2 Approver wishes to consult another user regarding ticket Task Notification Import Export ticket Error ticket Ticket State 74 Portal User Guide the specific request For more information see Derre Cink Running Self Service Tasks see page 193
106. security parameters located in the eurekify properties file governs the necessity of using a password to obtain access to the Eurekify Portal sage security disable ADAuthentication true When this property is set to True the user does not have to use his her established password in order to log in to the Eurekify Portal and any alphanumeric combination will allow them to gain entry When the property is set to False only registered passwords will provide access to the Eurekify Portal This means that there has to be a corporate Active Directory server that has a list of all the users and their passwords When a user attempts to log in the user and password are sent to the Active Directory server for authentication When sending the user login and password data it is recommended that this data be encrypted The security parameter located in the eurekify properties file is sage security disable ss ADAuthentication true When this is set to True SSL authentication is disabled SSL or Secure Sockets Layer technology enables encryption of sensitive information during transactions When the parameter is set to False that is SSL encryption is enabled you have to also supply the keystore file sage security eurekify keyStore file The keystore file is a database that stores the private and public keys necessary for SSL encryption and decoding Chapter 14 About Security amp Permissions 371 Permissions Permissions Wh
107. table At this point you can choose to m Manage the current enrollment list a Add additional roles to the selected users a Do both If you do not want to manage the currently enrolled roles skip to add roles to the selected users More information Customizing a Data Table see page 22 Filtering a Data Table see page 24 Setting the Number of Records Per Page see page 23 Presenting the Currently Enrolled Roles Table Manage My Roles Screen This section allows you to manage the current roles enrollment for your selected users The options available to you depend on how many users you have selected for the current action In the case of single user selection click Get Roles You will now be able to view the list of roles linked to your selected user Currently Enrolled Roles Add Remove 208 Portal User Guide Role Name Description Type Organization Rule Owner BASIC ROLE Basic role for all users that have ar Role Enterprise No Rule 82922230 access to IT Database Organization Database Administrators Administrators Title DB Developer Characteristic Role 50 Org Role Title DB Developer Title DB Developer 77371120 Org Role 99883135 Organization Database Characteristic Role 100 0 Min Administrators 40 Manage My Team s Role Assignments In this case the only option available to you in this section is to select the Remove check box next to a role thereby sever
108. that have access to IT Org Role Enterprise No Rule 82922230 Organization Operations Characteristic Role 100 0 Min 40 Org Role Operations Organiation Operations 64646410 The Currently Enrolled Roles table for the Manage My Roles task provides only option to select a Remove check box next to a role thereby severing the link between you and the selected role The Currently Enrolled Roles table provides the following functionality Add A column of check boxes one per role This column is inactive in this screen Remove A column of check boxes one per user Check one or more to remove the link between the selected users and the selected roles Role Name Click any highlighted role name listed in this column to open its Role Card Depending on the type of action you wish to take you may find that after selecting the appropriate check boxes in this section you have completed the task In this case you can ignore the instructions in the Other Roles and submit your requests by clicking Submit at the bottom of the Manage My Roles screen To make selections in the Currently Enrolled Roles table in the Currently Enrolled Roles table click the relevant check boxes in the Remove column At this point you can choose to End the process at this point Add roles If you do not want to add new roles submit your requests Chapter 10 Running Self Service Tasks 217 Manage My Role Assignments More inf
109. the campaign type For example for a user certification campaign user managers will be assigned as approvers Users can become approvers for other users only if the Approver s name appears in the manager column of the Universe s Model configuration files for the specific user Users can become approvers for Roles and or Resources only if they are listed in the configuration s RACI presentation under Accountable that is a specific user becomes accountable for a specific entity Therefore if you are listed as an entity manager you will receive Approver tickets when an administrator runs a campaign targeting your entity Chapter 8 Campaign Approver Tickets 131 Campaign Approver Tickets As an approver your job is to review the links between the entity you are managing and the corresponding entity types The information appears in the CMA ticket as trees of links where the campaign s entity type and the linked entities are presented in a nested arrangement This means that if you are a role manager and you received a CMA ticket as part of a Role campaign you will see lists of roles that can be expanded to show the nested entity links with Users Resources Child Roles and Parent Roles Campaign Manager Approver Ticket Id Due Date 1122 Owner Keren Cindy DOMAIN Previous Owner Pending Action lt 15 01 2009 00 00 00 Priority Normal lt Severity Medium Hidden E Modified Date 25 12 2008 19 24 13 Date Created 25 12 2008
110. the model configuration Modell ConfigWithRoles has a p 5 the model configuration Modell ConfigWithRoles is not would you like to auto fix them GENUSTO15 Click Yes to auto fix the issues listed in this error message The Please Wait bar appears When the job is completed the new universe appears in the Universes list Setting a Universe Deleting a Universe To delete a Universe 1 Click Delete next to the Universe you want to edit A warning screen opens Are you sure you want to delete lt Universe gt 2 Click Yes to delete the universe Chapter 13 Using Administration Functions 333 Setting Connectors Setting Connectors 334 Portal User Guide Connectors are defined for specific converters which are service programs necessary for importing and exporting user and user privileges information entities and the links between them from corporate security systems into CA Eurekify Role amp Compliance Manager Import Export processes can be performed either from the Eurekify Sage DNA Data Management DM client tool or through the Eurekify Portal User and user privileges information can be imported directly into Eurekify Sage by using the Import option on the CA Eurekify Role amp Compliance Manager Sage DNA Data Management DM menu bar see Chapter 2 in the CA Eurekify Role amp Compliance Manager Sage DNA Data Management manual This option enables importing Active Directory CSV RACF or SQL files into E
111. the roles currently linked to the members of your team you can also request that the system provide a list of recommended roles for your selected users This list of roles will be displayed in the section Other Roles Other Roles Showing 1 to 10 of 27 Add Oo m Customize Role Name Organization Human Resources RACF Public access Organization Application Development Title Operator Sales Team Organization System Management Organization Stamford Branch Title Branch Manager Organization Marketing_Dept RACF Developers Find Roles Test Compliance 210 Portal User Guide Description Characteristic Role 85 7 Min 40 Characteristic Role 100 0 Min 60 Characteristic Role 100 0 Min 40 Characteristic Role 50 Role By 2 Users Characteristic Role 100 0 Min 40 Characteristic Role 100 0 Min 40 Characteristic Role 50 Characteristic Role 100 0 Min 40 Characteristic Role 100 0 Min 60 Suggest Roles Type Org Role Applicative Role Org Role Org Role Org Role Org Role Org Role Org Role Org Role Applicative Role 4 4123 gt Organization Human Resources Company Application Development Title Operator Sales System Management Stamford Branch Title Branch Manager Marketing Dept Company Records per page 19 Manage My Team s Role Assignments The Other Roles section provides t
112. this information Chapter 13 Using Administration Functions 365 TMS Administration To synchronize the RACI configurations 1 On the Administration menu click Sync RACI The Sync RACI Configurations screen opens Enterprise Role and Compliance Manager eure K ify Home Ticket Queue Dashboards Self Service Entity Browser Reports Administration Administration gt Sync RACT Logout AD1 EAdmin Choose Universe Choose One gt Sync RACI 2 Select a Universe from the drop down 3 Click Sync RACI An appropriate notice appears when the process is completed TMS Administration TMS stands for Ticket Management System Tickets are work items used to track information run jobs or notify users of events Tickets are generally not removed from the system except when you click Cancel Process They are archived Tickets should be considered undeletable But nevertheless in extreme circumstances it s possible to delete all the system tickets Important We highly recommend that you back up your system before deleting the system ticket and or ticket types Administration gt 7MS Administration MS Administration Page Delete All Tickets Delete All Tickets and Ticket Types HRC 366 Portal User Guide System Checkup The TMS Administration utility provides you with two options Delete All Tickets Delete All Tickets and Ticket Types Click Delete next to the serviced that you want to run When completed a
113. ticket create a hierarchal tree in which the original ticket the Status is set to Delegated is the root ticket and the new ticket is the next node Ticket Queue gt Archived Tickets 158 Portal User Guide ID Title 755 834 B amp Resource certification User Certification B amp Resource certification User Certification r User Certification Eurekify Admin Resource certification g User Certification Herman Barbara Resource State Archived Open Hidden Hidden Status Children Delegated Pending Action Pending Action Pending Type Received 21 12 2008 Campaign 13 28 38 21 12 2008 Campaign 13 29 06 Campaign Manager 21 12 2008 Approver Campaign Manager 21 12 2008 Owner Eurekify Admin AD1 EAdmin Eurekify Admin AD Cooper Amos EAdmin Cooper Amos Herman Barbara When the delegated ticket is viewed in the Approval Process owner s Ticket Queue when applicable the old ticket and the new ticket create a new sub tree within the original Approval Process tree in which the original ticket Status is set to Delegated is the parent ticket ID Title 1891 1871 1872 E Request to delete role RACF Developers Characteristic Role 100 0 Min 60 from user Keren Ci 8 Resource certification Approval Root Request Request to remove user to resource association E resource TESTDEV RACFTEST RACF22 Test RACF user
114. ticket provides the following General functionality Close Closes the ticket Save Saves the changes made to the ticket Delegate Transfers the ticket tree to another manager Escalate Transfers the ticket tree to another manager Start Process For regular Approval Processes this button is disabled as the procedure starts automatically when the tickets arrive in the approvers Ticket Queues Cancel Process Allows you to manually stop the Approval Process at any stage Acknowledge This function is disabled until the Approval Process has been completed This section provides instructions for the following functions Cancel Process m Acknowledge More information Delegate see page 157 Escalate see page 154 Cancel Process see page 170 Acknowledge see page 170 Chapter 9 Approval Process Tickets 169 Approval Process Root Ticket Cancel Process Acknowledge As the Approval Process owner you have the authority to cancel an Approval Process when necessary When you choose to cancel an Approval Process click Cancel Process and a Confirmation pop up window opens Confirmation Are you sure you want to Cancel Process Click Yes to cancel the current Approval Process and the Executing bar appears When done the ticket and it s tree no longer exist When you first open the Approval Root ticket you will find that the Acknowledge button is disabled It will only be enabled when all the Approver t
115. to SQL 9 On the File menu click Open from File Use the Open browser screen to locate the new master configuration Click Open The new master configuration file appears 10 Click Save to SQL Step 2 of the Eurekify Wizard appears Saving Document to the Database Eurekify Database Wizard Step 2 Saving Document to the Database Save Database Configuration New Eurekify Configuration Masterl_ConfigwithRoles cfg C Existing Eurekify Configuration Configuration 9 ConfigNoRoles cfg E ConfigwithRoles cfg Model_ConfigwithRoles cfg a Master_ConfigwithRoles cfg 9 Eurekify cfg E mm r a xI Set SOL Database Connectivity 11 Enable New Eurekify Configuration and enter the new master configuration file name 12 Click Next The Progress Log screen opens You can follow the progress of the transformation At the end of the process you are asked to close this configuration file and open it from the database Eurekify Sage DNA A Please close the Configuration and reopen from the database 394 Portal User Guide Eurekify Sage Error Messages 13 Click OK 14 Repeat steps 9 through 13 for the model configuration file You can now list the new master and model configuration files when creating or editing a Universe Appendix A Duplicating a Configuration 395 Appendix B Eurekify Properties This section contains the following topics Sample Properties File
116. tree More information The Ticket Properties Form see page 84 Update Role Ticket General Functions The Self Service Request Update Role Parent ticket provides the following General functionality Close Closes the ticket Save Saves the changes made to the ticket Delegate Transfers the ticket tree to another manager Escalate Transfers the ticket tree to another manager Cancel Process Allows you to manually stop the Approval Process at any stage More information Delegate see page 157 Escalate see page 154 Cancel Process see page 170 Chapter 11 Role Definition Tickets 301 Update Role Ticket Tree Update Role Parent Ticket Advanced Functions 302 Portal User Guide The Request Parent ticket provides the following Advanced functionality Add Comment Manually add a comment to the ticket Add Attachment Add an attachment or URL to the ticket View Transaction Log The transaction log provides a history of the ticket related actions executed since the creation of the ticket View Parent Opens the current ticket s parent s ticket View Initiators View of list of the users who launched this ticket View Children Opens a table which provides you with information concerning all the nodes leaves that are located below the current ticket For the Request Parent ticket this means that you can view information concerning the link s Approver tickets View Role Opens the Role s card In this case th
117. you can access the following Online and telephone contact information for technical assistance and customer services Information about user communities and forums Product and documentation downloads CA Support policies and guidelines Other helpful resources appropriate for your product Provide Feedback If you have comments or questions about CA product documentation you can send a message to techpubs ca com If you would like to provide feedback about CA product documentation complete our short customer survey which is also available on the CA support website found at http ca com support CA Product References This document references the following CA products m CA Eurekify Role amp Compliance Manager m CA Identity Manager Contents Chapter 1 Introduction 13 About This Guide aeiee eie seals aa dashed ody m aAa eGusin een Soe shad male be dune ad od dae ainda bels 14 AUGIENCE ii ccce cece deauds heaved bee deaths ee cbe sanded aaa ede cae EE 15 Typical Processes ossai ccauie nec o aiid Se GE anil wae BAe a HAE a GME RG oe nee o Rae nee Be 15 Opening the Eurekify Portal 0 0 ee nnne rraren rror orren nee teen eens 17 Chapter 2 Using The Eurekify Portal Interface 19 User Interface ov TA Zr pede Sade Taa EE Taa Ta TER a ee eee be A eee Meee dae 19 General Features x KR a 00 K nce eaves A RRR 24 ES ORE Oe Ew Es LRR R RR Ee ae Sa Rs Late NTR 4 99 20 Data Table Features ss s a ee e ccc R e RR
118. you have to run the Eurekify Configuration settings utility so that the users can access the Eurekify Portal You also have to generate the RACI configuration to define the entity Approvers This section describes the following procedures m Access the Universe Settings List Create a new universe Edit a universe Delete a universe More information Eurekify Configuration Settings see page 362 RACI Operations see page 364 The Universe Settings Table see page 327 Creating a New Universe see page 328 Editing a Universe see page 332 Deleting a Universe see page 333 Setting a Universe The Universe Settings Table The Universes table displays a list of available universes their description and the options of editing or deleting an existing universe A Create New button allows you to generate a new universe Universe Settings Universes Name Description Demo For demonstration purposes Eurekify Built in Eurekify Universe Admin_Basic first time Portal run Portal For Portal Manual The universe s ID number Name The universe s name Description The universe s description Edit Provides the option of editing the universe definitions Delete Provides the option to delete a universe To access the Universe settings table 1 On the Administration menu click Settings The available options list appears Administration gt Settings Settings Connector Settings Univer
119. 0 Task ee Eurekify Admin 01 02 2009 Cooper Amos 4 2223 S Role Approver New Role Corporate Security Archived Approved 0 Add Role oe DOMAIN Cooper 00 35 53 Amos Cooper Amos Request to add user to role association Link User 01 02 2009 2224 ai role Corporate Security user 89213720 Open In Progress 1 Role 00 38 36 ee Cooper Amos Request to add user to role association Link User 01 02 2009 2225 a Soe Corporate Security user 54672910 New In Progress 1 Role 00 38 36 Ps lata 4 User Approval Request to add role Corporate Link Herman Barbara 2234 Security Role provides resources to users who areNew erson 0 User pba DOMAIN Herman invol Role Sen Barbara Cooper Amos Request to add user to role association Link User 01 02 2009 2226 role Corporate Security user 91236370 New In Progress 1 Role 00 38 36 Taint Cooper Amos c Request to add user to role association Link User 01 02 2009 E 2227 a role Corporate Security user 89123140 New In Progress 1 Role 00 38 36 es geal 3 Cooper Amos Request to add user to role association Link User 01 02 2009 2228 a role Corporate Security user 84847310 New In Progress 1 Role 00 38 36 Taisa Cooper Amos 3 Request to add role to role association parent Link Role 01 02 2009 2229 E L Aaa Security child role Organization 1 New neo E Role 00 38 36 raus Approval Request to add role Corporate Security Cooper Amos s e Pending Link 01 02 2009 2240 ae provides resources to use
120. 02 2020 4sccccedeasendnardadcbdtancand dbaiabee our siandeaniecde 46 Chapter 4 Showcasing the Eurekify Portal 47 Running a Campaign A Case Study cnn cee orreee errero teen tenn eens 48 Defining a New User Campaign 0 0 ccc ccc een rnnr rron rrara eet e eee e eee enee 48 Reassigning Links to Another Approver 0 0 ccc cee cnn cee cent eee e nent eee nnn 51 Starting the User Campaign v c 2 9 NK N a NR NN YE 9 20 NK T eas NNE vad R N ARR K RNET KNN RR aden 55 Contents 5 Checking the Campaigns Progress 0 ec ccc ete eee te teen rreren 56 Sending Reminders to the ApproversS 0 cece cece cece e rnrn nent nrn 57 Examining a Users LINKS 0 ccc cc ee eee nee eee e beeen eee e nee een eens 59 Starting the Approval ProceSS 0 ccc ene ene e eee tebe etn nett beeen eo 61 Chapter 5 Presenting the Home Page 63 The Tickets Pane s s sce aw i rodeni pa E Raa inn E E nb N E dd eeaaie bE Meee Ss NRA 64 The Reports Bal ereere aede desu dae snes dechvnededer end an deweoe ba sedans sane eee eeeeeeeene sedan 65 The Business Processes Bar x eR cece ccc RRR RRR uidet ene e An eee RRR R 67 Chapter 6 Tickets and the Ticket Queue 69 Ticket Life Cycle 2622 sedan baccaaee Nese baw a WEA LAREN Ode BONG ad Lado AS ee OEE Se ee ee eeee was 71 Ticket TYPES s ccc ng nome deaties sudan sees ade tee hed eee HAS oe ace ene ee dee see eee ee eeesseeemee sees 72 Ticket State lt ccacctaudech dcd
121. 1 40 Hra v Select Accountable to Role Manage Human Resources To continue please choose an accountable user to Manage Human Resources role GENTKT039 Delegate Continue Select Accountable More Details gt gt Advanced 282 Portal User Guide Qio At first the Role Accountable field is empty located under More Details gt gt The Continue button is disabled until a user is selected When you click Select Accountable the Choose Accountable for New Role screen opens in a separate browser window Browse Tickets Windows Internet Explorer http localhost 8080 eurekify tms ui wicketsinterFace 15 hoose Accountable to New Role Where Choose Field v contains Where Choose Field x contains Where Choose Field E x contains Showing 1 to 30 of 140 UserName Organization O Rodney sergio Database Moris Bill System Management Rolen Dave Fred John Deer Alex Goid Wiliam Sharon Johnson Fifth Ave Branch O Moos Steve Rojer Dave Finance System Management Fifth Ave Branch Human Resources Human Resources Stamford Branch Steiven Pat System Management OrganizationType Corporate Corporate Corporate Corporate Branches Corporate Branches Corporate Branches Corporate and and Email 75676560 company com 47868650 company com 98383770 company com 86544420 company com 91238730 company com 84847310 company com 891234
122. 3720 E o o Oo E S E Oo Oo Oo Customize 4441234567 gt Name Organization Organization Type Rolen Dave Finance Corporate Goid Wiliam Human Resources Corporate Fred John System Management Corporate Rodney Sergio Database Administrators Corporate Cohen Steve System Management Corporate Sterling Kent Human Resources Corporate Goodman Bruce Marketing_Dept Corporate Schwarts Barry Human Resources Corporate Bean Frank Purchasing Corporate Orr Taylor IT Security Corporate Currently Enrolled Resources fe Records Found Other Resources 222 Portal User Guide Copyright C 2008 Eurekify All Rights Reserved Build 08 11 26 01 Manage My Team s Resources The screen is divided into four sections General Provides descriptive information concerning the current action Users Your team members Select one or more users for the current action Currently Enrolled Roles The current resources linked to the selected users Other Roles Recommended resources for the selected users The Users and Other Resources sections present customizable tables As the MMT Resources screen allows many options and great flexibility the task s procedures will be broken up by section The fields in the General section m The Users table options and functionality The Currently Enrolled Resources table options and functionality m The Other Resources table options and functionality To manage my team s resource assignments click Man
123. 70 company com 87623450 company com 88490390 company com 45489940 company com CE internet 44 472345 gt Title DB Developer Developer Accountant Developer Branch Officer Clerk Psychologist Branch Officer Clerk HR Officer Branch Officer Clerk Security Admin Manager Enruntans 100 Add New Role Ticket Tree The Choose Accountable for New Role screen is divided into two sections The filter Located in the window s header The filter lets you narrow down the list of proposed approvers The proposed users This table presents a pre filtered list of users who can become Approvers This list can be filtered to aid in finding a specific user After selecting a user as the role s Approver the Continue button is enabled The new role manager is listed under the More Details section of the Select Accountable Task ticket onfiguration Name Model2_ConfigWithRoles Role Accountable DOMAIN Cooper Amos Corporate Security Rule Organization2 Organization Type Owner Description Organization3 Organization IT Security null null Enterprise 4IT Security Organizational Role 54672910 Role provid 89213720 54672910 91236370 89123140 84847310 Organization IT Security public UNXMARKT Solaris26 PUBLIC RACFPROD RACF22 UGMTSYS RACFTEST RACF22 Parent Roles To Remove Resources To Remove Approval Process Result Click Continue to go to the next stage of the Add New
124. 74 Portal User Guide In this section you will find information specific to the Rejected Link Parent ticket It is important to remember that Approval Process tickets are based on specific campaigns lt Ticket Title gt Delete Link Entity1 Entity2 For example Delete Link User Resource Title Request to remove Entity1 to Entity2 association Entity1 Entity1 name Entity2 Entity2 name For example Request to remove user to resource association resource UGMPMRK RACFPROD RACF22 Production RACF user Garr Jim 77371120 Description A description of the ticket It includes the details of the request Request was submitted on Universe Universe name from Campaign Title For example Request to remove user to resource association resource UGMPMRK RACFPROD RACF22 Production RACF user Garr Jim 77371120 Request was submitted on Universe Portal from User Review Use this ticket s functionality when you wish to transfer the specific link s sub tree to the management of another user or to cancel this specific review You can use the options in the ticket s Advanced section to access additional information concerning the current ticket and the rest of the tickets in the tree More information The Ticket Properties Form see page 84 Rejected Link Parent Ticket Rejected Link Parent Ticket General Functions The Rejected Link Parent ticket provides the following General functionality Close Close
125. 80 eurekiFy tms ui wicket interface 16 Campaign Ticket Id 835 Owner Eurekify Admin AD1 Previous Owner Status Pending Action Due Date 15 01 2009 00 00 00 Priority Normal Severity Medium State open v Modified Date 21 12 2008 13 28 43 Date Created 21 12 2008 12 51 2 Title User Review User Certification Description End of year user audit Universe Portal Campaign Type USER Auto Generate Permissions true Configuration Model2_ConfigWithRoles Link Fitter Direct Dual Audit Card Entity Filter No Filter Attachments omments Received Owner Note x 21 12 2008 13 24 06 Eurekify Admin End of year audit Campaign Management Start Carnpaign Stop Carnpaign Restart Campaign 88 Portal User Guide The Ticket Properties Form The Comments table provides the following information Received Provides the date when the comment was generated Owner The name of the user who generated the comment Note The content of the comment Next to each comment you can see an X Click X to delete the comment The Add Comment screen contains two fields Owner Lists the name of the note owner Note Free style text To add a comment 1 Click Add Comment The Add Comment screen opens 2 Enter the comment you want to make in the Note field 3 Click Save The Executing bar appears The new comment appears in the Ticket Properties Form s Comment table Ticket Properties Form Windows In
126. 9 Delete Link User Resource a Se OE SSE rig Ss 1189 Owner Cooper Amos DOMA Previous Owner Status Pending Action 29 12 2008 18 47 19 Priority Low lt ity Minimal State open User Approval Request to delete resource TESTDEV RACFTEST RACF22 Test RACF from user Keren Cindy 77292450 User Approval Request to delete resource TESTDEV RACFTEST RACF22 Test RACF from user Keren Cindy 77292450 Request was submitted on Universe Portal from User Review Details onfiguration Name Model2_ConfigWithRoles P ID 77292450 TESTDEV RACFTEST RACF22 Add Comment Add Attachment View Transaction Log View Parent View Initiators View Violations View User View Resource More information Running Campaign owner Tickets see page 101 Campaign Approver Tickets see page 131 Approval Process Tickets see page 151 Info tickets see page 92 Chapter 6 Tickets and the Ticket Queue 87 The Ticket Properties Form Add Comment Using this function you can add specific comments in free style text This is in addition to system comments that may be added during a ticket s life cycle for example during a campaign a comment is added when a campaign is delegated Ticket Properties Form Windows Internet Explorer ir Internet All the comments appear in the Comment s table Ticket Properties Form Windows Internet Explorer http flocalhost 80
127. 93 296 298 301 303 305 306 327 374 Severity e 85 110 340 344 State s 71 75 85 110 120 Status 36 71 76 81 85 96 98 110 120 129 156 159 166 T Ticket Queue e 15 27 35 36 39 48 55 64 69 71 72 77 80 81 84 96 98 109 113 114 116 120 133 136 153 156 159 169 171 191 259 267 315 340 344 347 350 368 TMS Administration lt 368 Transaction Log e 87 92 100 128 151 163 173 178 188 194 268 275 287 291 294 297 304 307 353 U Universe s 15 30 31 33 37 38 41 43 45 112 125 133 153 169 175 191 259 265 292 309 315 328 329 330 334 335 340 344 356 364 366 367 376 393 407
128. AROL workpoint updateRole reference UROL ws security Idap server adserver ws security manager dn AD1 Administrator ws secutiry manager password eurekify 400 Portal User Guide Sample Properties File sage security disable true sage security disable ADAuthentication true sage security disable ss ADAuthentication true sage security eurekify keyStore file Uncomment this property to specify a different directory for the audit parameters default is EUREKIFY_HOME conf audit parameters audit parameters dir raci configuration separator _ raci sageMaster udb defualtC ustomFields ManagerID Title approvals duePeriod default 5 approvals configuration mail user DemoV4 Eurekify com approvals configuration mail password abcd 1234 approvals configuration mail server smtp company com approvals configuration mail serverPort 25 approvals configuration mail useSSL false approvals configuration mail from TMS eurekify com approvals configuration updateRole minimumLinks 4 approvals configuration sendE xternalMails true approvals configuration max ticket property length 2000 format date display dd MM yyyy HH mm ss Appendix B Eurekify Properties 401 Sample Properties File bpr risk low 30 bpr risk med 50 bpr risk high 70 browser universe default Demo1 default role types Business Role Organizational Role Functional Role Application Role Technical Role Location Role Provisioning Polic
129. Admin View State 1111 Role Review Role Certification New 916 E Role Checkup Role Certification 917 921 923 925 927 931 933 Open role Certification Flag Lee Role Checkup New B Role Certification Garr Jim Role Checkup New H role Certification Hope Collin Role Checkup New A Role Certification Cooper Amos Role Checkup New E Role Certification Keren Cindy Role Checkup New role Certification Yoham Anne Role Checkup New Role Certification Herman Barbara Role Checkup Open Reports Status Pending Action In Progress Pending Action Pending Action Pending Action Pending Action Pending Action Pending Action Completed Chapter 7 Running Campaign owner Tickets Children Administration Type Received 25 12 2008 19 24 11 23 12 2008 21 14 23 Campaign Manager eer Approver Campaign Manager cl gaa Approver Campaign Manager a be Lad Approver Campaign Manager Approver Campaign Manager Approver Campaign 53 13 2008 ica Campaign Campaign 23 12 2008 21 14 24 23 12 2008 21 14 24 Manager Approver Campaign Manager aoe Approver Campaign Owner Eurekify Admin AD1 EAdmin Eurekify Admin AD1 EAdmin Flag Lee DOMAIN Fiag Lee Garr Jim DOMAIN Garr Jim Hope Collin DOMAIN Hope Collin Cooper Amos DOMAIN Cooper Amos Keren Cindy DOMAIN Keren Cindy Yoha
130. Approval Process Ticket Functions 156 Portal User Guide If you choose to escalate an Approval Process root ticket the whole tree will now be visible in the new owner s Ticket Queue To escalate a ticket you have to select a user from the list of appropriate users Browse Tickets Windows Internet Explorer 7 http flocalhost 8080 eurekify tms ui wicket interface 9 Find Escalate Users Where Choose Field Where Choose Field Choose Field Showing 1 to 30 of 140 Userliame Rodney Sergio Moris Bill Rolen Dave Fred John Deer Alex Goid Wiliam Sharon Johnson Moos Steve Rojer Dave vi contains vi contains lt contains Organization Database Administrators System Management Finance System Management Fifth Ave Branch Human Resources Fifth Ave Branch Human Resources Stamford Branch OrganizationType Corporate Corporate Corporate Corporate Branches Corporate Branches Corporate Branches Email 75676560 company com 47868650 company com 98383770 company com 86544420 company com 91238730 company com 84847310 company com 89123470 company com 87623450 company com 88490390 company com 4 412345 gt Title DB Developer Developer Accountant Developer Branch Officer Clerk Psychologist Branch Officer Clerk HR Officer Branch Officer Clerk Steiven Pat System Management Corporate 45489940 company com Security Admin Manager v Intern
131. Auto Generate Permissions Configuration Model2_ConfigWithRoles Link Filter Direct Dual Audit Card Attachments Comments Entity Filter No Filter Owner Note X 21 12 2008 12 15 17 Eurekify Admin AD1 EAdmin Escalated to Herman Barbara Campaign Management Start Campaign lop Campaign Restart Carnpaign art Approval Processes View Campaign Progress v Done 114 Portal User Guide C internet R10 General Campaign Ticket Functions A comment is generated stating that the campaign has been Escalated to current owner This comment appears in both the old root ticket and in the new root ticket The new root appears as the top level in the new owner s campaign ticket and as the second level in the previous owner s archived campaign ticket Retesh Clear Fier State ID Title Customize Status Children Owner Eurekify Admin AD1 EAdmin Eurekify Admin AD1 EAdmin Type Received 18 12 2008 16 41 08 18 12 2008 Campaign 16 12 59 18 12 2008 16 25 08 Campaion 18 12 2008 Manager 12 3 Approver 16 13 00 Campaign 18 12 2008 Z 619 E Resource1 Resource Certification Archived Completed 5 Campaign 572 E G Role certification Role Certification Archived Escalated Pending Eurekify Admin AD 618 New Action d EAdmin E 2 Rais certification Role Certification Campaign Helmuth Hoar Pending Action Flag Lee g S73 DOMAIN Flag Lee Role Certification
132. Ben 67283470 Angel Ben 67283470 Resource UGFIN1 TSSCREDIT TSS50 Top Secret on MVSCREDIT UGFIN1 TSSCREDIT TSS50 Top Secret on MVSCREDIT Resource UGFINMGR TSSCREDIT TSS50 Top Secret on MVSCREDIT UGFINMGR TSSCREDIT TSS50 Top Secret on MVSCREDIT 4 Click Back to amend the data 250 Portal User Guide 5 Click Submit to forward the request to generate a new role More information Request New Role Definition Screen see page 241 Filtering a Data Table see page 24 Customizing a Data Table see page 22 Suggesting Entities see page 198 Setting the Number of Records Per Page see page 23 Test Compliance see page 196 Introducing the Requests Table see page 253 Updating Role Definitions Updating Role Definitions The Eurekify Portal allows you to update role attributes and links on the fly When the need arises to update an existing role whether following an audit or in the course of an enterprise s roles and privileges maintenance life cycle you can do so directly and quickly The procedure includes finding the role within a specific universe and then following the procedure described in Defining a New Role though in this case the fields have already been filled the attributes defined and the links listed and your goal is to edit these selections to match your corporation s new needs Enterprise Role and Compliance Manager Home Ticket Queue Dashboards Self Service Entity Browser R
133. CA Eurekify Role amp Compliance Manager Portal User Guide r4 12 This documentation and any related computer software help programs hereinafter referred to as the Documentation is for the end user s informational purposes only and is subject to change or withdrawal by CA at any time This Documentation may not be copied transferred reproduced disclosed modified or duplicated in whole or in part without the prior written consent of CA This Documentation is confidential and proprietary information of CA and protected by the copyright laws of the United States and international treaties Notwithstanding the foregoing licensed users may print a reasonable number of copies of the documentation for their own internal use and may make one copy of the related software as reasonably required for back up and disaster recovery purposes provided that all CA copyright notices and legends are affixed to each reproduced copy Only authorized employees consultants or agents of the user who are bound by the provisions of the license for the product are permitted to have access to such copies The right to print copies of the documentation and to make a copy of the related software is limited to the period during which the applicable license for the Product remains in full force and effect Should the license terminate for any reason it shall be the user s responsibility to certify in writing to CA that all copies and partial copies of the
134. CA Eurekify Role amp Compliance ManagerSage DNA Data Management User Guide Setting Connectors At the end of an audit process the original configuration that was downloaded from the end point is compared to the new configuration The configuration variance between the original and the updated configuration resulting from the audit and the implementation of corporate policies and enforcing regulatory compliance is uploaded via Export Connectors to the endpoints This section discusses the following procedures m The Connector Settings panel m Create a new import connector Create a new export connector R Run a connector m Edit a connector Delete a connector Connectors are defined specifically either as an import connector or as an export connector More information The Connector Settings Panel Tables see page 336 Creating a New Import Connector see page 338 Creating a New Export Connector see page 342 Running a Connector see page 345 Import Error Tickets see page 347 Chapter 13 Using Administration Functions 335 Setting Connectors The Connector Settings Panel Tables The Connector Settings panel provides two connector tables Import Connectors Table Export Connectors Table Enterprise Role and Compliance Manager Home Ticket Queue Dashboards Self Service Entity Browser Reports Administration Logout AD1 EAdmin Administration gt Settings gt Connector Settings Imports Name
135. CFTEST RACF22 BRLIMSYS RACFPROD RACF22 DEVELOP RACFPROD RACF22 DEVELOP RACFTEST RACF22 Domain Users NTSILV WinNT Domain Users NTSAVE WinNT Domain Users NTSTAM WinNT PUBLIC RACFPROD RACF22 PUBLIC RACFTEST RACF22 SYS1 RACFTEST RACF22 Customize Filter Records per page 19 Y More information Resource Card see page 33 312 Portal User Guide Chapter 13 Using Administration Functions The administration menu provides a number of important processes that can be run only by administrators with the appropriate permissions This section contains the following topics Adding Campaigns see page 313 Start Approval Process from DNA see page 325 Setting a Universe see page 326 Setting Connectors see page 334 Job Scheduling see page 348 The Transaction Log see page 351 Cache Manipulation see page 354 Properties Settings see page 356 Eurekify Configuration Settings see page 362 RACI Operations see page 364 TMS Administration see page 366 System Checkup see page 367 Adding Campaigns Campaigns utilize Eurekify s basic auditing tools to run an enterprise wide certification and attestation process with the aid of designated approvers The purpose of the campaign is to certify that granted privileges comply with the business and regulatory needs and that they are not over allocated This process is supported by the Eurekify Audit Card facility which allows t
136. Description Basic import connector For demonstration purposes Create New Name INo Records Found Each connector table displays a list of available connectors ID numbers description and provides the options to Edit Delete or Run a connector The Create New button located above each table allows you to generate a new import connector or a new export connector To access the connector tables 1 On the Administration menu click Settings The list of available options appears Administration gt Settings Connector Settings Universe Settings Properties Settings Common Properties Settings Audit Properties Settings 2 Click Connector Settings The Connector Settings screen opens 336 Portal User Guide Setting Connectors To edit an existing connector 1 Click Edit next to the connector that you want to edit You cannot change the name of a connector The contents of the other fields can be edited To delete a connector 1 Click Delete next to the connector that you want to edit A warning screen opens Really delete Basic import connector 2 Click OK to delete the connector Chapter 13 Using Administration Functions 337 Setting Connectors Creating a New Import Connector 338 Portal User Guide Connectors utilize the Eurekify Sage converters to import data from the system s endpoints You will need to know which converter you intend to use and the name and location of the settings
137. Documentation have been returned to CA or destroyed EXCEPT AS OTHERWISE STATED IN THE APPLICABLE LICENSE AGREEMENT TO THE EXTENT PERMITTED BY APPLICABLE LAW CA PROVIDES THIS DOCUMENTATION AS IS WITHOUT WARRANTY OF ANY KIND INCLUDING WITHOUT LIMITATION ANY IMPLIED WARRANTIES OF MERCHANTABILITY FITNESS FOR A PARTICULAR PURPOSE OR NONINFRINGEMENT IN NO EVENT WILL CA BE LIABLE TO THE END USER OR ANY THIRD PARTY FOR ANY LOSS OR DAMAGE DIRECT OR INDIRECT FROM THE USE OF THIS DOCUMENTATION INCLUDING WITHOUT LIMITATION LOST PROFITS BUSINESS INTERRUPTION GOODWILL OR LOST DATA EVEN IF CA IS EXPRESSLY ADVISED OF SUCH LOSS OR DAMAGE The use of any product referenced in the Documentation is governed by the end user s applicable license agreement The manufacturer of this Documentation is CA Provided with Restricted Rights Use duplication or disclosure by the United States Government is subject to the restrictions set forth in FAR Sections 12 212 52 227 14 and 52 227 19 c 1 2 and DFARS Section 252 227 7014 b 3 as applicable or their successors All trademarks trade names service marks and logos referenced herein belong to their respective companies Copyright 2009 CA All rights reserved Contact CA Contact Technical Support For your convenience CA provides one site where you can access the information you need for your Home Office Small Business and Enterprise CA products At http ca com support
138. Flag Lee Role certification Hidden Pending Action Garr Jim m DOMAIN Garr Jim Role Certification Garr Jim Role certification Hidden Manager Approver Ye Campaign 18 12 2008 Manager 16 13 00 Approver Y Campaign 9 Hope Collin DOMAIN Hope Collin o Cooper Amos 579 Role Certification Hope Collin Role certification Hidden Pending To escalate a campaign you have users Browse Tickets Windows Internet Explorer lt 2 nttp flocalhost 8080 eurekiFy tms uif wicket interface 9 1 Find Escalate Users Where Choose Field _ Where Choose Field Where Choose Field _ OK Showing 1 to 30 of 140 UserName Rodney Sergio Moris Bill Rolen Dave Fred John Deer Alex Goid Wiliam Sharon Johnson Moos Steve Rojer Dave Steiven Pat D v v Organization Database Administrators System Management Finance System Management Fifth Ave Branch Human Resources Fifth Ave Branch Human Resources Stamford Branch System Management OrganizationType Corporate Corporate Corporate Corporate Branches Corporate Branches Corporate Branches Corporate Email 75676560 company com 47868650 company com 98383770 company com 86544420 company com 91238730 company com 84847310 company com 89123470 company com 87623450 company com 88490390 company com 45489940 company com Title 4 412345 DB Developer Developer Accountant Developer Branch Officer Cl
139. History 54672910 Orr Taylor 89213720 Direct Orr Taylor IT Security Corporate US History Godheart Dan Direct Godheart Dan IT Security Corporate US History 89123140 4 Namel Name2 Name3 Violations Relationtype_ Description Managerid owner office2003 2003 WinNT MS o993 WinNT Direct MS office2003 91236370 office2003 Mateo CA e mail outiook WinNT MS outlook WinNT Direct MS email 91236370 ich History email UGADGEN1 Administration Mateo CA Active Directory ROOT NOVELADM Novell4 NOVELADM Novel4 Direct 67283470 Portland OR History Active Directory Admin1 Admin1 San secmgr UNXMARKT Solaris26 Marketing Sun UNXMARKT Solaris26 Direct 89123140 History Marketing Sun Server Server Mateo CA E child Roles 0 vx s Name Violations Relationtype Description Type Organization Rule Owner History Comment No Records Found E Parent Roles 0 vx Name Violations Relationtype Description Type Organization Rule Owner History Comment No Records Found 138 Portal User Guide Approving a Link Lv X T ooo B ooo El Roles 3 v X gt Name MOO Auditing Links Click E to collapse the entity tree The main Entity Table columns are predetermined They depend on the campaign type However several columns appear in all types of Main Entity tables Progress Shows the progress made in examining the current en
140. IT Org Role Enterprise Organization IT Security Characteristic Role 100 0 Min 40 Org Role IT Security Customize Filter 28 Portal User Guide User Interface The entity s card contains all the relevant information present within the selected Universe and includes lists of links in table format to the other entities For example in a User card you have a Roles table and a Resources table You can also access the cards belonging to linked entities by clicking on the relevant highlighted content from within a specific entity card These following options are available for all entity cards Customize Allows you to customize this table Filter Open a filter screen which you can use to filter the table contents Records per page Select the number of records that will appear in the table Highlighted content in the entity card By clicking on specific content in the active column usually this is the first column the one that contains the user name resource name you can open the linked entity s data card More information Customizing a Data Table see page 22 Setting the Number of Records Per Page see page 23 Chapter 2 Using The Eurekify Portal Interface 29 User Interface User Card User cards present all the information concerning the specific user that is available in the selected Universe s configuration files It also includes separate lists under discrete tabs of the user s linked Roles and Resour
141. LTER FILTER FILTER FILTER FILTER FILTER FILTER FILTER FILTER DOCA FILTER FILTER FILTER FILTER FILTER FILTER FILTER FILTER FILTER FILTER FILTER FILTER FILTER FILTER FILTER FILTER FILTER FILTER FILTER FILTER 5 gt type role A type resource sageUser PersonID A type user sageUser PersonID gt type role A type user sageUser PersonID gt type resource A type user sageUser PersonID A type role sageUser PersonID gt type user A type role sageUser PersonID gt type resource A type role sageUser PersonID gt type role A type role sageUser PersonID PersonID 99883136 user 99883136 user 99883136 user 99883136 A type user sageUser PersonID gt type role A type user sageUser PersonID gt type resource A type user sageUser PersonID PersonID 99883136 v user 99883136 user 99883136 user 99883136 PersonID 64646410 user 64646410 user 64646410 user 64646410 A type role sageUser PersonID gt type user A type role sageUser PersonID gt type resource A type role sageUser PersonID gt type role A type role sageUser PersonID A type resource sageUser PersonID gt type user A type resource sageUser PersonID gt type role A type resource sageUser PersonID PersonID 938721 10 user 93872110
142. New Role Parent Ticket see page 290 Self Service Request New Role Approver Ticket see page 293 Approve see page 184 Reject see page 185 Role Approver Tickets General Functions see page 288 Role Approver Tickets Advanced Functions see page 289 Role Approver Tickets General Functions 288 Portal User Guide The Role Approver ticket provides the following General functionality Close Closes the ticket Save Saves the changes made to the ticket Delegate Transfers the ticket tree to another manager Escalate Transfers the ticket tree to another manager Consult Allows you to request a consult from one or more managers When you activate this service a View Consult Results button appears in the Advanced functions section of the Ticket Properties Form Approve Approve the Self Service request In this case this leads to the second stage of the Approval Process where the user review Approval Process sub trees are generated and the Approver tickets are sent to the user managers Reject Reject the Self Service request Note It is important to remember that when reviewing a Role Approver ticket you can either accept the request for ALL listed users enrolling all of them or you can reject the request for ALL users Add New Role Ticket Tree More information Escalate see page 154 Delegate see page 157 Approve see page 184 Consult see page 179 Reject see page 185 Role Approver Tickets Ad
143. Priority Normal Severity Medium x State Open x l Modified Date 06 01 2009 16 28 54 Date Created 06 01 2009 16 28 06 User Certification Eurekify Admin User campaign with Audit Card User Certification Eurekify Admin User campaign with Audit Card Save and Reassign Hide Selected Reassigned From Approver Progess l 0 6 0 14 X gt PersonID UserName ia ii Joe Dassin 99883136 Joe Dassin Sales E roles 2 y X d Name Violations Relationtype Description Type Organization Rule Owner History Comment Sales Team Role By 2 Users Organization Sales Characteristic Role Characteristic Role Direct 100 0 Min Org Role Sales Organization Sales 99883135 History g 100 0 Min 40 40 Direct Role By 2 Users Org Role Sales Organization Sales 99883135 History g E Resources 4 4 X d Namel Name2 Name3 T Description Managerid owner Location History Comment office2003 2003 WinNT San MS office2003 2003 WinNT MS office2003 91236370 Mateo CA e mail outlook WinNT MS San email outlook WinNT MS email 91236370 Mateo CA UGMPBR RACFPROD RACF22 Production Production RACF RACFPROD RACF22 parE 77292450 Irvine CA History UGADGEN1 Administration ROOT NOVELADM Noveli4 NOVELADMNovel4 2 Active Directory 67283470 Portiand OR History Active Directory Admin1 Admin1 History History Attachments o
144. Queue gt Open New Done Tickets ID Title Status Children Type Received Owner Previous Owner 834 G Resource certification User Certification Pending 9 Campaign Lng Cooper Aamos Eurekify Admin AD1 Action EAdmin 872 B User Certification Cooper Amos User Review e nding Campaign 21 12 2008 Cooper Amos ction 12 19 Manager 12 51 21 DOMAIN Cooper Approver Amos Chapter 2 Using The Eurekify Portal Interface 27 User Interface The Entity Card You will come across entity lists in table format while using the Eurekify Portal In most of these tables one or more column s have active links allowing you to view further information concerning a specific entity user role or resource For example when running the Self Service option Manage my Team s Role Assignments you can view a Users table The content in the column showing the Person ID user s ID is highlighted When you click on any specific Person ID the specific user s card opens in a separate browser window Enterprise Role and Compliance Manager ooper Amos 54672910 Configurtion Model2_ConfigWithRoles Person ID 54672910 Name Cooper Amos Organization IT Security Organization Type Corporate Country US Location Pennsylvania Title IT Manager Cost Center 23456 Suspended No Manager ID 64646410 E Mail 54672910 company com DOMAIN Cooper Amos Resources Description Type Organization Basic role for all users that have access to
145. Refresh Chapter 6 Tickets and the Ticket QUeue 79 Ticket Tables More information Customizing a Data Table see page 22 Administrator View User View see page 83 Searching the Ticket Queue Table Besides the basic filtering done by the Ticket Queue menu options you can search for a ticket that matches a specific query The search is performed on the tickets in the current table Search Tickets Find tickets that match these criteria Status EQUAL SH Pending Action v The query can include one or more filter statements Each rule consists of the following fields Field Description Column name This drop down box provides a list of possible columns You can select any column that appears in the drop down list even if the column is not currently visible in the Ticket Queue table Filter functions The following filtering functions are available Equal ma Greater m Less Between a In a Is null m Is not null a Not equal m Like 80 Portal User Guide Ticket Tables Field Description Item Based on the column name you can select an item from a drop down list or enter free text For example m If the column name is Status you can select Pending Action from the drop down list R IY the column name is Owner you can enter free text The Search Ticket window provides two functions Add Condition Allows you to add an additional filter rule to the search criteria T
146. Reserved Build 08 11 26 01 Manage My Team s Role Assignments Manage My Team s Role Assignments For the purposes of the Eurekify Portal your team is essentially the users that you were assigned to manage As a team manager you may find it necessary to update role assignments because of corporate changes personnel changes or following an audit process The Manage My Team s Roles MMT Role screen allows you to manage your team s roles by generating a request to enroll your team in one or more roles or by generating a request to enroll a specific user in one or more roles or by severing the link between selected users and their current roles The role management utility allows you to manually select a specific target role but it also provides you with a list of suggested roles and their pattern based behavior thus giving you the information necessary to make an informed choice The screen is divided into four sections General Provides descriptive information concerning the current action Users Your team members Select one or more users for the current action Currently Enrolled Roles The current roles linked to the selected users Other Roles Recommended roles for the selected users Chapter 10 Running Self Service Tasks 203 Manage My Team s Role Assignments Enterprise Role and Compliance Manager Home Ticket Queue Dashboards Self Service gt Manage My Team s Role Assignments Self Service Entity Br
147. Screen see page 241 Definitions for Role Name New Role Name see page 246 Defining a New Role Request New Role Definition Screen The first step in defining a new role is to define its characteristics and general definitions For example for a new role called Security Officer you have to provide the role name corporate definitions and rules that will govern this role The Request New Role Definition screen is divided into two sections m Task definitions m Role definitions Enterprise Role and Compliance Manager Home Ticket Queue Dashboards Self Service Entity Browser Reports Administration Logout DOMAIN Herman Barbara Self Service gt Request a New Role Definition Request Description The description is displayed on the approver ticket Role hane 0 New Role Description a v owr SO wee iS Organization Organization 2 oaanrsnen 3 SSS o O ne OOS RR After entering role information click Next to proceed Nex Pome Chapter 10 Running Self Service Tasks 241 Defining a New Role 242 Portal User Guide The Task Definitions area includes the following fields Universe Select the Universe you wish to work with The new role will be associated with this universe s configuration The users table and the available resources provided in the Definitions for Role Name New Role screen depend on the universe Business Area General information descriptive This information appea
148. Severity In Progress Medium v State Modified Date 16 12 2008 22 59 01 Date Created 16 12 2008 18 37 42 Open User Certify Dec 2008 User Certification User Certification Campaign for the end of 2008 A v 108 Portal User Guide Campaign Ticket Data The Ticket Data section of the Campaign Ticket Properties Form contains the following fields Ticket ID The Ticket s unique number Owner The Campaign owner the user who generated the campaign Previous Owner During campaigns or approval processes tickets may be delegated escalated to other managers If a ticket was sent to the owner from another user that user s name not the current owner appears in this field Status Shows the current campaign ticket status Due Date The date by which the campaign ticket must be completed Priority Shows the current priority level Severity Shows the current severity level State Shows the current ticket s state Modified Date The last time the campaign ticket was modified Date Created The date on which the campaign ticket was first generated Title The campaign ticket s title Description The campaign ticket s description Chapter 7 Running Campaign owner Tickets 109 Campaign Ticket Data General Data Campaign The General section is in the body of the campaign s Ticket Properties Form Universe Portal Campaign Type USER Auto Generate Permissions true Co
149. The associated Roles and Resources tables appear 2 Click the check box in the v column next to the user s role s and or resource s that you want to approve 3 Click Save The selected links are approved and the relative progress made is reported on the Approver Progress bar Note Replace user in the above procedure with either resource or role for instructions on how to approve Role links or Resource links Ticket Properties Form Windows Internet Explorer DER 7 http localhost 8080 eurekify tms uif wicket interface 20 vi Campaign Manager Approver Ticket Id 756 Owner Cooper Amos Previous Owner Status Pending Action v Due Date 15 01 2009 00 00 00 Priority Normal lt Severity Medium v State Open Modified Date 22 12 2008 17 16 24 Date Created 21 12 2008 12 28 38 Title User Certification Eurekify Admin Resource certification Description User Certification Eurekify Admin Resource certification Reassigned From oe ooe TES 14 X gt Progress Violations PersonID UserName Organization OrganizationType Comment OOO wm 3 6 Joe Dassin 99883136 Joe Dassin Sales Corporate Ef Attachments Comments Add Comment Add Attachment View Initiators View Transaction Log CE internet 100 140 Portal User Guide Auditing Links Rejecting a Link When a link is rejected during a campaign the rejection does not become final until it is
150. Ticket Type Select the Priority Select the Severity When the new export connector is created it appears in the Connector Settings Exports table Setting Connectors Running a Connector The Eurekify Portal provides two methods for importing exporting data from the source servers Manual Select a connector and click Run This will start the download upload process immediately Automatic Create a job through the Job Scheduler The import export will run as programmed by you You will receive an email notifying you of the success or failure of the import export job An import job can run from a few moments to a few hours You can monitor the situation via the Import Ticket generated by the process Ticket Properties Form Windows Internet Explorer http flocalhost 8080 eurekify tms ui wicket bookmarkablePage ticketPage1489 com eurekify tms web template DefaultTicketPage ticketId 1489 Import Ticket Ticket Id 1489 Owner Eurekify Batch Admin Previous Owner Status pending Action Due Date 09 01 2009 12 20 54 Priority Normal v Severity Medium State Done Modified Date 09 01 2009 11 47 42 Date Created 09 01 2009 11 47 35 Title Basic import connector 2009 01 09T11 47 34 Description Master Configuration Name Master_firstRun Model Configuration Name Model_firstRun Import Name Basic tL et Import name Basic import connector niverse Id Admin_Basic aster con
151. User Guide Field Children Type Received Owner Previous Owner Ticket Tables Description The meaning of this number depends on the ticket type For campaign owner tickets this provides the number of Approvers assigned to a specific campaign For Approver tickets this provides the number of entities listed in the ticket whose links need to be reviewed Provides the ticket type Provides the date and time when the ticket was received The owner of the specific ticket The functionality of the ticket changes according to who is viewing the ticket Only the owner will have access to all the functions available for the specific ticket type During campaigns or approval processes tickets may be delegated escalated to other managers If a ticket was sent to the owner from another user that user s name not the current owner appears in this field As the Ticket Queue table can be customized the columns that appear in the Ticket Queue table may be different than those presented here More information Administrator View User View see page 83 Customizing a Data Table see page 22 The Tickets Pane see page 64 Main Screen Operations The Ticket Queue menu bar provides five functions Search Customize m User View Admin View m Refresh Clear Filter appears only when a Search filter has been activated This section covers the following topics m Search Clear Filter m
152. Users screen opens in a separate browser window Browse Tickets Windows Internet Explorer DER le http flocalhost 8080 eurekify tms ui wicketsinterface 11 11 v Find Consult Users Choose Field Choose Field v and Choose Field 7 Showing 1 to 30 of 140 4 472345 UserName Organization OrganizationType Email Title n Database Rodney Sergio Administrators Moris Bill System Management Corporate 47868650 company com Developer Corporate 75676560 company com DB Developer Rolen Dave Finance Corporate 98383770 company com Accountant Fred John System Management Corporate 86544420 company com Developer Deer Alex Fifth Ave Branch Branches 91238730 company com Branch Officer Clerk Goid Wiliam Human Resources Corporate 84847310 company com Psychologist peel Fifth Ave Branch Branches 89123470 company com Branch Officer Clerk Moos Steve Human Resources Corporate 87623450 company com HR Officer _ Rojer Dave Stamford Branch Branches 88490390 company com Branch Officer Clerk M Steiven Pat System Management Corporate 45489940 company com CE internet R 100 Chapter 9 Approval Process Tickets 179 Approval Process Approver Tickets 180 Portal User Guide The Find Consult Users screen is divided into two sections The filter Located in the window s header The filter lets you narrow down the list of proposed approvers The proposed users This table pres
153. Wireless Research R amp D San Jose 123B546 1 Appendix D Eurekify Sage Configuration Data Formats 415 Resource Database File Resource Database File Each resource is represented in this file by one line which includes comma separated values for the following fields in this order m Resource Name 1 m Resource Name 2 m Resource Name 3 Additional fields optional Up to 6 additional fields Example System Administrator Unix 348 Unix AlX ControISA ESS Marketing Managers NT 720 NT Windows PR Planning Configuration File Each line in this file represents one entity and or one relationship Reference to Static Users and Resource Databases This section comprises the first two lines in the file and it provides a reference to the users and resource database files These lines have the following formats UsersDB lt Users Database File Name gt ResDB lt Resource Database File Name gt Multiple configurations may share the same users and resource database files even if only a small number of users and or resources actually participate in each configuration 416 Portal User Guide Entities Relationships Configuration File This section describes the entities that participate in this configuration The first set of lines identifies the users one line per user in the following format User lt Eurekify Sage UserlID gt lt SA User ID gt The Eurekify Sage User ID is used to describe the rank of the user in t
154. a Campaign Ticket Data In the Ticket Queue select a campaign ticket The campaign s Ticket Properties Form opens in a separate browser window Campaign Ticket Id 465 Owner lEurekify Admin AD1 Previous Owner Status In Progress v Due Date Normal w Severity Medium x State Open v user Certify Dec 2008 User Certification E Certification Campaign for the end of 2008 Universe Portal Campaign Type USER Auto Generate Permissions true Configuration Model2_ConfigWithRoles Link Fitter Direct Dual Audit Card Entity Filter No Filter Attachments X Google comments Owner Note X 16 12 2008 22 58 41 Eurekify Admin The Approvers have not begun The window presents the Campaign Ticket Data in four sections Ticket data In this section you can find the basic ticket data Functions Provides the general campaign ticket functionality General Provides general data concerning the campaign Advanced Lists the attachment and comments More information Ticket Data Campaign see page 108 General Data Campaign see page 110 Advanced Campaign see page 111 Chapter 7 Running Campaign owner Tickets 107 Campaign Ticket Data Ticket Data Campaign The Ticket Data section consists of the fields located at the top of the campaign s Ticket Properties Form es ne Eurekify Admin AD1 Previous Owner Status 03 01 2009 00 00 00 Priority Normal
155. a due date by which the action s ascribed to the ticket have to be performed Shows the current priority level The available options are m Low Normal m Rush m Critical Shows the current severity level The available options are a Minimal Medium m Serious m Urgent m Critical Shows the current ticket s state The possibilities are m New m Open m Hidden m Done m Archived m Canceled Shows the date and time when the content of the ticket was last modified Shows the date and time when the ticket was first created The ticket s title A description of the ticket More information Ticket Status see page 75 Chapter 6 Tickets and the Ticket Queue 85 The Ticket Properties Form General Ticket Functions Ticket functionality depends on the ticket type and on the user who is viewing the ticket Every Ticket Properties Form has at least two active functions Save Click to save any changes made to the ticket Close Click to close the Ticket Properties Form browser window More information Running Campaign owner Tickets see page 101 Campaign Approver Tickets see page 131 Running Self Service Tasks see page 193 Advanced Ticket Functions Advanced ticket functionality depends on the ticket type and is available only to the ticket owner Click Advanced at the bottom of the Ticket Properties Form to access the advanced ticket functions Ticket Properties Form Windows Inter
156. able 254 Portal User Guide The columns in the Links table provided in this screen depend on the type of Self Service request you have just processed Highlighted data gives you access to the relevant entity cards and further information This information always includes the following two columns Request Presents the nature of the Self Service request The options are Remove or Add Violations Presents the number of violations associated with the specific request Click on the number to view further details At this point the Eurekify Portal supplies you with two functions Back To return to the previous screen and edit your selections Submit Sends your request to the Eurekify ERCM for processing The Generating Tickets progress bar appears In the case of provisioning type Self Service tasks if no errors are found a Self Service ticket tree will be generated and placed in your ticket queue For each request listed in the Request table one branch appears in the Self Service ticket tree Enterprise Role and Compliance Manager eure if Home Ticket Queue Dashboards Self Service Entity Browser Reports Administration Ticket Queue gt Open New Done Tickets ID Title State Status Type Received Owner e f D w Approval 19 01 2009 Eurekify 1752 Bink of Team to Role s Approval Root Request New In Progress Root 00 18 29 Admin Logout AD1 EAdmin Eurekify Admin AD1 EAdmin Eurekify Admin AD1 EAdmin Eureki
157. administrators to view all the Approver tickets associated with their own campaigns Show the Campaign Tickets list This option depends on the user s permissions m Show the Archived Tickets list More information Tickets and the Ticket Queue see page 69 The dashboard automatically shows users useful information as they go about their tasks The Self Service menu provides access to a series of provisioning operations Self Service supports quick and easy user management by allowing the administrators managers on the fly access to role and resource assignment requests for themselves and their team members The Self Service menu provides the following functions Manage my team s role assignments Manage my role assignments Manage my team s resources assignments m Manage my resource assignments m Request a new role definition Place a request to alter a role definition More information Running Self Service Tasks see page 193 36 Portal User Guide Entity Browser Reports Menu Menu Bar The Entity Browser opens the Eurekify Portal s Entity Browser Page Here you can view information concerning Users Roles or Resources for a selected Universe under a selected configuration The information is presented in three tables where only one entity is visible at a time Users table Roles table Resources table More information Introducing the Entity Browser see page 307 The Reports menu
158. ager Approver Pending Action User Certification Purple Mary User Review t Goodman Bruce DOMAIN Goodman Bruce Campaign Manager Approver Pending Action User Certification Goodman Bruce User Review Cooper Amos DOMAIN Cooper Amos Campaign Manager Approver Pending Action User Certification Cooper Amos User Review t Schwarts Barry DOMAIN Schwarts Barry Campaign Manager Approver Pending Action User Certification Schwarts Barry User Review t Katz Nancy DOMAIN Katz Nancy Campaign Manager Approver Pending Action User Certification Katz Nancy User Review t Levi Jay DOMAIN Levi Jay Campaign Manager Approver Pending Action User Certification Levi Jay User Review t Allen Sherman DOMAIN Ilan Sharoni Campaign Manager Approver Pending Action User Certification Allen Sherman User Review The following fields appear in the View Children table Action The action you can take concerning this ticket For example Select opens the selected ticket in a separate browser window Owner The ticket owner Type The ticket type Status The ticket status Title The ticket title Comments The last comment added to this ticket To view a ticket s children tickets 1 Click Advanced at the bottom of the Ticket Properties Form screen 2 Click View Children A table opens at the bottom of the Ticket Properties Form screen 3 Click Close Children to close the ticket children table Chapter 7 Running Campaign owner T
159. ail User Certification Campaign Notification Nancy Katz box x show details 11 16 AM 7 hours ago Reply Y Dear Nancy Katz Due to security and compliance policies you are required to periodically certify the assigned roles and privileges of the people that report to you Your account DOMAIN Nancy Katz was granted Access to the Eurekify Enterprise Role amp Compliance Manager Portal in order to accomplish this task In order to start please open http ercm _serer com Please note This campaign due date is 2 2 2009 Thank you for your cooperation Role Management Team If this email was sent to you by mistake or you are not Nancy Katz please reply and notify the campaign manager at admin company com Reply Forward The new user campaign s owner ticket appears in Nancy s Ticket Queue Enterprise Role and Compliance Manager Home Ticket Queue Dashboards Self Service Entity Browser Reports Administration Ticket Queue gt Campaign Tickets State Status Children Type Received Owner Katz Nancy DOMAIN Katz Nancy 1491 First User Audit User Certification New ae 9 Campaign 12 01 2009 10 36 4 Chapter 4 Showcasing the Eurekify Portal 49 Running a Campaign A Case Study Under the column Children you can see the number 9 in the Campaign ticket s row This signifies that nine Approver tickets have been generated Enterprise Role and Compliance Manager Home Ticket Queue P mp
160. ake place the next time that the server is restarted Note Servers go offline for regular maintenance and backup The changes made to the property values designated DB_static_properties will be implemented the next time the server goes back online To access the Properties page 1 On the Administration menu click Settings The list of available options appears 2 Click Properties Settings The Eurekify Properties Page screen opens Chapter 13 Using Administration Functions 357 Properties Settings More information Accessing the Common Properties Settings Page see page 358 Eurekify Properties see page 397 Setting the Number of Records Per Page see page 23 Accessing the Common Properties Settings Page Common properties are properties of the type properties headers commonProperties Enterprise Role and Compliance Manager Home Ticket Queue Dashboards Self Service Entity Browser Reports Administration Logout AD1 EAdmin Administration gt Settings gt Common Properties Settings properties headers commonProperties Type Property Key Property Value Eurekify_home_properties_file statisticalService url http localhost 8080 eurekify services sageStatisticalService t Eurekify_home_properties_file pbe provider t Eurekify_home_properties_file pbe algorithm PBEWithMDSAndDES Eurekify_home_properties_file campaignService url http localhost 8080 eurekify services campaignService Eurekify_home_properti
161. ally provision campaign permissions Don t wait for ticket processing receive email when finished Create The Campaign Chapter 13 Using Administration Functions 315 Adding Campaigns 316 Portal User Guide The Certification Campaign screen contains the following fields Settings This section of the screen sets the campaign details Campaign Name Provide a unique and meaningful name Owner This field is auto completed by the Eurekify Portal Description Provide a concise and meaningful description of the campaign Due Date The date by which all the campaign processes must be completed Universe Choose a universe from the list Selecting a universe determines the available configurations Configuration Choose a configuration from the list of configurations associated with the selected Universe Audit Card Optional Choose an audit card from the list The default is None If the configuration has an Audit Card with results of out of pattern and or compliance checks select it and Eurekify Sage ERM will apply it when generating the campaign tickets This will cause violations contained in the Audit Card to be displayed to the approvers in red Adding Campaigns Campaign Type Choose a campaign type from the list There are three possibilities User A campaign in which the approvers certify the entitlements of the user under their management The certification is with regard to the user s
162. alue Users To Add 912387304 67762440 87473220F 84774660 947384 7012763291304 89213478 89123470F 87623490 82653450 Child Roles To Add Parent Roles To Add Resources To Add Users To Remove Child Roles To Remove Parent Roles To Remove Resources To Remove PropertyType SAGE OldProperties PropertyType SAGE OldPropertyValues Approval Process Result Role Fields Role Links Users To Add 91238730 67762440 87473220 84774660 94738470 76329130 89213478 89123470 87623490 82653450 Add Comment Add Attachment View Transaction Log View Violations View Pole The Update Role Approver ticket supplies you with all the data you need to make the decision whether to approve or reject the Self Service provisioning request The Approver ticket also provides you with the required functionality to assist you in the process Chapter 11 Role Definition Tickets 303 Update Role Ticket Tree More information Self Service Request New Role Parent Ticket see page 290 Self Service Request New Role Approver Ticket see page 293 Approve see page 184 Reject see page 185 Update Role Approver Tickets General Functions see page 304 Update Role Approver Tickets Advanced Functions see page 305 Update Role Approver Tickets General Functions 304 Portal User Guide The Self Service provisioning Approver ticket provides the following General functionality Close Closes the ticket Save Save
163. ampaign ticket is generated This is the campaign owner ticket This ticket appears in the campaign owner s Ticket Queue Enterprise Role and Compliance Manager Home Ticket Queue Dashboards Self Service Entity Browser Reports Administration Logout AD1 EAdmin gt ID Title State Status Children Type Received Owner Previous Owner Pending 16 12 2008 Eurekify Admin 465 a User Certify Dec 2008 User Certification New Matin 9 Campaign 18 37 42 AD1 EAdmin Chapter 7 Running Campaign owner Tickets 101 Info tickets The campaign owner ticket is structured as a tree where the top level that is the root ticket is the owner s ticket and the branches leaves are the approvers tickets The Children column when visible in the campaign s root ticket row provides the number of Approvers assigned to a specific campaign A campaign owner can also be an approver but it is not required If there are entities that do not have assigned managers their links will be sent to the campaign administrator for approval gt WD Title State 465 R User Certify Dec 2008 User Certification New 466 468 487 498 502 522 User Certification Eurekify Admin User Certify Dec 2008 Hidden User Certification Herman Barbara User Certify Dec 2008 Hidden User Certification Purple Mary User Certify Dec 2008 Hidden User Certification Goodman Bruce User Certify Dec 2008 Hidden User Certification Cooper Am
164. anage My Team s Role Assignments Manage My Team s Resources Assignments When you first access a Self Service task screen you may find the following error message Manage My Resources Business Area Universe Demo1 w Business Process Description Login user not found in model Currently Enrolled Resources General Self Service Functions The message Login user not found in model appears because the Universe currently listed in the Universe drop down is the first one in the list but it may not be the universe where you are listed As soon as you update the Universe to an appropriate one where you are listed this error message will disappear This section contains the following topics General Self Service Functions see page 195 Manage My Team s Role Assignments see page 203 Manage My Role Assignments see page 214 Manage My Team s Resources see page 222 Manage My Resources see page 233 Defining a New Role see page 240 Updating Role Definitions see page 251 Introducing the Requests Table see page 253 General Self Service Functions The Self Service tasks functionality depends on the specific task that you undertake Nevertheless several functions are shared by several tasks This section describes two such functions Test Compliance Suggest Entity It is important to realize that you can use the Suggest Entity service to obtain a list of recommended entities and
165. anager Home Ticket Queue UGSYS UGFIN1 public UGMPSYS uarksys UGMTSYS TESTDEV UGMPOPR 0oo0r00000000 Customize Dashboards Res Name 1 Self Service UGADMGR Administration ROOT UGMPMINI To see which users are using the selected resources click here 45489940 86544420 67283470 98383770 84847310 88311130 67565330 83838380 93773730 58723810 00000000000 Customize To see which resources are used by the selected users click here 202 Portal User Guide Steiven Pat Fred John Angel Ben Rolen Dave Goid Wiliam Goodman Bruce Schwarts Barry Helmuth Howard Tailor Janet Miles Buyer Entity Browser Res Name 2 TSSCREDIT TSSCREDIT UNXMARKT RACFPROD UNXMARKT RACFTEST RACFTEST RACFPROD NOVELADM RACFPROD Reports Administration 4 4123456789 gt Enrolled Res Name 3 TSS50 2 2 TS550 Solaris26 RACF22 Solaris26 RACF22 RACF22 RACF22 Novell4 RACF22 the results are in the Users table Organization System Management System Management System Management Finance Human Resources Marketing_Dept Human Resources Marketing_Dept Operations Purchasing 441234567 Enrolled Organization Type Corporate 1 2 Corporate 1 2 Corporate 1 2 Corporate 0 2 Corporate 0 2 Corporate 0 2 Corporate 0 2 Corporate 0 2 Corporate 0 2 Corporate 0 2 Records per page 10 _ the results are in the Resources table Copyright C 2008 Eurekify All Rights
166. arent Ticket The Rejected Link Parent ticket is a management ticket generated by the Eurekify portal for every rejected link that has to be reviewed during an Approval Process procedure While the Approval Root ticket controls the lifecycle of the whole tree the Rejected Link Parent ticket controls the lifecycle of the individual link under its purview Ticket Properties Form Windows Internet Explorer DAR al http flocalhost 8080 eurekify tms ui wicket bookmarkablePage com eurekify tms web template DefaultTicketPagesticketId 1162 Delete Link User Resource Ticket Id 1162 Owner Eurekify Admin AD1 Previous Owner Status In Progress Due Date 29 12 2008 18 46 30 Priority Low Severity Minimal State Open Modified Date 22 01 2009 17 44 41 Date Created 29 12 2008 13 46 30 Title Request to remove user to resource association resource UGMPMRK RACFPROD RACF22 Production RACF user Garr Jim 77371120 Request to remove user to resource association resource UGMPMRK RACFPROD RACF22 Production RACF user Garr Jim 77371120 Request was submitted on Universe Portal from User Review Delegate Escalate Cancel Process lt lt Less Details onfiguration Name Model2_ConfigWithRoles Person ID 77371120 Add Attachment View Transaction Log View Initiators View Children gt gt Chapter 9 Approval Process Tickets 173 Rejected Link Parent Ticket 1
167. as the Approver ticket below it but it is intended to be a management ticket The ticket owner in this case is the role manager Ticket Properties Form Windows Internet Explorer DER L http localhost 8080 eurekiFy tms ui wicket bookmarkablePage com eurekify tms web template Default TicketPageBticketId 2224 N Owner Cooper Amos DOMAJ Previous Owner Status 1n progress 11 02 2009 00 38 36 Priority Low Severity Minimal State open Modified Date 02 02 2009 00 06 52 Date Created 01 02 2009 00 38 36 Title 1 j Description Request to add user to role association role Corporate Security user 89213720 Request was submitted on Universe Portal from Add pee Delegate Escalate Cancel Process lt lt Less Details onfiguration Name Model2_ConfigwithRoles E 89213720 Corporate Security ir Le Internet 290 Portal User Guide Add New Role Ticket Tree In this section you will find information specific to the Self Service Request New Role Parent ticket lt Ticket Title gt Link Entity Role Title Request to add Entity to role association Role Role Entity Entity ID For example Request to add user to role association role Corporate Security user 89213720 Description Request to add Entity to role association Role Role Entity Entity ID Request was submitted on Universe Universe from Self Service Task For example Request to add use
168. ated stating that the ticket has been Delegated to current owner This comment appears in both the old ticket and in the new ticket When viewed in the original ticket owner s Archive screen Ticket Queue Archived tickets the old ticket and the new ticket create a hierarchal tree in which the original ticket the Status is set to Delegated is the root ticket and the new ticket is the next node Enterprise Role and Compliance Manager Home Ticket Queue Dashboards Self Service Entity Browser Reports Administration Ticket Queue gt Archived Tickets State Status Children Type Received Owner User Approval Request to delete role Delete 1778 B 2 Organization Database Administrators Characteristic Archived Escalated User Logout Eurekify Rami Link 19 01 2009 Rami Sas n47 A Role 17 47 43 Eurekify Rami al Request to delete role Database Administrators Characteristic New fending Action Rami Sas Eurekify Rami Delete Link User Role 19 01 2009 23 11 22 Herman Barbara Chapter 6 Tickets and the Ticket QUeue 95 Info tickets 96 Portal User Guide To delegate a ticket select a user from the list of appropriate users Browse Tickets Windows Internet Explorer http localhost 8080 eurekiFy tms uif wicket interFace 9 Find Escalate Users Where Choose Field Where Choose Field OrganizationType Email Title Corporate 75676560 company com DB Developer 47868650 company c
169. ated with the current action Enter the Request Description Enter the Role Name Enter the Description of the new role Sr d Oy U N w Enter the Owner s ID Optional Click Find to access the Find User filter screen 9 Select a user from the User list generated by your filter Click OK Configuration Model2_ConfigWithRoles Where Any Field Is Any Value And Any Field v Is Any Value And Any Field Includes User No Records Found Customize Chapter 10 Running Self Service Tasks 243 Defining a New Role 10 11 12 13 14 Enter a Type use autocomplete Enter an Organization name use autocomplete Enter an Organization 2 name use autocomplete Enter an Organization 3 name use autocomplete Create a Rule Click Add Rule for assistance in constructing a rule Request New Role Definition Business Area Business Process Request Description Fifth Ave Branch Universe Portal New Corporate Role Definition Defining a new corporate role definition security officer The description is displayed on the approver ticket Role Name Security Officer Senior manager in charge of local IT Description Owner 54672910 Type Organizational Role Organization IT Security Organization 2 Branch Rule lOrganization IT Security Add Rule After entering role information click Next to proceed Next Cancel 15 Click Next The Definitions for Role Name Role Name s
170. ation Model2_ConfigwithRol Users Roles Resources Showing 1 to 10 of 69 Person ID 4 Name 45489940 Steven Pat 47868650 Moris Bill Tabs can also be found in Entity Cards Click a tab label to bring that data table to the forefront active For example if you click the RACI tab in a Role Card the RACI table becomes active Title Product Manager Characteristic Role 50 45489940 Organization2 Title Organization3 Corporate Create Date Approval Date 09 05 2007 10 36 00 Approval Status Approved Expiration Date Resources Sub Roles Parent Roles RACI Name DOMAIN Ilan Sharoni A Allen Sherman Customize 26 Portal User Guide User Interface Sorting a Data Table by Column The Eurekify Portal data tables can be sorted When you click a column label the table is sorted based on the selected column Each type of data column has its own default presentation For example in Ticket Queue tables the records are sorted based on the ticket ID and the newest ticket that is largest ticket ID number is displayed on the first row of the table If you were to click Children the table would be resorted according to the number of children per ticket As seen in the following screen in the sorted table the newest ticket ID is no longer in the first row Enterprise Role and Compliance Manager eureXify Home Ticket Queue Dashboards Self Service Entity Browser Reports Administration Logout DOMAIN Cooper Amos Ticket
171. ation Database Administrators Characteristic Role 100 0 Min 40 from user Rodney Sergio 75676560 Request was submitted on Universe Demo1 from Link of Team to Role s lt lt Less Details onfiguration Name Model_ConfigWithRoles E 75676560 Organization Database Administrators Owner Note 19 01 2009 23 11 22 Rami Sas Eurekify Rami Escalated to Herman Barbara Advanced ir Internet 154 Portal User Guide General Approval Process Ticket Functions A comment is generated stating that the ticket has been Escalated to current owner This comment appears in both the old ticket and in the new ticket When viewed in the original ticket owner s Archive screen Ticket Queue Archived tickets the old ticket and the new ticket create a hierarchal tree in which the original ticket the Status is set to Escalated is the root ticket and the new ticket is the next node Enterprise Role and Compliance Manager Home Ticket Queue Dashboards Self Service Entity Browser Reports Administration Ticket Queue gt Archived Tickets Logout Eurekify Rami z ID Title State Status Children Received Owner User Approval Request to delete role Delete P 1778 E G Organization Database Administrators Characteristic Archived Escalated Link User Role 19 01 2009 Rami Sas 100 1 7 47 43 Eurekify Rami User Approval Request to delete role P is B Organization Database Administrators Characteristic New Role 100
172. ations Violations First Second Third Rule Description Score Fifth av Applicative license Only 5 people Only 5 people may role Role By 2 may access role access role ADMNMGR 100 E Resources ADMNMGR licensing licensing The Violations screen lists only those records that have a violation associated with them If there are no violations the screen will have no records listed Wiolations Violations No violations First Second Third Rule Description Score No Records Found 196 Portal User Guide General Self Service Functions The Violations table provides the following information First The link s first entity Second The link s second entity Third The link s third entity Rule The rule that is being violated Description Provides further details concerning the violation Score The risk as defined for the specific BPR The value is usually between 0 and 100 To run the compliance testing 1 Click Test Compliance The Violations screen opens in a separate browser window 2 Click in the upper right hand corner to close the window Chapter 10 Running Self Service Tasks 197 General Self Service Functions Suggesting Entities The Eurekify Portal takes advantage of the advanced pattern recognition technology provided by the Eurekify ERCM This technology is utilized when you request that a Eurekify Portal s Self Service task provide you with relevant suggestions in various situations For example i
173. be listed as an attachment File The file to be attached You can use the Browse button to locate the file 90 Portal User Guide The Ticket Properties Form To add an attachment 1 Click Add Attachment The Add Attachment screen opens 2 To link to a URL enter the URL in the URL text box 3 To attach a file enter the file name or locate it using the Browse option 4 Click Save The Executing bar appears The URL file appears in the Ticket Properties Form under Attachments You can open the URL or file by clicking on the provided link Ticket Properties Form Windows Internet Explorer DER N http flocalhost 8080 eurekify tms ui wicket interFace Campaign TA T Eurekify Admin AD1 Previous Owner Status In Progress i Due Date 31 01 2009 00 00 00 Priority Normal v Severity Medium State Open Modified Date 06 01 2009 00 30 57 Date Created 06 01 2009 00 19 03 Title New Year User certification User Certification Description Certify users beginning of new year Universe Portal Campaign Type USER Auto Generate Permissions true Configuration Model2_ConfigWithRoles Link Filter Direct Dual Audit Card Entity Filter No Filter Attachments X Google X Read me doc omments Campaign Management C Stop Campaign Restart Carnpaign Start Approval Process View Campaign Progress Done C Internet View Transaction Log The transaction log provides a history of t
174. below the current ticket For the Approval Process Root ticket this means that you can view information concerning the Approval Processes Rejected Link Parent ticket View Statistics Provides the status of all the children tickets More information Add Comment see page 88 Add Attachment see page 90 View Transaction Log see page 91 View Children see page 164 View Statistics see page 172 Chapter 9 Approval Process Tickets 171 Approval Process Root Ticket View Statistics The View Statistics button opens the View Statistics list in a separate browser window This list in table format presents the statistics concerning how many of the child tickets Reject Link Parent ticket in this case have one of three state status combinations Any ticket that has already been processed will not be listed here http localhost 8080 eurekify tms ui wicket bo a http localhost 8080 eurekify tms ui wicket bookmarkablePage 196popup Y View Statistic Status Number of tickets Cancel In Progress 1 New In Progress 12 Open In Progress 4 Total 17 Close a internet 100 To view the ticket s statistics information 1 Click Advanced at the bottom of the Ticket Properties Form 2 Click View Statistics The View Statistics table appears in a separate browser window 3 Click Close to close the View Statistics window 172 Portal User Guide Rejected Link Parent Ticket Rejected Link P
175. c 2 In the Available Links left hand panel select one or more using Ctrl Shift of the business process links Click gt to transfer the selected link s to the Selected Links pane 4 Optional To change the order of the listed links in the Selected Links pane select a link and click uN 5 To remove a business process link from the Selected Links pane select the link and click amp 6 When you have finished making your selections click OK The selected links appear in the Home page Business Processes navigation bar More information Running Self Service Tasks see page 193 68 Portal User Guide Chapter 6 Tickets and the Ticket Queue Tickets have a unique place in the CA Eurekify Role amp Compliance Manager Eurekify Portal tickets are work items and they are used to transfer data run campaigns certify roles update privileges and more The Ticket Queue menu provides a series of filtered display options allowing you to view filtered lists of tickets in table format in the Ticket Queue window The available filtering options provided by the Ticket Queue menu are m Open New Done Tickets New Tickets m Over Due Approver Tickets Campaign Tickets m Archived Tickets Administrators can see their own tickets and also tickets assigned to their team s campaign tickets that are associated with campaigns they created and approval process tickets associated with the same campaigns Other u
176. ccountable Ticket Add New Role 0 ccc cee cc eee eect eee tenn ee eens 280 Role Approver Ticket Add Role 0 cece ec neren rnrn teen nent eee e eee eneees 287 Self Service Request New Role Parent Ticket 0 0 ccc cee cee cee cnet nee eens 290 Self Service Request New Role Approver Ticket 00 ccc cece cece eee e eee nee eens 293 8 Portal User Guide Update Role Ticket Tree ee ene een n eee een e ee ete e tenet eee eeee 296 Self Service Request Update Role Parent Ticket 299 Self Service Request Update Role Approver Ticket 0 cc ccc ccc cece cece tenn eee eee 303 Chapter 12 Introducing the Entity Browser 307 Main WINdOW nn enn eee enn ene ee een earnan teen beeen eee 307 Specific Entity DroWSEM sss ss cs ccndn abcd EEEE E A daw pad eG a TR awa ha ee Rela OND oatnes 309 USErs BOWSER saaneen sinoi a eens secede me atedactes a E eased ens Coaee eet EES R 310 Roles Browse iccosccdced Sede o EES at boda boda Dawe de ded bea wo eo Oe aed Bee weed 311 Res rce BrOWSED 22 5 cece eects Mee does Erno DGE eed eee Sh ee eee GE REEL GEM eRe ee 312 Chapter 13 Using Administration Functions 313 Adding CAMpPaliGnS s gec s 22cc0ce0 cadawesee carne s Hoe dee ew ea Tae Oe Oe dea te eo E sees ee eae sO ees 313 Introducing the Privileges to Certify Options 0 2 eee eens 321 Introducing Audit Cards 2 2 3 2 ic sc0 s oe ecSw vad sie ne Gude Geek OE E ood ee Y Aba dew os EE 322 S
177. cdc hadtad Meecd dase 66 eedadw SSeS adeL ed deeds ssa ad Sess sad Saeed 74 Mieket Status 222 cian sine chained Re ele aE Sains E A A Snake Dae a GRMN Ee a a meee Os 75 Ticket Tables scs 2vecessecanavbre arcutwe ie ddeuceeyedee regen dowseSerease nhs OEE nies AAEE 76 Main Screen Layout lt 20c 46 a R RR ceo dies ne A ARR bee EEE Lede EREE A R eed OE REE 77 Main Screen Operations wa R 0 0 5 5 ccc ce R Ra RR R rars tobi RRR RRR RRR RRR RRR RRR RR RRR R 79 Administrator View User VieW 0 cee ene runn rn t teen nent e teenies 83 The Ticket Properties FOr 2 505 lt caeereeds osu snrsege eh KN ee eae ces wade ee oa aewes ee eae KE K Fetes 84 General Ticket Functions 0 ee nn ararnar rororo rnare anann rnnr 86 Advanced Ticket Functions 0 ccc ene ee ee ee nee teen ene rsson oorr teens 86 INTO CICK EES eesse renep rroen weds aanle ee te EE E hie Sa dew bos eedele vibes ge dee eins Su pees eee 92 Receiving an Info Ticket 0 ne ene eee een n eee eet n nee orrore 93 General Info Ticket Functionality 0 eee e eee e nent eeeees 94 Delegating an Info Ticket e e e e 95 Escalating an Info Ticket 0 ccc enn nee een e eee ee ete e nett ee eene 97 Advanced Info Ticket Functionality 0 cc eect e eee eeenees 99 Chapter 7 Running Campaign owner Tickets 101 Campaign Ticket Data cs ccntes rrue veda acer estedeia se dee tet ed dele veda dewae pea REEDE sean 107 Ticket Da
178. ce Corporate 0 2 84847310 Goid Wiliam Human Resources Corporate 0 2 88311130 Goodman Bruce Marketing_Dept Corporate 0 2 67565330 Schwarts Barry Human Resources Corporate 0 2 83838380 Helmuth Howard Marketing_Dept Corporate 0 2 93773730 Tailor Janet Operations Corporate 0 2 58723810 Miles Buyer Purchasing Corporate 0 2 Customize Records per page 10 Y To see which resources are used by the selected users click here the results are in the Resources table OOOOO0O00B88O Copyright C 2008 Eurekify All Rights Reserved Build 08 11 26 01 Chapter 10 Running Self Service Tasks 249 Defining a New Role To assign users resources and role hierarchy to the new role 1 Select users resource and or role hierarchy entities Utilize the Find Entity filter and the Suggest Entity utility when necessary 2 Click Test Compliance to check your selections for violations 3 Click Submit to submit the new role definition request The Requests screen opens The Requests screen provides both the new role s attributes and links Enterprise Role and Compliance Manager Home Ticket Queue Dashboards Self Service Entity Browser Reports Administration User User User Logout DOMAIN Herman Barbara Senior manager in charge of local IT 54672910 Organizational Role IT Security Branch Corporate Organization IT Security Name Steiven Pat 45489940 Steiven Pat 45489940 Fred John 86544420 Fred John 86544420 Angel
179. ce task manager has selected a person who will be accountable for this role stage 1 stage 2 begins and a new ticket is generated Stage 2 Ticket Description Approval Root ticket Same ticket gt Self Service Main Request Parent Same ticket Ticket Select Accountable This Task ticket has been completed and is currently archived Approver Ticket The Role Approver ticket This is an Add Role approver ticket It is sent to the Role manager It contains all the requests to add a link between the new role and other entities For more information see Role Approver Ticket Add Role see page 287 Note If the role manager rejects the request submitted in the Role Approver ticket the Approval Process ends and the relevant emails and info tickets are generated ma ID Title State Status Children Type Received Owner Approval 01 02 2009 Root 00 29 04 1 02 2009 Eurekify Admin 2220 B e Add Role Approval Root Request Open In Progress Eurekify Admin C W f 0 2221 E amp New Role Corporate Security Open In Progress Add Role 00 29 05 AD1 EAdmin 01 02 2009 00 29 17 2222 Select Accountable to Role Corporate Security Archived Completed Task Eurekify Admin Cooper Amos 01 02 2009 DOMAIN Cooper Sr Amos 2223 Role Approver New Role Corporate Security Archived Approved Add Role Chapter 11 Role Definition Tickets 277 Add New Role Ticket Tree After the Role manager has approved the enrollment of all the us
180. ced at the bottom of the Ticket Properties Form 2 Click View Initiators The View Initiators table appears in a separate browser window 3 Click Close to close the View Initiators window View Parent Post campaign Approval Process tickets are set up as hierarchal trees The View Parent option provides you with quick access to the current ticket s parent ticket When you click View Parent in the Ticket Properties Form s Advanced functions section the parent ticket opens in a separate browser window For the Approval Process ticket tree this means that you can view the parent tickets for the Request Parent ticket and for each Approver ticket Click View Parent to open the current ticket s parent ticket in a separate browser window Chapter 9 Approval Process Tickets 163 Advanced Approval Process Ticket Functions View Children Post campaign Approval Process tickets are set up as hierarchal trees The View Children option allows you to see information concerning all the nodes leaves that are located below the current ticket For the Approval Process ticket tree this means that you can view the children tickets for the Approval Process Root ticket and for the Rejected Link Parent ticket You can control the number of records per page listed in the table by using the Records per page option Add Comment Add Attachment View Transaction Log View Initiators lt lt Close Children Type Status Title ar Pending User Approval R
181. ces in table format User cards are marked with the 4 symbol Enterprise Role and Compliance Manager ooper Amos 54672910 Model2_ConfigWithRoles 54672910 Cooper Amos Organization TT Security Organization Type Corporate US Pennsylvania IT Manager 23456 No 64646410 54672910 company com DOMAIN Cooper Amos Resources Type Organization Basic role for all users that have access to IT Org Role Enterprise Organization IT Security Characteristic Role 100 0 Min 40 Org Role IT Security Customize Filter The User Card also includes separate lists tabs one for the user s linked Roles and one for the user s linked Resources as shown in the following two screens Role Name Description Type Organization Organization IT Security Characteristic Role 100 0 Min 40 Org Role TT Security Customize Filter Res Name 2 Res Name 3 GADGEN1 Administration ROOT NOVELADM Novel4 GADGEN2 Administration ROOT NOVELADM Novel4 UGADMGR Administration ROOT NOVELADM Novell4 GADSYS Administration ROOT NOVELADM Novel4 IUGAPPLDEV Administration ROOT NOVELADM Novel4 ustomize Filter 30 Portal User Guide User Interface Role Card Role cards present all the information concerning the specific role that is available in the selected Universe s configuration files Role cards are marked with the symbol Enterprise Role and Compliance Manager C ROLE Basic role for all users that have access to IT
182. ch the rule but are not linked to the role and suggests adding those users to the role The equivalent in the CA Eurekify Role amp Compliance Manager DNA In Out of Pattern Identify users matching rule based roles For more information see the CA Eurekify Role amp Compliance Manager Sage ERM DNA User Guide In Out of Pattern Entities Chapter 10 Running Self Service Tasks 199 General Self Service Functions Other Roles When you request suggestions for more than one user the table lists the number of users that match out of the number of selected users matching selected Showing 1 to 10 of 27 4 23 n Add Role Name Description Matching Rights HR Pattern Privileges Pattern Matching Rule Details 0 Organization Stamford Branch e Role 100 0 Min Title Title Novell Title Find Roles Test Compliance Suggest Roles Fifth av Applicative role Role By 2 Resources 10 10 Details Organization Human Characteristic Role 85 7 Min Resources 40 Organization IT Security Organization Finance RACF Accountant Characteristic Role 50 10 10 10 10 10 10 10 10 10 10 Details 0 10 10 10 10 10 10 Details Branch Officer Clerk Characteristic Role 50 1 10 1 10 1 10 Details Branch Manager Characteristic Role 50 1 10 9 10 9 10 Details Characteristic Role 100 0 Min 40 Characteristic Role 100 0 Min 40 Characterist
183. cific link in the expanded entity table Violations PersonID UserName Organization OrganizationType Comment m 0 6 TE Joe Dassin Sales Corporate E vase resources E Roles A Name Violations Relationtype Description Type Organization Rule Owner History Comment Sales Team Role By 2 Users Organization Sales Characteristic Role Characteristic Role Direct 100 0 Min Org Role Sales Organization Sales 99883135 History 100 0 Min 40 40 Direct Role By 2 Users Org Role Sales Organization Sales 99883135 History E E Resources 4 v X d Namel Name2 Name3 j Description Managerid owner Location History San office2003 2003 WinNT EI al Mateo CA MS office2003 2003 WinNT MS office2003 91236370 History approved e mail outlook WinNT MS v San E email outlook WinNT MS email 91236370 Mateo CA History g To add a comment to a link 1 Go to the record where you want to add the comment Click Ef the selected row in the Comment column A free style text box opens Comment Ef Basic function approved Ef 146 Portal User Guide General CMA Ticket Functions 2 Enter the free style text of your choice 3 Click the column label Comment at the top of the Entity Table Violations PersonID UserName Organization OrganizationType Comment Joe Dassin x S 2 6 99883136 Joe Dassin Sales Corporate a resources Name Violations R
184. cket When a request is made to update a role definition this is the main parent ticket Below it you will find the role managers approver ticket and the set of subtrees generated for each request listed in the original Requests table Both ticket types provide you with the same management functionality They differ in the content of the individual Main Parent ticket Ticket Properties Form Windows Internet Explorer DER http localhost 8080 eurekify tms uif wicket interface 7 N Update Role Ticket Id 2260 Owner Eurekify Admin AD1 Previous Owner Status In Progress Due Date 01 02 2009 19 05 45 Priority Low v Severity Minimal v State Open Modified Date 01 02 2009 16 55 42 Date Created 01 02 2009 14 05 45 a Ta Update Role Organization Marketing_Dept Description Update Role Organization Marketing_Dept More Details gt gt Add Comment Add Attachment View Transaction Log View Initiators View Children gt gt v Done CE internet R100 268 Portal User Guide Role Definition Main Request Parent Ticket Tet pa ower Previous Owner statusin Pores Due Date Priority Low Severity 1 v State Open vl Modified Date Date Created New Role Corporate Security New role Corporate Security Model2_ConfigWithRoles DOMAIN Cooper Amos Corporate Security Rule Organization2 Organization Type Owner Description Organization3
185. cket s parent s ticket View Initiators View of list of the users who launched this ticket View Role Opens the Role s card As in this case the review is limited to the role you cannot access the users cards View Violations View the list of violations More information Add Comment see page 88 Add Attachment see page 90 View Transaction Log see page 91 View Parent see page 163 View Initiators see page 163 View Entity see page 165 View Violations see page 286 Chapter 11 Role Definition Tickets 285 Add New Role Ticket Tree View Violations 286 Portal User Guide A violation is a breach of corporate security policies guidelines BPRs and or regulations The CA Eurekify Role amp Compliance Manager identifies such infractions When seeking to decide whether to approve or reject a request to create a link between a role and other entities within a Role Definitions Approver Process Approver ticket you can use the View Violations utility to see whether there are any violations connected to the Self Service request you are examining When you click View Violations you open the View Violations window in a separate browser window Click Close to close the window You can use this utility to view a list of the violations connected with the link s under review http localhost 8080 eurekify tms ui wicket bookmarkabl http localhost 8080 eurekify tms ui wicket bookmarkablePage
186. commands approvalCommands tmsCommands tms configuration xml properties tmsProperties approvalProperties tms variables testvar1 Zodiac testvar2 Alph tms workflow url http localhost 8080 tmsWPAdapter xfire TMSRequestsHandler wsdl tms campaign entityLinks Table maxRowPerPage 50 tms configuration mail user DemoV4 Eurekify com tms configuration mail password hasadna8 tms configuration mail server smtp eurekify com tms configuration mail serverPort 25 Appendix B Eurekify Properties 399 Sample Properties File tms configuration mail useSSL false tms configuration mail from TMS eurekify com tms configuration mail interval 100 tms configuration mail events create Ticket SAGE ApproverTicket create Ticket SAGE Info Ticket createTicket SA GE EnrTicket onDelegate onCampaignReassign onCampaignNotification tms filter variable delimiter tms filter variable customDelimiter workpoint auditApprovalRootProcess reference AARP workpoint changeRoleResource reference ARRE workpoint changeRoleRole reference ARRO workpoint changeUserRole reference AURO workpoint changeUserResource reference AURE workpoint deleteUserResource reference DURE workpoint deleteUserRole reference DURO workpoint deleteRoleRole reference DRRO workpoint deleteRoleResource reference DRRE workpoint deleteRole reference DROL workpoint updateUser reference UUSR workpoint updateResource reference URES workpoint addRole reference
187. creen opens More information Filtering a Data Table see page 24 Constructing a Rule see page 244 Defi nitions for Role Name New Role Name see page 246 Constructing a Rule The Eurekify Portal provides you with the Add Rule utility to assist you in constructing a rule for the new role you are requesting 244 Portal User Guide Defining a New Role This screen has the following text boxes and functions Field Use autocomplete to select a field name Value Enter a value or use autocomplete to provide an appropriate value Add Lets you add another constraint to the rule Remove Removes the last added constraint Cancel Cancels the rule construction Rule Construction Field Value OrganizationType Branches Note Adding a rule is optional Not every Role has to be rule based To construct a rule 1 Click Add Rule in the Request New Role Definition screen The Rule Construction screen opens Enter a Field name Enter a Value Optional Click Add to add additional constraints Repeat step 2 to step 4 as necessary Click OK OP ol ee Oy oY The constructed rule appears in the Rule text box in the Request New Role Definition screen Chapter 10 Running Self Service Tasks 245 Defining a New Role Definitions for Role Name New Role Name Now that you have requested a new role you can start assigning users and resources to the newly constructed role Roles can be linked to use
188. croll down to the Other Roles table 2 Optional Click Find Roles to access the Select Role filter screen 3 Optional Click Suggest Roles to see the Eurekify Portal s recommendations 4 Select one or more roles to link to the chosen users 5 Optional Click Test Compliance to review your selections and check for possible violations The Violations screen opens in a separate browser window Click X to close the Violations window 6 Click Submit The Requests screen opens Enterprise Role and Compliance Manager eureXify Home Ticket Queue Dashboards Self Service Entity Browser Reports Administration Logout AD1 EAdmin Person ID Name Privilege Violations Rodney Sergio 75676560 Rodney Sergio 75676560 Organization Database Administrators Characteristic Role 100 0 Min 40 Davis Brett 75675330 Davis Brett 75675330 Title DB Developer Characteristic Role 50 Davis Brett 75675330 Davis Brett 75675330 Organization Database Administrators Characteristic Role 100 0 Min 40 Doll Charles 89653230 Doll Charles 89653230 Organization Database Administrators Characteristic Role 100 0 Min 40 220 Portal User Guide Manage My Role Assignments More information Approval Process Tickets see page 151 Customizing a Data Table see page 22 Setting the Number of Records Per Page see page 23 Entity Card and Data Table Tabs see page 26 Test Compliance see page 196 Suggesting Ent
189. ct the default export process You can use the bundled Workpoint BPM engine to generate additional workflow processes Ticket Type Tickets are work items that can be viewed in the Ticket Queue Select the default export ticket type Priority Set the priority level The available options are m Low Normal m Rush Critical Severity Set the severity level The available options are a Minimal Medium m Serious m Urgent m Critical Chapter 13 Using Administration Functions 343 Setting Connectors 344 Portal User Guide To create a new export connector 1 2 3 4 5 8 9 10 11 12 13 In the Connector pane click Create New Enter the name of the new Export Connector Provide a clear and concise Description of the export connector Select the Universe from the drop down list Enter the name and location of the Settings XML File You can locate the file using your systems file browser and copy the name and path from the Address bar and paste it in the text box Enter the name and path of the Mapping XML File You can locate the file using your systems file browser and copy the name and path from the Address bar and paste it in the text box Enter the Remote system login password for accessing the endpoint Provide an upper estimate in seconds for the Max duration time Select the appropriate Connector Java Class Select the default Workflow process name Select the default import
190. cuments DOC ACCESS DATABASE RW L this resource will grant all permissions to DATABASE documents DOC_ACCESS The general syntax is lt Document type gt For example AUDITCARD allows users linked to this resource permission to access this type of file Adding the modifier Read R or Read Write RW sets the level of access to the files that the user is permitted to access The value entered in the column Resnamez2 influences the level of permissions asterisk indicates full permission for all such files or a specific entity can be listed here for example a configuration name a universe name Chapter 14 About Security amp Permissions 373 Permissions Filter Type Resources There are 3 types of filter resources Filter_User Filter_Role Filter_Resource Res Name 3 Description e H Campaign automatic filter CONFIGURATION R TmsSystem FILTER_USER 374 Portal User Guide a ee ra Demo Model_Configwit Demo Demol Demol Demol Demot Demol Demol Demol Demol Demol Demol Portal Portal Portal Fiter14 14 Filter15 Filter18 Filter19 Filter20 Filter21 Filter22 Filter23 Filter24 Filter25 Filter26 Filter27 Filter28 Filter29 Filter30 Filter31 Model2_ConfigWi Portal Portal Portal Portal Portal Portal Portal Portal Portal Portal Portal Portal Portal Portal Portal Portal Portal Portal Portal Filter33 Filter34
191. d This function will only hide those entities whose entire list of links has been reviewed As any manager can have many entities that need to be reviewed this option makes it easier to see which entities have links that have not been reviewed Ticket Properties Form Windows Internet Explorer BEE L http localhost 6080 eurekiFy tms ui wicket interface 37 A v Campaign Manager Approver Ticket Id 872 _ os S Owner Cooper Amos DOMAI Previous Owner _ Status Pending Action Due Date 15 01 2009 00 Normal Severity Medium State open User Certification Cooper Amos User Review user Certification Cooper Amos User Review Save and Reassign E a 1 X Progress Violations PersonID UserName Organization OrganizationType Comment Mike Pamela 87347830 Mike Pamela Application Development Corporate IS La S internet 100 lt 148 Portal User Guide Advanced CMA Ticket Functions In the example we see that according to the Approver Bar there are 176 links that have to be approved 167 of those links have already been processed After clicking Hide Selected only one user is listed collapsed This way it s easy to see the links that have yet to be examined It is important to realize that the function only hides main entities that have been fully audited Entities whose link tables have only been partially audited will be visible ee E lll iv Hoo Violations PersonID UserName
192. d regulatory needs and that they are not over allocated This process is supported by the Eurekify Audit Card facility which allows the presentation of out of pattern and non compliance information to the approver The campaign administrator can apply pattern recognition tools and policy enforcement rules to analyze a configuration and run a comprehensive audit The output of an audit is the Audit Card which contains a list of all suspicious records and the type of suspicion involved currently about 50 different types Part of the cleansing process and an important step before starting the role engineering process is for business managers Approvers to review the access rights A manager can be in charge of a team of users one or more roles or one or more resources In a business with over 1000 users the help of the managers is required to speed up the cleansing process Depending on the campaign definitions the business managers may be required to review the access rights of their employees and or resources under their jurisdiction and report the change requests to the Eurekify Administrator Campaigns are used not only in the enterprise cleansing phase but also for periodic certification as required by regulation Self Service Managers can use the Eurekify Portal to manage their team s role definitions and access to corporate resources Users can also manage their own personal privileges with regard to system roles and resources En
193. d the TSS mgr resource Goid Wilam Ofganization Finance UGFINMGR TSSCREDIT TSS50 Characteristic Role 84847310 100 0 Min 40 Top Secret on MVSCREDIT Only people in role Finance can access the listed the TSS mgr resource Organization Finance Characteristic Role 100 0 Min 40 UGFINMGR TSSCREDIT TSS50 Top Secret on MVSCREDIT Sterling Kent 86023090 You can decide to make the request despite any listed violations or you can amend your selections Important Remember that when selecting multiple users all resource related choices apply equally to all the users If at any point you alter the selected users click Get Resources again Chapter 10 Running Self Service Tasks 231 Manage My Team s Resources To link resources to selected users In the Manage My Team s Resources screen scroll down to the Other Optional Click Find Resources to access the Select Resource filter screen Optional Click Suggest Resources to see the Eurekify Portal s Select one or more resources to link to the chosen users Optional Click Test Compliance to review your selections and check for The Violations screen opens in a separate browser window Click X to close the Violations window 1 Resources table 2 3 recommendations 4 5 possible violations 6 Click Submit The Requests screen opens Enterprise Role and Compliance Manager Home Ticket Queue 232 Portal User Guide
194. dd links the system considers the request to be denied ID Title State Status Children Type Received Owner 2246 2247 2248 2249 2242 2243 2244 2245 2220 262 Portal User Guide Approval 01 02 2009 Root 13 12 04 Update 01 02 2009 Eurekify Admin Role 13 12 04 AD1 EAdmin Cooper Amos Update 01 02 2009 pas bead DOMAIN Coop Role 13 12 08 Amos Cooper Amos DOMAIN Coop Amos El amp update Role Approval Root Request Open In Progress Eurekify Admin E amp update Role Corporate Security Open In Progress Role Approver Update Role Corporate Security Archived Approved Link User 01 02 2009 Role 13 15 48 Approval 01 02 2009 Root 13 01 32 01 02 2009 Eurekify Admin 13 01 32 AD1 EAdmin 01 02 2009 13 01 40 Role Approver New Role Manage Human 9 Pending E 01 02 2009 Resources New Action Add Role 13 08 02 Approval 01 02 2009 Root 00 29 04 New In Progress E Request to add user to role association role Corporate Security user 89213720 El amp Add Role Approval Root Request Open In Progress Eurekify Admin E amp New Role Manage Human Resources Open In Progress Add Role Select Accountable to Role Manage Human Resources Archived Completed Task Eurekify Admin Levi Jay DOMAIN Levi Jay E Add Role Approval Root Request Open In Progress Eurekify Admin Role Definition Approval Root Ticket In the case of a Role Update request if the requests included only removing
195. de N L this resource will grant all links permissions in Eurekify Portal for portal TAG TmsSystem LINK L this resource will grant all links permissions in Eurekify Portal for portal TAG DashBoard LINK L this resource will grant all links permissions in Eurekify Portal for portal TAG SelfService LINK L this resource will grant all links permissions in Eurekify Portal for portal TAG Campaigns LINK L this resource will grant all links permissions in Eurekify Portal for portal TAG Reports LINK L this resource will grant all links permissions in Eurekify Portal For portal TAG debug LINK Permissions The general syntax is lt Menu Name gt lt sub menu gt For example Self Service allows users linked to this resource permission to see and use all the available Self Service menu items Adding Exclude after the square brackets excludes a specific menu or menu item from the user s menu options Doc_Access Type Resources DocAccess deals with permission to access documents configuration audit card universe and so on JResNamet ResName2 Description type UNIVERSE RW L this resource will grant all permissions to UNIVERSE documents DOC ACCESS CONFIGURATION RW L this resource will grant all permissions to CONFIGURATION documents DOC ACCESS AUDITCARD RW L this resource will grant all permissions to AUDITCARD documents DOC ACCESS BPR RW L this resource will grant all permissions to BPR do
196. definition task There are two possible sources for this ticket Add Role Parent ticket When a new role is generated this is the main parent ticket Below it you will find the Task ticket used to select the role s accountable the role managers approver ticket and the set of subtrees generated for each request listed in the original Requests table Update Role Parent ticket When a request is made to update a role definition this ticket is the main parent ticket Below it you will find the role managers approver ticket and the set of subtrees generated for each request listed in the original Requests table Chapter 11 Role Definition Tickets 259 Introducing the Requests Table Request Parent Ticket This ticket is of the same type as the Approver tickets associated with it This ticket belongs to the Role manager This node is the parent of the actual approval process Approver tickets that are sent to the Approvers The number of sub trees of this type present in an approval process tree depends on the number of Self Service requests being processed Approver Tickets As role definition task tickets are generated in stages the Eurekify Portal generates on Role Approver ticket for the role manager and a set of sub trees one per request comprising a Request Parent ticket belonging to the Role manager and an Approver ticket that is sent to the user resource or role hierarchal manager The tickets generated belong to one of
197. del2_ConfigWithRolesAudit1 Entity Filter No Filter Attachments jomments Campaign Management Start Campaign Stop Carnpaign testart Carnpai Start Approval Processes View Campaign Progress Add Attachment View Transaction Log View Children gt gt To start the campaign Nancy clicks Start Campaign The tickets which were hidden from the approvers are now visible to them More information Running Campaign owner Tickets see page 101 Chapter 4 Showcasing the Eurekify Portal 55 Running a Campaign A Case Study Checking the Campaign s Progress As a campaign owner Nancy is responsible for monitoring the progress of the campaign s approvers and making sure that they are aware of the campaign s deadline To check on the campaign s progress Nancy can click the View Campaign Progress button located in the campaign owner s ticket The Campaign Title Progress screen opens in a separate browser window Campaign Progress Windows Internet Explorer L http localhost 8080 eurekify tms ui wicket bookmarkablePage 38popuppagemap_YiewCampaignProgressPage con Y First User Audit 2009 Progress niverse Portal onfiguration Model2_ConfigWithRoles Approver Name Progress Completed DOMAIN Katz Nancy Katz Nancy 0 6 0 DOMAIN Goodman Goodman Bruce Bruce 0 26 0 x Allen DOMAIN Ilan Sharoni Aran 0 0 100 DOMAIN Purple Mary Purple Mary 0 97 0 DOMAIN Katz Nancy Katz Nancy 0 40 0
198. dministrators it v Q 7 182 Portal User Guide Approval Process Approver Tickets If you click View Parent you will see the ticket from which the consultation request originated all functions disabled Ticket Properties Form Windows Internet Explorer DER l http flocalhost 8080 eurekify tms ui wicket bookmarkablePage ticketPage1 758 com eurekify tms web template Default TicketPage amp ticketId 1758 Delete Link User Rok a Ticket Id Owner Cooper Amos DOMAJ Previous Owner C f Status Pending Action v Due Date 19 01 2009 05 18 41 Priority Low Severity Minimal State Open v Modified Date 22 01 2009 12 02 31 Date Created 19 01 2009 00 18 41 User Approval Request to delete role Organization Database Administrators Characteristic Role 100 0 Min 40 from user Davis Brett Description User Approval Request to delete role Organization Database Administrators Characteristic Role 100 0 Min 40 from user Davis Brett 75675330 Request was submitted on Universe Portal from Link of Team to Role s Consult More Approve figuration Name Model2_ConfigWithRoles ID 75675330 Role Name Organization Database Administrators Approval Process Result When you have selected to either approve or reject the link the consultation ticket is archived Enterprise Role and Compliance Manager Home Ticket Queue Dashboards Self Servic
199. e RACF Developers Characteristic Role Characteristic Role 100 0 100 0 Min 60 Min 60 Company Applicative Role When viewing the CMA in the Ticket Queue you can see how many campaign type entities you have to review by checking the Children column A role manager with 10 listed in the Children column has to audit ten roles and their links to their users resources Child roles and Parent roles within the campaign s configuration files Note The default maximum number of entity trees per page is 10 The certification is complete when you have reviewed all the links listed in the ticket and either approved rejected or reassigned when relevant them Campaign Approver Tickets The campaign owner can view all the CMAs as branches located under the campaign s owner ticket Other users can only view their own CMAs Enterprise Role and Compliance Manager Home Ticket Queue Dashboards Self Service Ticket Queue gt Open New Done Tickets gt D Tite 835 E G user Review User Certification 836 838 857 868 User Certification Eurekify Admin User Review a User Certification Herman Barbara User Review User Certification Purple Mary User Review User Certification Goodman Bruce User Review Entity Browser State Open Open New New Open Reports Status Children In Progress 9 Pending Action Pending Action Pending Action Pending Action
200. e Provides a list of parent roles This is a hierarchal link of the type role to role Users who are members of the parent role listed in this table are automatically members of the sub role the current role and therefore provisioned with all the sub role s privileges RACI Provides the name of the user who is held accountable for this role This is the user who will be listed as the Approver when this role is being audited or when a change has been requested for this role Description Basic role for all users that have access to IT Reviewer 45489940 Organization2 Enterprise Organization3 Corporate Create Date Approval Date 09 05 2007 10 36 00 Approval Status Approved Expiration Date Resources Name Organization Organization Type DOMAIN Levi Jay A Levi Jay Stamford Branch Branches Customize 32 Portal User Guide User Interface Resource Card Resource cards present all the information concerning the specific resource that is available in the selected Universe s configuration files G ON Resource cards are marked with the 72 symbol Enterprise Role and Compliance Manager e mail outlook WinNT MS email Configurtion nameS Description MS email ManagerID Owner 91236370 Location San Mateo CA Roles RACI Showing 1 to 10 of 23 Active Directoty Branch Users BASIC ROLE Organization Application Development Organization Database Administrators Organization Fifth Ave Branch Organizati
201. e Getting Started chapter and she wants to run a user campaign Defining a New User Campaign 48 Following the instructions in section Adding Campaigns see page 313 Nancy defines the following campaign Enterprise Role and Compliance Manager Dashboards Self Service Home Ticket Queue Entity Browser Reports Administration Logout DOMAIN Katz Nancy Administration gt Add Campaign A00 Campaign Settings Campaign Name First User Audit 7 E o Owner DOMAIN Katz Nancy Date Created 2 14 09 Running the first Silicon Valley user certification campaign Description Due Date 02 21 2009 _ m Universe Portal v Configuration Model2_ConfigwithRoles Audit Card None Campaign Type UserCertification Only use links from audit card Only use links not in audit card Permissions Z Automatically provision campaign permissions Z Don t wait for ticket processing receive email when finished Create The Campaign Portal User Guide Running a Campaign A Case Study Nancy has chosen to view all three link options As the company is of moderate size and setting up the campaign s Approver tickets can take time Nancy chooses to run the campaign definition process in the background The following message appears Your request was sent to execution a mail message will be send upon completion When the campaign is ready the system sends her an em
202. e Organization Organization Type Email Location Title Eurekify Batch Role log TMS eurekify com Records per page 20 Y The Properties table contains the following columns Type The name of the associated property file Property Key The name of the property key Property Value The value assigned to the property key 356 Portal User Guide Logout AD1 EAdmin Properties Settings The Eurekify Properties page provides the following functions Create New Use to create new Property Keys Edit Use to edit existing Property Keys Apply Filter Use to filter the properties list Records per page Select the number of records that will appear in the table When creating a new key or editing a new one the data is not saved directly to the Eurekify properties file Instead the updated property key value is saved to the Eurekify ERCM s database When you run the Eurekify Portal the Eurekify ERCM will check the database property listings If the value of a property key in the database is different than the value listed in the Eurekify properties the system will use the value listed in the database Note The database values do not change during system updates The Eurekify Portal provides you with two databases to store your update key values DB_dynamic_properties The change is immediate You do not have to wait for the server to go offline to update the property values DB_static_properties The change will t
203. e Organization Marketing_Dept user 88382990 amp Request to add role to resource association resource UGMTSYS role Organization Marketing_Dept Request to remove role to resource association EE ation State New New Archived Status Children In Progress In Progress Approved In Progress In Progress In Progress In Progress Chapter 11 Role Definition Tickets Type Received Approval 01 02 2009 Root 14 05 45 Update 01 02 2009 Role 14 05 45 Update 01 02 2009 Role 14 05 53 Link User 01 02 2009 Role 14 07 34 Remove 01 02 2009 User Role 14 07 34 Remove 01 02 2009 User Role 14 07 34 Link Role 01 02 2009 Resource 14 07 34 Remove 01 02 2009 Owner Eurekify Admin Eurekify Admin AD1 EAdmin Allen Sherman DOMAIN Ilan Sharoni Allen Sherman DOMAIN Ilan Sharoni Allen Sherman DOMAIN Ilan Sharoni Allen Sherman DOMAIN Ilan Sharoni Allen Sherman DOMAIN Ilan Sharoni Allen Sherman 267 Role Definition Main Request Parent Ticket The Role Definition Approval Process supports two different Main Request Parent tickets Add Role Main Parent ticket When a new role is generated this is the main parent ticket Below it you will find the Task ticket used to select the role s accountable the role managers approver ticket and the set of subtrees generated for each request listed in the original Requests table Update Role Main Parent ti
204. e lGawerse Portal from Link of Team to Role s L Delegate Escalate Acknowledge LE internet Chapter 6 Tickets and the Ticket QUeue 99 Info tickets 100 Portal User Guide Info tickets provide you with the following Advanced functionality Add Comment Manually add a comment to the ticket Add Attachment Add an attachment or URL to the ticket View Transaction Log The transaction log provides a history of the ticket related actions executed since the creation of the ticket View Parent Opens the current ticket s parent s ticket View Initiators View of list of the users who launched this ticket More information Add Comment see page 88 Add Attachment see page 90 View Transaction Log see page 91 View Parent see page 163 View Initiators see page 163 Chapter 7 Running Campaign owner Tickets Campaigns utilize CA Eurekify Role amp Compliance Manager auditing tools to run a certification and attestation process A campaign generates tickets for the designated approvers in the enterprise so that they can certify that the granted privileges comply with the business and regulatory needs and are not over allocated Campaigns are used not only in the cleansing phase but for periodic certification as required by law and various regulatory bodies Two types of tickets are generated for a campaign Campaign owner tickets Campaign Approver tickets When a campaign is first created a c
205. e 11 52 06 Delete 59 01 2009 Delete Link 22 01 2009 User Role 12 02 31 Administration Delete 22 01 2009 0 Link User v Role 12 02 31 Cooper Amos DOMAIN Cooper Amos Orr Taylor Goid Wiliam Orr Taylor Orr Taylor Herman Barbara MAIN Herman Barbara Children Type Received Owner Herman Barbara Chapter 9 Approval Process Tickets 181 Approval Process Approver Tickets The ticket itself is identical to the original Approver ticket Delete Link Entity1 Entity2 except it has a new Ticket ID and the General functions are limited The options Approve and Reject have the following meaning Approve Approve the request to delete the specified link Reject Reject the request to delete the specified link Ticket Properties Form Windows Internet Explorer http flocalhost 8080 eurekify tms ui wicket bookmarkablePage com eurekify tms web template DefaultTicketPage amp ticketId 1949 Delete Link User Role Ticket Id Owner Previous Gwner Saus Pending Action v Due Date Priority Low lt Severity State open v Modified Date Date Created Title Description Approval Request to Consult deleting role Organization Database Administrators Characteristic Role 100 0 Min 40 from user Davis Brett F 75675330 Request was submitted on Universe Portal from Link of Team to Role s onfiguration Name Model2_ConfigWithRoles Person ID 75675330 R Organization Database A
206. e 40 links to be audited have been approved rejected or reassigned This table also provides the value as a percentage For example 1 3 33 When available you can control the number of records listed per page using the Records per page function at the bottom of the table Campaign Management Functions Send Reminder The Send Reminder feature allows the campaign owner to remind the campaign Approvers that they have to meet the campaign goals in a timely fashion Send Reminder Windows Internet Explorer SEE le http flocalhost 8080 eurekify tms ui wicket bookmarkablePage popuppagemap_View YW ow Send reminder when progress is less than 100 v ote a comment containing the sent mail summary will be added to the ticket Cancel Send Mail LE internet 100 The Send Reminder screen contains one field Send reminder when progress is with three options Equal to 0 Less than 50 Less than 100 The send reminder process generates a comment that appears in your Campaign owner ticket in the Comments table Owner Note X 21 12 2008 13 24 06 Eurekify Admin End of year audit X 25 12 2008 14 17 50 Eurekify Admin AD1 EAdmin Reminder was sent to 2 approvers Send Reminder Advanced Campaign Management Chapter 7 Running Campaign owner Tickets 125 Campaign Ticket Advanced Functions To send reminders to campaign Approvers 1 Click Send Reminder in the Ticket Properties Form The Send Remind
207. e Entity Browser Reports Administration Ticket Queue gt Archived Tickets ID Title State Status Children Type Received Owner Consult User Request to delete role Delete 22 01 2009 1949 Organization Database Administrators Characteristic Archived Completed O Link User 12 02 31 Herman Barbara Role 100 0 Role Es Logout DOMAIN Herman Barbara You can check this ticket s Transaction Log to view what decision was made in this case http localhost 8080 eurekify tms ui wicket bookmarkablePage 92popupp BE F http flocalhost 8080 eurekifyftms ui wicket bookmarkablePage 92popuppagemap_PopupWindow com eurekil View Transaction Log Date User Action Message 22 01 2009 12 15 17 DOMAIN Herman Barbara GUI Approve pressed 22 01 2009 12 15 17 DOMAIN Herman Barbara ConsultActionCmd Approve action was selected Chapter 9 Approval Process Tickets 183 Approval Process Approver Tickets Approve To consult on a ticket 1 Click Consult in the ticket s Ticket Properties Form The Find Consult Users screen opens in a separate browser window 2 Select one or more names from the list You can use the filter option to reduce the number of records listed in the table 3 Click OK The Executing bar appears A new ticket is generated for each consultant listed The new ticket s will now appear in the consultant s Ticket Queue 4 Click View Consult Results to view the results of the consultation More informatio
208. e My Resources Screen 0 c cece cece eee ee 234 Presenting the Currently Enrolled Resources Table Manage My Resources Screen 236 Presenting the Other Resources Table Manage My Resources Screen eee 237 Defining a New Role 2 02222 9009 ra pwede E PEER ETOR EOE ERRE E coe R RR ERRA R RT T 240 Request New Role Definition Screen 00 cect ete eee e eee n ees 241 Definitions for Role Name New Role Name 00 cc cece eee cent eect eee e teen eens 246 Updating Role Definitions 0 0 ne een e ee tenn eee roor norn eeeeee 251 Introducing the Requests Table 1 2 ee cen eee n tte eee e nent eee e eens 253 Chapter 11 Role Definition Tickets 257 Role Definition Approval Root Ticket 0 ccc cc cece cee cee cece teen een e renr neces 263 Approval Root Ticket General Functions Role Definition 0 cece eee eee eee 265 Approval Root Ticket Advanced Functions Role Definition 0 266 Role Definition Main Request Parent Ticket 0 ccc ccc cee cece teen eee n eee e ences 267 Main Parent Ticket General Functions Role Definition 0 0 ccc ccc ce ence eee 271 Main Parent Ticket Details Section 0 0 0 ccc ce cence ence ene e ene eees 272 Main Parent Ticket Advanced Functions Role Definition 0 cee cece eee eee 273 Add New Role Ticket Tree ccc ccc ccc eee ne tenn ee nee teen ee eee e ete e een enes 276 Select A
209. e Role and Compliance Manager Home Ticket Queue Dashboards Self Service Ticket Queue gt Open New Done Tickets User Approval Request to delete role 1758 92 Organization Database Administrators Characteristic Role 100 Consult User Request to delete role 1945 Ba Organization Database Administrators Characteristic Role 100 0 _ Consult User Request to delete role 1946 Organization Database Administrators Characteristic Role 100 0 Consult User Request to delete role 1947 B Organization Database Administrators Characteristic Role 100 0 Consult User Request to delete role 1948 Organization Database Administrators Characteristic Role 100 0 Consult User Request to delete role Organization Database Administrators Characteristic Role 100 0 Enterprise Role and Compliance Manager Home Ticket Queue Dashboards Self Service Ticket Queue gt New Tickets Customize gt WW Title Consult User Request to delete role 1949 B Organization Database Administrators Characteristic Role 100 0 Entity Browser Entity Browser State Status open pend new IS New Dered Pending mew Action Archived Completed Archived Completed State Status Pending New Action Reports Reports Administration Type Received Owner Delete Link 19 01 2009 User Role 00 18 41 Delete Link User Role Delete 22 01 2009 11 45 31 22 01 2009 User Role 11 45 31 Delete Link 22 01 2009 User Rol
210. e generated If the Don t wait for ticket processing option has been disabled you will see a percentage progress bar on screen and when the campaign ticket is ready the Campaign Settings Completed screen opens Campaign setting completed To start the campaign go toTicket Queue Campaign Name Role Review Campaign Type RoleCertification Universe Portal Configuration Model2_ConfigWithRoles Audit Card Number of approvers 15 Number of Roles 30 Ticket ID 1111 This screen signals that the campaign generation has been completed and contains the following Campaign name Campaign type m Universe m Configuration m Audit Card Number of approvers as generated according to the RACI model Number of entities total number of users roles or resources that the approvers have to approve depending on the campaign s focus Campaign ticket ID When the Don t wait for ticket processing option has been enabled you will see the following message on screen Campaign Requested Your request was sent to execution a mail message will be send upon completion Note Any entity that does not have a manager will be assigned to the campaign administrator s approver ticket To start the campaign you have to go to your Ticket Queue 320 Portal User Guide Adding Campaigns More information Setting a Universe see page 326 Introducing Audit Cards see page 322 Introducing the Privileges to Certify O
211. e review is limited to the role and you cannot access the users cards More information Add Comment see page 88 View Transaction Log see page 91 Add Attachment see page 90 View Parent see page 163 View Initiators see page 163 View Children see page 164 View Entity see page 165 Update Role Ticket Tree Self Service Request Update Role Approver Ticket When a Self Service multi user request of the type Manage My Team s Roles is generated and the number of users exceeds the Eurekify Portal s threshold an Update Role Approver ticket is generated in the first stage of the Approval Process Once the role manager approves the enrollment of the users listed in the ticket in the role a new set of Approver tickets is generated This second set of sub trees consists of parent child pairs of tickets where the parent ticket is a standard Link User Role Parent ticket and the child ticket is a standard Link User Role Approver ticket 1767 Owner Fag Lee DOMAIN Fia Previous Owner Status Pending Action lt 19 01 2009 21 49 24 Priority Low lt Severity Minimal v State open x 19 01 2009 23 40 26 Date Created 19 01 2009 16 49 24 Title Role Approver Update Role Fifth av Applicative role Description Role Approver Update Role Fifth av Applicative role lt lt etails Configuration Name Model2_ConfigWithRoles Role Accountable Role Name Fifth av Applicative role Updated Field Updated V
212. e to choose the file Eurekify Sage Error Messages To trim a configuration 1 Open the Eurekify Sage DNA module 2 Click File Configuration and Management Operations Trim Configuration The Trim Configuration window opens 3 Enter values for the fields Note Remember to enter the correct file extension for each output file Important We recommend that when generating duplicate files for use with a Universe that you use the terms Master Model as part of the configuration file names 4 Click Browse next to each output database in order to save the new database file in a location of your choice The File Dialog Screen opens Eurekify File Dialog Document SQL El ConfigNoRoles cfg OK El ConfigwithRoles cfg S Model_ConfigwWithRoles cfg Cancel S Master_ConfigWithRoles cfg E Eurekify cfg E Model_ConfigwithRoles_R cfg il Model_ConfigwithRoles_A cfg Model_ConfigwithRoles_C cfg E Model_ConfigwithRoles_I cfg S Eurekify_R cfg fal Eurekify_A cfg 5 Enable File and click Browse to select the folder where you will store the new files 6 Click OK to confirm the new file name and its location 7 Click Trim The new configuration is generated and a notice screen appears Eurekify Sage DNA l Trim Configuration Finished With No Errors Appendix A Duplicating a Configuration 393 Eurekify Sage Error Messages 8 Click OK The next stage is to save the new master and model configurations
213. ecurity user 84847310 Link User 01 02 2009 E New In Progress Role 00 38 36 Request to add role to role association parent role Corporate Security child role Organization 1 Link Role 01 02 2009 New Role 00 38 36 In Progress Request to add role to resource association Link Role 01 02 2009 resource public role Corporate Security Resource 00 38 36 Copyright C 2008 Eurekify All Rights Reserved Build 08 11 26 01 New In Progress Chapter 11 Role Definition Tickets 263 Role Definition Approval Root Ticket As the tickets to be found below the Approval Root ticket depend on the specific role related requests being made these tickets will be described where relevant What is important to realize is that the Approval Root ticket provides the same information and functionality both for an Add Role request and an Update Role Definition request Note When the approval process Approver tickets are not generated a Notification ticket appears below a Request Parent ticket Click the ticket title to open the Ticket Properties Form in a separate browser window Ticket Properties Form Windows Internet Explorer DAR b http localhost 8080 eurekiFy tms ui wicket bookmarkablePage com eurekify tms web template DefaultTicketPagemticketId 2259 f Approval Root Ticket Id 3250 Owner Eurekify Admin Previous Owner Status In Progress x Due Date 01 02 2009 19 05 45 Priority Low Severity Minimal lt
214. elationtype Description Type Organization Rule Owner History Comment Sas m Role By 2 Direct Role By 2 Users Org Role Sales Organization Sales 99883135 History E Organization Sales Characteristic Role E Characteristic Role Direct 100 0 Min Org Role Sales Organization Sales 99883135 History E 100 0 Min 40 40 E Resources 4 4 X d Namel Name2 Name3 Violations Relationtype Description Managerid owner Location History oo office2003 2003 WinNT San v MS office2003 2003 WinNT Dual MS office2003 91236370 Mateo CA History approved e mail outlook WinNT MS San E email outlook WinNT Dual MS email 91236370 Mateo CA History E The comment is added to the Entity Table More information Add Comment see page 88 General CMA Ticket Functions The Campaign Manager Approver ticket provides the following functions Close Closes the ticket Save Saves the changes made to the ticket Save and Reassign Provides the option to reassign a link and save the change Hide Selected Hides the entities whose links have already been reviewed When active the Show all button appears Show All Reveals all the hidden links Chapter 8 Campaign Approver Tickets 147 General CMA Ticket Functions More information Reassigning a Link see page 142 Hide Selected see page 148 Hide Selected This feature hides the entities that have already been examine
215. eld lexicographically follows Cayman Thus an expressions such as amp UserName gt A UserName lt B brings users whose Organization field is INTHE RANGE of A B inclusive Another type of simple expression is available for retrieval of relations It starts with the sign followed by brackets with a pair of relation type user role resource and the related entity name separated by an equals sign For resources three sets of brackets with the three names appear after the For example role Cayman or resname1 email resname2 outlook resname3 WinNT Expression may also have logical operations applied to them The available operations are AND OR and NOT AND and OR are binary operations and should be applied to pairs of expressions while NOT is a unary operation Operation symbols are amp AND OR NOT Operator symbols are prefixes and should be placed before the expression s Usage examples amp Location Cayman Organization Finance users inthe Cayman finance office Country US Country Uk people in the US or the UK Active false Active users Permissions Filters may be as compound as necessary as long as they adhere to the above rules For example amp Country US Country UkK amp Active false Organization Finance Are all the users which are from the US or the UK and are active users from the finance department Filter Extensions These filter extensi
216. en security is enabled every action a user attempts is checked against the users permissions For this purpose Eurekify cfg provides a set of resources that govern the various permissions It should be noted that the option that allows an Approver to view the contents of an Approver ticket even if the Administrator did not give the Approver the appropriate permissions sets up resources to handle this issue in the background These permissions are limited to the specific campaign s requirements There are no permission filters for Delegate Escalate More information Eurekify Configuration Structure see page 372 Eurekify Configuration Structure Link Type Resources This section discusses how the eurekify cfg file s resource definitions impact a user s permissions In general various types of resources are pre defined as permission related resources The system recognizes three families of such resources m Link m Doc_Access m Filter The easiest way to view and edit these resources is within the CA Eurekify Role amp Compliance Manager Sage DNA module Resources whose type is Link determine which menu options will be visible to each user ResNamet ResName2 Description pe TmsSystem DashBoard SelfService Campaigns Reports Administration L this resource will grant all links permissions in Eurekify Portal for portal TAG Administration LINK debug 372 Portal User Gui
217. ending Action Type Received 18 12 2008 Campaign 16 41 08 Campaign Manager a Approver Campaign Manager a Approver 7 Campaign Manager Esfan Approver 7 Campaign Manager nna Approver 7 Campaign 18 12 2008 Manager 3241 Approver 16 41 09 Owner Eurekify Admin AD1 EAdmin Flag Lee DOMAIN Flag Lee Angel Ben DOMAIN Angel Ben Godheart Dan DOMAIN Godheart Dan Keren Cindy DOMAIN Keren Cindy Allen Sherman DOMAIN Ilan Sharoni Click Restart Campaign in the campaign s Ticket Properties Form to restart a campaign that had been manually stopped An email notification is generated and sent to all the campaign s Approvers 120 Portal User Guide Campaign Management Functions Start Approval Processes The approval process is the procedure whereby links which were rejected during a campaign can be re examined and a final decision can be reached as to whether to confirm the rejection or to approve the link The purpose of a campaign is to audit and certify entity links Once a campaign is over either because all the approvers have audited all the entity links in their Campaign Approver tickets or because the campaign was manually stopped it is necessary to review all the rejected links once more as the final step in the certification process To start the approval process 1 Click Start Approval Processes in the Campaign Management section of the campaign s owner ticket
218. eneral functionality Close Closes the ticket Save Saves the changes made to the ticket Delegate Transfers the ticket tree to another manager Escalate Transfers the ticket tree to another manager Start Process For regular Approval Processes this button is disabled as the procedure starts automatically when the tickets arrive in the approvers Ticket Queues Cancel Process Allows you to manually stop the Approval Process at any stage Acknowledge This function is disabled until the Approval Process has been completed More information Escalate see page 154 Delegate see page 157 Cancel Process see page 170 Acknowledge see page 170 Chapter 11 Role Definition Tickets 265 Role Definition Approval Root Ticket Approval Root Ticket Advanced Functions Role Definition 266 Portal User Guide The Role Definition Approval Root ticket provides the following Advanced functionality Add Comment Manually add a comment to the ticket Add Attachment Add an attachment or URL to the ticket View Transaction Log The transaction log provides a history of the ticket related actions executed since the creation of the ticket View Children Opens a table which provides you with information concerning all the nodes leaves that are located below the current ticket For the Approval Process Root ticket this means that you can view information concerning the Approval Processes Main Request Parent ticket Vie
219. ens 2 Select a name from the list You can use the filter option to reduce the number of records listed in the table 3 Click OK The Executing bar appears The campaign is archived and its status is set to Delegated The campaign ticket appears in the target user s Ticket Queue More information Filtering a Data Table see page 24 Eurekify Properties see page 397 Escalating a Campaign This function provides you with the option to transfer the campaign management to a more senior manager Once you have selected the new campaign administrator the campaign s ticket is archived and will no longer appear in your list of active tickets When a campaign is escalated a new root ticket is generated with the new owner listed in the Owner field and the administrator who escalated the campaign is listed in the Previous Owner field Ticket Properties Form Windows Internet Explorer 7 http flocalhost 8080 eurekiFy tmsjui wicket bookmarkablePage com eurekify tms web template Default TicketPagetticketId 754 Campaign Ticket Id Due Date 754 Owner Herman Barbara Previous Owner Eurekify Admin AD1 Status pending Action 15 01 2009 00 00 00 Priority Normal lt Severity Medium lt State open Modified Date 21 12 2008 12 15 56 Date Created 21 12 2008 12 15 17 Title Description Role Certification Role Certification End of year certification Universe Portal Campaign Type ROLE
220. ensures that even if multiple users received this error ticket only one will handle it After one user clicks this button the functional buttons for this ticket will be disabled in the other users ticket Terminate job Manually terminates the currently running job Clean up Cleans up the job s temp files prior to terminating the job Chapter 13 Using Administration Functions 347 Job Scheduling More information The Ticket Properties Form see page 84 Delegating an Info Ticket see page 95 Escalating an Info Ticket see page 97 Job Scheduling The Job Scheduling function enables you to set up automatic and repeated import export instances As each connector is assigned to a universe the data will be imported into uploaded from the Eurekify configuration files designated by the universe An appropriate ticket is sent to the administrator s Ticket Queue when the job is completed The screen is divided into two sections Job Scheduling Enter the relevant data in the fields in this section to create a new import export event Jobs A table listing all the recorded jobs and their description Enterprise Role and Compliance Manager Home Ticket Queue Dashboards Self Service Entity Browser Reports Administration Logout AD1 EAdmin Administration gt Job Scheduler Job Name Connector Start Date HH MM Repeat Hours Add Job Choose One s 12 25 2008___ Blo fo_ 24 Add Jobs Job Name Desc
221. ents a pre filtered list of users who can receive the request to provide a consultation This list can be filtered to aid in finding a specific user You can select more than one user to consult with After selecting the first user to consult with the Consult button toggles to become the Consult More button The View Consult Results is added to the ticket s Advanced functions Ticket Properties Form Windows Internet Explorer le http flocalhost 8080 eurekify tms ui wicketsinterface 12 1 r Delete Link User Role Ticket Id 11758 Owner Cooper Amos DOMAI Previous Owner Due Date 19 01 2009 05 18 41 Priority Low w Severity Modified Date 22 01 2009 11 45 34 Date Created 19 01 2009 00 18 41 User Approval Request to delete role Organization Database Administrators Characteristic Role 100 07 User Approval Request to delete role Organization Database Administrators Characteristic Role 100 0 75675330 Request was submitted on Universe Portal from Link of Team to Role s More Details gt gt View Initiators View Children gt gt View Consult Results View Violations LE internet R 100 Approval Process Approver Tickets Consulting another user generates a ticket of the same type as the source Approver ticket The approver who made the consultation request can see a copy of the consultant tickets listed as leaves below the original Approver ticket in the Ticket Queue Enterpris
222. eports Administration Logout DOMAIN Herman Barbara Self Service gt Request Changes to 2 Role Definition Request Role Update a A In the Request Role Update screen you are required to select a Universe Selecting the Universe opens the Select Role screen Configuration Model2_ConfigWithRoles Any Fed i Is Any Value M AnyFed S I Any value 4 any Fed Indudes Advanced Search Get roles for which Iam O Responsible O Accountable C Consultant Search Oinformed Role No Records Found Customize Chapter 10 Running Self Service Tasks 251 Updating Role Definitions This is a search screen with built in filters and a RACI based advanced search feature Note corner of the Select Role screen The universe s model configuration is listed in the upper right hand Once you have successfully constructed a search pattern a list of roles is displayed in the Role table Enterprise Role and Compliance Manager Home Where And Any Field And Any Field Advanced Search Get roles for which Iam Informed Role Add 9 Customize Ticket Queue Organization Role Name Organization Application Development _eurelity Administration Logout DOMAIN Herman Barbara Dashboards Self Service Entity Browser Reports Configuration Model2_ConfigWithRoles i Application Development X bs Is Any Value X x Includes Resp
223. epted C Consulted who is to be consulted who has information and or the capability necessary to aid in completing the work I Informed who must be notified of results but does not need to be consulted The Eurekify Portal uses RACI for various purposes Its main use is for the purpose of identifying entity managers Approvers It is important that every model configuration that you wish to audit be run through the RACI generator so that the Approvers will be listed correctly The RACI utility takes the data in the fields you identified when you defined the Universe as manager fields and tags them as the system s Accountables The user manager data is taken from the configuration file s user database udb While any user can be accountable for multiple entities each entity has only a single person accountable for it Note Run the RACI utility before running a campaign otherwise the system won t have users identified as entity Accountables and the Eurekify ERCM won t be able to send the Approver tickets to the correct entity managers If you didn t run RACI you will either receive an error message or all the entities will be listed with the campaign owner for approval Note Update Eurekify users database before generating RACI for the universe Once a Universe is created it is necessary to create its RACI configurations The RACI configurations control the assignments of certification attestation or approval tasks to t
224. equest to delete resource office2003 2003 WinNT MS office2003 from user Keren Select Tailor Janet Approver a ction Cindy 77292450 Flag Lee DOMAIN Flag Pending Resource Approval Request to delete resource office2003 2003 WinNT MS office2003 from user Keren Le Belect e Action Cindy 77292450 Approver The following fields appear in the View Children table Action The action you can take concerning this ticket For example Select opens the selected ticket in a separate browser window Owner The ticket owner Type The ticket type Status The ticket status Title The ticket title Comments The last comment added to this ticket 164 Portal User Guide View Entity To view a ticket s children tickets Advanced Approval Process Ticket Functions 1 Click Advanced at the bottom of the Ticket Properties Form screen 2 Click View Children A table opens at the bottom of the Ticket Properties Form screen The View Children gt gt button becomes the lt lt Close Children button 3 Optional Click Select in the Action column to navigate to the ticket listed in that row The selected ticket opens in a separate browser window 4 Click Close to close the selected ticket 5 Click Close Children to close the ticket children table The purpose of the Approval Process is to review the rejected links recorded during the original campaign run This task is performed by the various entity managers An impo
225. er Specific Entity browser Once you have selected the configuration from which to obtain the entity data the Entity Browser presents the information under three tabs m User browser m Role Browser m Resource Browser The active browser is highlighted and the table contents can be manipulated Each specific entity browser table can be manipulated independently of the two other entity browser tables For example you can set the number of Records per page for the User browser to 50 and this will not change the number of records per page viewed in the Role browser More information Users Browser see page 310 Roles Browser see page 311 Resource Browser see page 312 Data Table Features see page 21 Chapter 12 Introducing the Entity Browser 309 Specific Entity browser Users Browser The Entity Browser opens by default in the Users tab The Entity Browser s Users Browser shows user information for the selected configuration The data and the field names are obtained from the configuration s user database udb Note The highlighted column is predefined and cannot be customized You can click the highlighted Person ID in any record to open that user s User Card Universe I Configuration Modell_ConfigwithRoles Users Resources Showing 1 to 50 of 69 Person ID Name Organization Organization Type 45489940 Steiven Pat System Management Corporate 47868650 Moris Bill S
226. er Guide The Jobs table lists all the jobs that have been entered into the system The table contains the following fields Job Name The name of the job Description A description of what it does export import Job Class Lists the connector s Java Class Start Time Provides the date and time on which the job will begin Previous Execution When a job is repeated the previous date and time is listed here Next Execution The date and time when the job is scheduled to be repeated Delete Allows you to delete the job when you don t want it to run anymore The Transaction Log The Transaction Log The Eurekify Transaction Log TxLog provides detailed information concerning all the actions taken within the system The entries are listed by date Enterprise Role and Compliance Manager Home Ticket Queue Dashboards Self Service Entity Browser Reports Administration Administration gt TxLog Page om 2 Showing 1 to 10 of 552 412345678910 gt ID Date Source Owner Ticket SDatal SData2 SData3 SData4 SData5 SData6 SData7 SData8 Parameters 1 30 10 2008 16 34 58 EurekifyScheduler EurekifyScheduler TriggerMisfired ce lad SAVE pressed Ticket TMS 1 UPDATE updated by GUI 2 17 11 2008 15 08 13 17 11 2008 15 08 14 TMS 1 cul 25 11 2008 SAVE 21 30 20 TMS 1 sun pressed Ticket 25 11 2008 21 30 22 S UPDATE updated by 25 11 2008 21 30 31 pressed Ticket 25 11 2008 21 30 31 UPDATE raeg b
227. er screen opens as a separate browser window 2 Select the target for the email messages 3 Click Send Mail You can view the comment containing the mail summary that is attached to the campaign ticket Campaign Ticket Advanced Functions The Advanced button located at the bottom of the Ticket Properties Form provides you with the following functions m Add Comment m Add Attachment m View Transaction Log m View Children Click Advanced to access the advanced campaign ticket functions More information Add Comment see page 88 Add Attachment see page 90 View Transaction Log see page 91 View Children see page 127 126 Portal User Guide View Children Campaign Ticket Advanced Functions Campaign tickets are set up as hierarchal trees The View Children option allows you to see information concerning all the leaves that are located below the Campaign Ticket This includes all campaign s Approver Tickets You can control the number of records per page listed in the table by using the Records per page option Add Comment Add Attachment View Transaction Log lt lt Close Children Action Owner Type Status Title Eurekify Admin AD1 EAdmin Campaign Manager Approver Pending Action User Certification Eurekify Admin User Review t Herman Barbara DOMAIN Herman Barbara Campaign Manager Approver Pending Action User Certification Herman Barbara User Review t Purple Mary DOMAIN Purple Mary Campaign Man
228. erk Psychologist Branch Officer Clerk HR Officer Branch Officer Clerk Security Admin Manager Chapter 7 Running Campaign owner Tickets Internet R 100 11S General Campaign Ticket Functions 116 Portal User Guide The Find Escalate Users screen is divided into two sections The filter Located in the window s header The filter lets you narrow down the list of proposed approvers The proposed users This table presents a pre filtered list of users who can receive the escalated approval task s This list can be filtered to aid in finding a specific user The names listed in the proposed users list are governed by several default property filters of the type tms escalate filter To escalate an approval 1 Click Escalate in the Campaign Ticket s Properties Form The Find Escalate Users screen opens 2 Select a name from the list You can use the filter option to reduce the number of records listed in the table 3 Click OK The Executing bar appears The campaign is archived and its status is set to Escalated The campaign ticket appears in the target user s Ticket Queue More information Filtering a Data Table see page 24 Eurekify Properties see page 397 Campaign Management Functions Campaign Management Functions The campaign management section of the Ticket Properties Form screen provides the following functions Start Campaign The campaign won t start and approver ticket
229. errcode sort required errcode campaignfilteroption required errcode campaign campaign campaign campaign ode campaign campaign de campaign ode campaign campaign campaign sendreminder error errcode text campagin errors found errcode error nouniversesavilable errcode error missingcampaigndescription errc error missingenddate errcode error duedatemustbeinthefuture errco error configurationmustbeselected errc error racinotavailablefor errcode error campaignalreadyexists errcode error noaccess errcode settings strings settings strings ode settings strings de settings strings e settings strings settings strings e settings strings ode ie errors missingname errcode ie errors missingdescription errc ie errors namealreadyexist errco ie errors missinguniverse errcod ie errors missingsettings errcode ie errors missingmapping errcod ie errors missingenrichment errc Code arp004 arp005 arp006 arp007 cmp001 cmp002 cmp003 cmp004 cmp005 cmp006 cmp007 cmp008 cmp009 cmp010 cst001 cst002 cst003 cst004 cst005 cst006 cst007 Eurekify Sage Error Messages Description please select the by field parameter please select audit card please select sorting method please choose filtering type send reminders was aborted mail event is not active update mailing parameter tms configuration mail events in eurekify prope
230. ers in the Approver ticket stage 3 begins and a new set of tickets is generated Stage 3 Includes examples of possible Request sub trees for an Add Role ticket tree Ticket Description Approval Root ticket Same ticket gt Self Service Main Request Parent Same ticket Ticket Select Accountable This Task ticket has been completed and is currently archived Approver Ticket This Role Approver ticket has been completed and is now archived Self Service Request Parent A Link User Role parent ticket ticket Approver Ticket Only one ticket A Link User Role approver ticket Self Service Request Parent A Link Role Resource parent ticket ticket Approver Ticket Only one A Link Role Resource approver ticket 278 Portal User Guide Add New Role Ticket Tree The number of Link User Entity sub trees depends on the number of role entity requests that were originally submitted If a request was made to enroll 10 users to a role then there will be 10 Link User Role subtrees generated during the third stage of the Add New Role Approval Process State ID Title Status Children Type Received Owner Previous Owner Approval 01 02 2009 Root 00 29 04 2220 El G Add Role Approval Root Request Open In Progress 1 Eurekify Admin E 01 02 2009 Eurekify Admin 2221 8 amp New Role Corporate Security Open In Progress 11 Add Role 00 29 05 AD1 EAdmin 2222 E Select Accountable to Role Corporate Security Archived Completed
231. ers who launched this ticket View Violations View the list of violations View Entity Opens the entity s card Two buttons are provided one for each side of the link under review View Consult Results This button appears only when the Consult service has been activated More information Add Comment see page 88 Add Attachment see page 90 View Transaction Log see page 91 View Initiators see page 163 View Parent see page 163 View Entity see page 165 View Violations See page 286 View Consult Results see page 187 Chapter 11 Role Definition Tickets 305 Chapter 12 Introducing the Entity Browser The Entity Browser enables you to locate any entity associated with any available Universe and configuration Entities are m Users Roles m Resources This section contains the following topics Main Window see page 307 Specific Entity browser see page 309 Main Window The Entity Browser s main window provides you with a search option Universe Configuration Choose Configuration Chapter 12 Introducing the Entity Browser 307 Main Window The search screen provides with two fields to aid in the search Universe Provide the name of the Universe that you wish to search You can select a specific Universe limiting your choice of configuration or you can select All Configuration Select a configuration from the drop down list After making your select
232. es_file sage passphrase eurekify Eurekify_home_properties_file pbe enable true t Eurekify_home_properties_file sageBrowsingService url http localhost 8080 eurekify services sageBrowsingService Eurekify_home_properties_file reportsServicesTimeout 3600000 Filter Properties Keys Containing 358 Portal User Guide For instructions on how to create a new property key or edit an existing one see Create a new Property key m Edit an existing property key To access the Common Properties page 1 On the Administration menu click Settings The list of available options appears 2 Click Common Properties Settings The Eurekify Properties Page screen opens More information Creating a New Property Key see page 359 Editing a Property Key see page 360 Properties Settings Creating a New Property Key Property keys are defined and provided as part of the Eurekify ERCM product out of the box At times you may find it necessary to add a new property key to the Eurekify property file The Properties Settings utility makes this easy to do When you want to create a new property key you have to enter the key before you click Create New If you do not you will receive the following message cannot create a property with a null empty key GENPRPOO3 Properties Settings Properties Create New can not create a property with a null empty key GENPRP003 After you enter the new property key name and
233. est was submitted on universe 2 from 3 request to delete role 0 from role 1 rejected request to delete role 0 from role 1 failed the request to delete role 0 from role 1 was rejected request was submitted on universe 2 from 3 the request to delete role 0 from role 1 failed request was submitted on universe 2 from 3 request to delete role 0 from role 1 is already in process the request to delete role 0 from role 1 is already in process request was submitted on universe 2 from 3 request to add resource 1 to role 1 rejected request to add resource 0 to role 1 failed the request to add resource 1 to role 0 was rejected request was submitted on universe 2 from 3 the request to add resource 1 to role 0 failed request was submitted on universe 2 from 3 request to add resource 1 to role 0 is already in process the request to add resource 1 to role 0 is already in process request was submitted on universe 2 from 3 Chapter 15 Troubleshooting 385 Eurekify Sage Error Messages Field changeapproval child remove role resource info t itle rejected errcode changeapproval child remove role resource info t itle failed errcode changeapproval child remove role resource info description rejected errcode changeapproval child remove role resource info description failed errcode changeapproval child remove ro
234. et 100 The Find Escalate Users screen is divided into two sections The filter Located in the window s header The filter lets you narrow down the list of proposed approvers The proposed users This table presents a pre filtered list of users who can receive the escalated approval task s This list can be filtered to aid in finding a specific user The names listed in the proposed users list are governed by several default property filters of the type tms escalate filter To escalate a ticket 1 Click Escalate in the ticket s Ticket Properties Form The Find Escalate Users screen opens 2 Select a name from the list You can use the filter option to reduce the number of records listed in the table 3 Click OK The Executing bar appears The original ticket is archived and its status is set to Escalated A new ticket is generated The ticket appears in the target user s Ticket Queue Delegate General Approval Process Ticket Functions More information Add Comment see page 88 Filtering a Data Table see page 24 Eurekify Properties see page 397 This function allows you to transfer the selected a ticket to another user Once you have transferred the selected ticket to the new ticket owner the original ticket is archived and will no longer appear in your list of active tickets Only the current ticket owner can delegate a ticket Ticket Properties Form Windows Internet Explorer DER lt E
235. eu eT ssa cscs band wedi cate EREE E EEE EE ENEE NEN EE Eurekify Configuration SLruGtuUre cee ce cen net eee eeee Gfilt rs 2c ds5ciwecdend nae thereto dns ciate EE E ieee nniaaae Seed SaeeSs eae meet Portal Structure XML Chapter 15 Troubleshooting Eurekify Sage Error Messages ccc cnn cnet e nee neeeees Appendix A Duplicating a Configuration Appendix B Eurekify Properties Sample Properties File 0 ccc ccc ee ene teen een n reroror tms delegate filter ccc ene teen eee n eee eee e eee e teenies tms escalate filter 2 2o1cc0 cited dae eae trot nE A RRR ARRE clined tms campaign campaign type reassign filter 0 0 cece eee eee Appendix C Portal Structure XML Sample Portal Structure XML Appendix D Eurekify Sage Configuration Data Formats Users Database File 2 0 ene e eee e enn ee tenes Resource Database File 2 0 c cece ccc cee eee beeeeeceseseresebeseies Configuration File 2c0c02 02 ccecsees sewewseeekeeeee es wees he oe cee eee ade NES S aS ENtitleS 22 056 pb2os Secret esebis a beh hee bosie i eees eee bend eee Ss Relationships 3 2 s ctr skp este scent S Pak we aces anh ainda edie Mea SEEN ATA 10 Portal User Guide 379 379 391 397 403 403 404 405 Glossary 419 Index 423 Contents 11 Chapter 1 Introduction CA Eurekify Role amp Compliance Manager software provides solutions for the design implementation ongoing ma
236. f the campaign owner When a campaign has been delegated or escalated you can view the list of users who received ownership of the campaign iew Initiators UserName Organization OrganizationType Email Location Title Cooper Amos IT Security Corporate 54672910 company com IT Manager Cooper Amos IT Security Corporate 54672910 company com IT Manager Eurekify Admin Eurekify Eurekify Admin Close The information provided by the View Initiators table is based on the campaign s configuration files To view the campaign s initiator list 1 Click Advanced at the bottom of the Ticket Properties Form 2 Click View Initiators The View Initiators table appears in a separate browser window 150 Portal User Guide Chapter 9 Approval Process Tickets This chapter is designed for managers who can run post campaign Approval Processes and for entity managers who may receive Approver tickets as part of the approval process Note As the post campaign Approval Process is always started by the current campaign owner the owner of the Approval Process tree s root ticket will be designated in this chapter as the campaign owner even if the current owner of the ticket is actually someone who received the ticket during the Approval Process as a result of an escalation or delegation operation Following a campaign your next task is to review all the rejections that were generated in the course of the campaign As you know the campa
237. f you are seeking appropriate roles to add to your team s role assignments using the Suggest Roles service will provide you with a weighted list of roles where the weight is the result of pattern based analysis For further information concerning the weights applied to the Eurekify ERCM pattern recognition technology see Error Reference source not found This service is provided for users roles and resources as required The Eurekify Portal bases its suggestions on several available patterns Not all patterns are available for all entities The Suggest Entities service is available when you are requesting a suggestion for a recommended user role or resource The available options depend on the Self Service task that is calling for the Suggest Entities service The pre defined patterns are Matching Rights Used only for roles HR Pattern Used for both roles and resources Privileges Pattern Used for both roles and resources Matching Rule Used only for roles Each one of these patterns is documented in detail in the CA Eurekify Role amp Compliance Manager Sage DNA User Guide The pattern matching results appear in the columns of the relevant table For provisioning tasks the results appear in the Other Roles table For role definition tasks the results appear in the entity s designated table 198 Portal User Guide General Self Service Functions For the purposes of understanding what the Eurekify Portal is suggesting
238. figuration name Master_firstRun jodel configuration name Model_firstRun Settings XML file C Program Files Eurekify Eurekify Sage Client Tools V4 0 Software Converters CA CAConvert defaultSettings xml lapping XML file C Program Files Eurekify Eurekify Sage Client Tools V4 0 Software Converters CA CAConvert defaultMapping xml jax duration time seconds 2000 port client CARemoteSystemExternalProcessConnector lorkflow E Import Config Audit settings file Approved audits audit card icket type title FlowTicketForImport_V0 7 Chapter 13 Using Administration Functions 345 Setting Connectors The Details section provides you with the import connector s data The Import ticket provides the following functionality Close Closes the ticket Save Saves any changes made to the ticket Delegate Transfers the ticket to another manager Escalate Transfers the ticket to another manager Cancel Process Provides the option to manually terminate an import process Acknowledge The button is disabled until the process is completed Click to complete and archive the ticket To run a connector 1 In the Connector screen select the connector you want to run import or export and click Run next to it A warning window appears Are you sure you want to run Basic import connector 2 Click Yes to run the specified connector An Import Ticket is generated and it will appear in your Ticket Queue 3 Click Acknowledge when the proces
239. following topics The Tickets Pane see page 64 The Reports Bar see page 65 The Business Processes Bar see page 67 Chapter 5 Presenting the Home Page 63 The Tickets Pane The Tickets Pane This panel provides you with a table containing a list of your tickets The tickets displayed in this pane are campaign owner tickets for the campaigns you have created campaign Approver tickets when you are an approver for a specific campaign Approver tickets for entities you were assigned to manage and info tickets Some of the tickets have hierarchal tree structures that you can navigate The type of data fields displayed in this pane is determined by customizing the Ticket Queue Each column can be used to sort the ticket table Highlighted content displayed in the panel enables you to link to additional data Home My Tickets ID Title Status Children Type Received Owner Previous Owner Approval 04 12 2008 Eurekify Root 18 35 30 Admin Approval 04 12 2008 Eurekify Root 16 10 13 Admin G knf eer Approval 04 12 2008 Eurekify 221 4 amp Link of Team to Role s Approval Root Request None 1 Root 16 00 09 Admin 227 Link of Team to Role s Approval Root Request W In Progress 5 223 Link of Team to Role s Approval Root Request W In Progress 1 Eurekify a k 11 Y 91 User campaign for demo UserCertification In Progress Campaign 25 11 2008 Admin AD1 he b 22 41 50 Pending
240. fy Admin AD1 EAdmin Eurekify Admin AD1 EAdmin Ca Request to add user to role association role Title DB yau Link User 19 01 2009 1753 M E Developer characterstc Role 30 use Maw nomen Role 00 18 29 a Request to remove user to role association Delete 1754 role Organization Database Administrators New In Progress Link User Characterist Role 19 01 2009 00 18 29 Request to remove user to role association Delete a role Organization Database Administrators New In Progress Link User Characterist Role Request to remove user to role association Delete a role Organization Database Administrators New In Progress Link User Characterist Role 19 01 2009 00 18 29 19 01 2009 00 18 29 Introducing the Requests Table When generating a new role or updating an existing one other tickets will be generated as needed 1 Optional Click Back to return to the previous screen to amend your selections 2 Click Submit to generate the Self Service request tickets The Requests Sent screen appears Enterprise Role and Compliance Manager Kify Home Ticket Queue Dashboards Self Service Entity Browser Reports Administration Logout AD1 EAdmin Requests sent for approval ticket ID 1765 The Requests Sent screen lists the new ticket ID the ID of the ticket owner s root ticket You can view the new ticket tree in the Ticket Queue More information Running Self Service Task
241. ge My Team s Resource Assignments on the Self Service menu The Manage My Team s Resources screen opens More information Customizing a Data Table see page 22 Presenting the General Section MMT Resources Screen see page 223 Presenting the Users Table MMT Resources Screen see page 224 Presenting the Currently Enrolled Resources Table Manage My Roles Screen see page 226 Presenting the Other Resources Table MMT Resources Screen see page 229 Presenting the General Section MMT Resources Screen Manage My Team s Resources Business Area Universe Portal Business Process Description Chapter 10 Running Self Service Tasks 223 Manage My Team s Resources The General section of the Managing My Team s Resources screen contains the following fields Universe Select the Universe you wish to work with The users table and the available resources depend on the universe Business Area General information descriptive This information will appear in the Description field of the ensuing Self Service Approval Root ticket Business Process General information descriptive This information will appear in the Description field of the ensuing Self Service Approval Root ticket Description Provide a concise and meaningful description of the changes you intend to make to your team s resources Submit Click to submit your request for changes To enter the data in the MMT Reso
242. gemaster headers countduplicates errcode selfservice selfservice selfservice selfservice selfservice selfservice selfservice selfservice code selfservice s errcode selfservice e selfservice settings headers editimportexportpage error errc ode error loading bpr errcode error finding bpr errcode error finding universe errcode error starting approval errcode validate descriptionrequired errcode validate nouserisselected errcode validate norequestsmade errcode validate missingraciconfigurations err validate errorgettingraciconfiguration validate missingaccountablefor errcod validate racierrorfor errcode settings headers edituniversepage error errcode changeapproval child remove user role info title rejected errcode changeapproval child remove user role info title failed errcode Code prt009 prt010 prt011 prt012 sgm001 sgm002 sls001 sls002 sls003 sls004 sls005 sls006 sls007 sls008 sls009 sls010 sls011 ste001 ste002 tkt001 tkt002 Eurekify Sage Error Messages Description incorrect password for batch user failed to authorize user 0 the user does not exist in 1 configuration an error has occurred for more information please view the log file to relogin please click here error conflicts in the master configuration login field found 0 duplicate logins please review could not load bpr file 0 proceedi
243. gn Type USER Auto Generate Permissions true Configuration Model2_ConfigWithRoles Link Filter Direct Dual Audit Card Entity Filter No Filter Attachments jomments r Campaign Management Start Carnpaign Stop Carnpaign e Start Approval Proce Done LE Internet Restart Campaign When a campaign has been stopped it returns to its pre start conditions state Open status Pending action and the approver tickets are once again hidden from their owners gt ID Title State Status Type Received Owner 619 E Resource Resource Certification 620 639 645 663 697 Resource Certification Flag Lee Resource1 Resource Certification Angel Ben Resource1 Resource Certification Godheart Dan Resource1 Resource Certification Keren Cindy Resource1 Resource Certification Allen Sherman Resource1 Open Hidden Hidden Hidden Hidden Hidden Pending Action Pending Action Pending Action Pending Action Pending Action Pending Action 18 12 2008 Campaign 16 41 08 Campaign Manager Approver Campaian 18 12 2008 Manager ace Approver 16 41 08 18 12 2008 16 41 08 Campaign 18 12 2008 Manager Approver Campaign Manager abra Approver 7 Campaign 18 12 2008 Manager 4 47 Approver 16 41 09 16 41 08 Click Stop Campaign in the campaign s Ticket Properties Form to stop a Campaign More information Restart Campaign see page 120
244. he dependency between the rules is that all the criteria must be met AND in order for a record to be located Delete Allows you to delete the filter rule located next to the button Search Tickets Find tickets that match these criteria Status I EQUAL M Pending Action Owner v EQUAL Chapter 6 Tickets and the Ticket Queue 81 Ticket Tables Refresh 82 Portal User Guide Note The search only checks the top most ticket in each ticket tree within the Ticket Queue To search the Ticket Queue s table 1 Click Search on the Ticket Queue s menu bar The Search Ticket screen opens in a separate browser window 2 Create a rule by making selections from the search fields Click Add Condition to add additional rules Ww Click OK when you are satisfied with the query you have generated If there are tickets that match your filter statements they appear in the ticket table The Clear Filter button is added to the Ticket Queue s menu bar gt ID Title State Status Children 465 E User Certify Dec 2008 User Certification Open In Progress 466 New fuser Certification Eurekify Admin User Certify Dec Pending 5 Click Clear Filter to return to the original filtered by Ticket Queue menu options ticket table The Refresh button lets you update the contents of the current ticket table It is especially useful following the performance of actions that change the ticket s state and or status
245. he presentation of out of pattern and non compliance information to the approver A campaign runs a general corporate auditing process to determine the measure of the corporate compliance with various regulatory requirements on one hand and with internal policies on the other The campaign parameters are set by the administrator running the campaign This administrator also known as the campaign owner determines the universe on which the auditing process will be run which policies will be examined and several other aspects of the campaign The campaign directs the auditing process setting it to either basic role based auditing or policy compliance auditing By determining the campaign universe the administrator who is the campaign owner determines which configuration files will be audited Chapter 13 Using Administration Functions 313 Adding Campaigns 314 Portal User Guide The campaign owner is responsible for creating the campaign and must generate or verify the existence of The Universe in which the campaign will run The RACI permissions for this Universe The campaign analyzes the user information in the context of the links between the users roles and resources defined for the corporation A campaign can focus on the links from the various viewpoints creating User Campaigns which focus on the users and their links or Role Campaigns which focuses on the roles and their links or Resource Campaign which focuses on t
246. he Please Wait bar appears When the job is completed the new universe appears in the Universes list After you have created a new universe you need to perform the following actions m Update Eurekify users database m Create RACI m Sync RACI More information Running a Connector see page 345 Eurekify Configuration Settings see page 362 Create RACI see page 364 Synchronize RACI see page 365 331 Chapter 13 Using Administration Functions Setting a Universe Editing a Universe 332 Portal User Guide To edit an existing Universe 1 3 Click Edit next to the Universe that you want to edit You cannot change the name of a universe The contents of the other fields can be edited Note We recommend that when editing a universe s configuration file names make sure that the configurations were not assigned to another universe Click Save Note Sometime an issue exists for historical reasons that causes a message to appear At the bottom of the message you are asked if you want to auto repair the issues in this message Always click Yes Enterprise Role and Compliance Manager Home Ticket Queue Dashboards Self Service Entity Browser Reports Administre GENUST014 The following issues were found 1 the master configuration Masterl_ConfigWithRoles is nc 2 the master configuration Masterl_ConfigWithRoles has a 3 the model configuration Modell ConfigWithRoles is not 4
247. he corporate resources and their links Each campaign is defined for a specific viewpoint A campaign is completed either when all the approvers have approved rejected the items they manage or when the campaign owner decides to arbitrarily stop the campaign The default workflow entails first running a campaign and collating all the rejected links and only afterwards are those links actually reviewed and either they are rejected severed or they are approved in spite of the problem that caused them to be rejected during the campaign Adding Campaigns The Certification Campaign screen is divided into three sections Settings Provides the campaign s unique settings Permissions Provides the ability to override the currently allocated permissions for the purposes of the campaign only General Contains the Create the Campaign button and the option to continue working while the campaign ticket is generated in the background Enterprise Role and Compliance Manager Home Ticket Queue Dashboards Self Service Entity Browser Reports Administration gt Add Campaign Administration Settings Campaign Name Owner AD1 EAdmin 12 25 08 Description Due Date 01 01 2009 Universe Demo he Configuration Choose Configuration Audit Card None M Campaign Type UserCertification v Only use links from audit card Only use links not in audit card Permissions Z Automatic
248. he following options Add A column of check boxes one per role Select one or more to link the selected users to additional roles Role Name Click any highlighted role name listed in this column to open its Role Card Customize Allows you to determine the columns that will appear in the Other Roles table Records per page Select the number of records that will appear in the Other Roles table per page Find Roles Opens the Select Role filter screen to assist you in locating specific roles Test Compliance Checks whether the selections made in the Other Role table comply with existing policies and BPRs Business Practice Rules Suggest Roles Provides a list of possible roles based on the CA Eurekify Role amp Compliance Manager pattern recognition technology Chapter 10 Running Self Service Tasks 211 This table presents you with several options Manage My Team s Role Assignments m You can manually select one or more roles that you wish to link to the selected users m You can use the Find Roles filter option to find specific roles and then make a selection from the filtered list of roles m You can click Suggest Roles and use the information provided by this feature to link roles to the selected users Other Roles Showing 1 to 10 of 27 Role Name Organization Stamford Branch Fifth av Applicative role Organization Humen Resources Title Branch Officer Clerk Title Branch Manager
249. he ticket related actions executed since the creation of the ticket http localhost 8080 eurekify tms ui wicket bookmarkablePage 34popuppagemap_PopupWindow com e Windows Inter DAR http localhost 8080 eurekiFy tms ui wicket bookmarkablePage 34popuppagemap_PopupWindow com eurekify tms web common PopupWindow amp TICKET_ID 8348ACTIO Y View Transaction Log Date User Action Message 22 12 2008 17 13 01 DOMAIN Cooper Amos GUI SAGE startCampaign Start Campaign pressed 22 12 2008 17 13 01 DOMAIN Cooper Amos StatusChangeCmd status changed from Pending Action to SAGE InProgress and state OPEN La Internet Chapter 6 Tickets and the Ticket Queue 91 Info tickets The View Transaction Log table provides the following information Date The date when the transaction took places User Full user name Action The type of action taken Message A full description of the action taken To view the campaign s transaction log 1 Click Advanced at the bottom of the Ticket Properties Form 2 Click View Transaction Log The View Transaction Log table opens in a separate browser window 3 Click Close to close the pop up Info tickets Info tickets provide users with notification of changes made to the system s configuration files For example when a role definition is updated the role s manager is informed of the changes Delete Link User Role Ticket Id 570 E Owner Herman Barbara DOM Previous Owner Status Pendi
250. he user s manager and the role s manager will be assigned as approvers Users can become approvers for other users only if the Approver s name appears in the manager column of the Universe s Model configuration files for the specific user Users can become approvers for Roles and or Resources only if they are listed in the configuration s RACI presentation under Accountable this means that a specific user becomes accountable for a specific entity Therefore if you are listed as an entity manager you will receive Approver tickets when an administrator runs an Approval Process involving your assigned entity Self Service managers have overall control of the approval process They can transfer responsibility of the process to another manager or cancel the process when necessary As the Role manager for the role that is under review you are tasked with reviewing the changes requested by the Self Service manager Approval Processes that include adding links between a role and other entities will generate a Role Approver ticket This ticket summarizes all the requests that are concerned with adding links between your role and other entities Only if you approve the requests will the Eurekify Portal generate the Entity Approver tickets for theses requests The reason for this is that the system approves only requests regarding links that have been approved by the managers of both of the linked entities Therefore if you do not approve the request to a
251. he users database file with the first number being O thus the fourth user in the database will have a Eurekify Sage User ID of 3 The second set of lines identifies resources one line per resource in the following format Res lt Eurekify Sage Resource ID gt lt User Group Name gt lt Resource Name gt lt Resource Type gt The Eurekify Sage Resource ID is the rank of the resource in the resources database file with the first number being O The third set of lines in this section identifies roles if existing one line per role in the following format Role lt Eurekify Sage Role ID gt lt Role Name gt lt Description gt lt Organization gt lt Owner gt Eurekify Sage provides automatic serial numbering of roles If a configuration is created from an EUA and roles are being imported the Role Engineer can choose a specific numbering scheme as long as the numbers are unique and the Role Name is unique This section consists of the following types of line formats User Resource Permission User Res lt Eurekify Sage User ID gt lt Eurekify Sage Resource ID gt User Role Permission User Role lt Eurekify Sage User ID gt lt Eurekify Sage Role ID gt Role Resource Permission Role Res lt Eurekify Sage Role ID gt lt Eurekify Sage Resource ID gt Role Hierarchy Permission Role Role lt Eurekify Sage Role ID of parent role gt lt Eurekify Sage Role ID of child role gt Appendix D Eurekify Sage Co
252. heir respective Accountable person There are four RACI configurations one for each of R A C I ERCM automatically creates the A configuration based on the Owner or Manager fields of the Universe RACI Operations To create the RACI configurations 1 On the Administration menu click Create RACI The Create RACI configurations screen opens Create RACI Configurations Choose Universe Choose One Create RACI 2 Select a Universe from the drop down 3 Click Create RACI An appropriate notice appears when the process is completed Create RACI Configurations Choose Universe Porta v Create RACI e Successfully Created RACI configurations for Portal Note If the RACI configuration files become corrupted you can access them through the Eurekify DNA module On the File menu click Review Database This allows you to view delete the files More information Eurekify Configuration Settings see page 362 Synchronize RACI Once the Universe s RACI configuration is created it needs to be maintained in order to account for additional entities which are added to the universe and therefore should also be reflected in the Universes RACI Note RACI synchronization does not affect the links already present in the RACI configurations It just adds new entity data or deletes entities that no longer exist This means that if an existing entity s manager was changed the Synchronize RACI utility will not update
253. her following a campaign or following changes in corporate regulations or policies it is necessary to update the actual links between the corporate users and the systems roles and resources or to generate new roles This need is fulfilled by using the Self Service tasks Note The general functionality available in Self Service task screens is already documented in Using the Eurekify Portal Interface see page 19 and therefore will not be documented in this chapter Chapter 10 Running Self Service Tasks 193 Approval Process Info Tickets 194 Portal User Guide This chapter documents all the Self Service tasks available via the Eurekify Portal Managers will have access only to those features for which they have been provisioned For the purpose of this manual the Self Service tasks are divided into two groups Provisioning Tasks Includes all the tasks that manage a user s roles resources Manage my team s role assignments Manage my role assignments a Manage my team s resource assignments a Manage my resource assignments Defining Roles Tasks Includes the role definition tasks m Request a new role definition m Request changes to a role definition Note If you find it necessary to run a Self Service task that does not appear in your Self Service menu please report this to your system administrator The Eurekify Portal lets you add links to your favorite Self Service tasks on the Home Page My Business Processes M
254. ible When the ticket has been processed the ticket state changes to Done and you can archive the ticket As tickets can be hierarchal that is actions taken on a ticket located higher in a ticket tree can impact on a ticket lower in the tree For example a campaign ticket tree consists of the Owner ticket root ticket and the associated Approver tickets The number of Approver tickets associated with a specific campaign is listed in the Children column when visible Until the Campaign owner starts the campaign the Approver tickets are listed in the campaign owner s Ticket Queue as state Hidden and the Approver tickets do not appear in the respective approvers Ticket Queues Once the campaign has begun the state of the Approver tickets listed in the campaign owner s Ticket Queue changes to New And the Approver tickets are now visible in their respective approvers Ticket Queues The approvers can now begin to examine the links provided in the Approver tickets Another facet of a ticket s life cycle is that some tickets under certain conditions can be transferred to another user For example a senior administrator can generate a campaign the campaign owner and then transfer campaign ticket ownership to another system administrator Approval Process tickets can also be transferred by their owners The Eurekify Portal uses the terms delegate escalate to denote such a transfer Delegate The act of appointing a more junior manager t
255. ic Role 40 0 Min 40 10 10 Details 10 10 10 10 Details HR Application 10 10 10 10 Details Characteristic Role 100 0 Min Developers 60 10 10 10 10 Details Records per page 10 200 Portal User Guide Click Suggest Entity to activate this service as part of a provisioning task The table in which it is located changes and contains following columns Service Added Columns Suggest Roles Four pattern columns plus a Details column Suggest For Provisioning task screens Resources Two pattern columns plus a Details column For Role Definition task screens The Enrolled column Suggest Users The Enrolled column General Self Service Functions In a Provisioning task screen click a highlighted link in the Details column and further information about the users and how they match the specific role resource appears in a separate browser window UGFINAR RACFPROD RACF22 a Person ID UserName Organization OrganizationType Country Relevance Herman 64646410 Sine Operations Corporate US HR Pattern Herman Barbara Privileges Operations Corporate US pattern 64646410 Chapter 10 Running Self Service Tasks 201 General Self Service Functions Click in the upper right hand corner to close the window The Enrolled column which appears in Role Definition task screens provides the number of selected users resources linked to this resource user Enterprise Role and Compliance M
256. ickets 127 Campaign Approver Tickets Campaign Approver Tickets When you create a new campaign you can see all the Approver tickets associated with your campaign as well as the main campaign ticket and your own Approver tickets where relevant The Approver tickets are listed in your ticket queue as branches of the campaign ticket tree Which entity managers are assigned to a campaign as approvers depends on the nature of the campaign For a user certification campaign user managers will be assigned as approvers Fora role certification campaign role managers will be assigned as approvers Fora resource certification campaign resource managers will be assigned as approvers Each approver is in charge of reviewing the links between the entity they are managing and the other entity types For example in a user certification campaign user managers will be charged with reviewing their team s links to roles and resources You can open any of the Approver tickets view the contents and reassign any of the listed entity links You cannot add comments attachments view the initiators or view the transaction log from within a Ticket Properties Form that you do not own see Owner field in the upper part of the screen Ticket Properties Form Windows Internet Explorer http flocalhost 8080 eurekify tms ui wicket bookmarkablePage com eurekify tms web template DefaultTicketPagetticketId 1112 Campaign Manager Approver
257. ickets belonging to the ticket tree will be reviewed and each request either rejected or approved Ticket Properties Form Windows Internet Explorer DER http flocalhost 8080 eurekify tms ui wicket bookmarkablePage com eurekify tms web template DefaultTicketPage ticketId 1649 v Approval Root a Ticket Id lis Owner Eurekify Admin Previous Owner _ Status pending Action Due Date Low Severity Minimal v State pone Modified Date 12 01 2009 11 30 14 Date Created 12 01 2009 11 28 08 Title lin direct Link User Campaign Approval Root Request Description Approval Root Request Request was submitted on Universe Portal from Indirect Link User Campaign lt lt Less Details onfiguration Name Model2_ConfigWithRoles Advanced v Done internet R100 Click Acknowledge to finish the Approval Process The Executing bar appears When the process is complete the ticket is archived 170 Portal User Guide Approval Process Root Ticket Approval Root Ticket Advanced Functions The Approval Root ticket provides the following Advanced functionality Add Comment Manually add a comment to the ticket Add Attachment Add an attachment or URL to the ticket View Transaction Log The transaction log provides a history of the ticket related actions executed since the creation of the ticket View Children Opens a table which provides you with information concerning all the nodes leaves that are located
258. ign itself is a straightforward review of the current links present within the campaign s selected universe and configuration from a specific entity s point of view As such during a campaign you can approve or reject a link but the final decision regarding rejected links is postponed The Approval Process sends every rejected link to the managers of the involved entities both sides of the link allowing them the final say as to whether to reject the link or not This means that during the approval process Tickets will be sent to both the user manager and the role manager of each rejected user role link Tickets will be sent to both the user manager and resource manager for each rejected user resource link Tickets will be sent to both the role manager and the resource manager for each rejected role resource link Tickets will be sent to the role manager s for each rejected role role hierarchy link Note The rejection or approval of a link during this process is final and will not be sent for further review Chapter 9 Approval Process Tickets 151 Advanced CMA Ticket Functions 152 Portal User Guide The approval process is started by the current campaign owner When an instruction to begin an Approval Process is given the CA Eurekify Role amp Compliance Manager generates a hierarchal Approver Process ticket tree The ticket tree comprises three nodes Approval Root ticket This ticket belongs to the campaign
259. ill see entity tables for the linked entities The following table describes the entity tables found in each Approver Ticket type User Campaign CMA Main entity table Users Link tables Roles and Resources Role Campaign CMA Main entity table Roles Link tables Users Resources Child Roles and Parent Roles Resource Campaign CMA Main entity table Resources Link tables Users and Roles Note Only the ticket owner can approve or reject a link The campaign owner can reassign a specific link within a Campaign Approver ticket to another approver Ticket Properties Form Windows Internet Explorer DER ejl http localhost 8080 eurekify tms ui wicket bookmarkablePage com eurekify tms web template DefaultTicketPagegticketId 756 v Campaign Manager Approver s Ticket Id 756 Owner Cooper Amos Previous Owner Status Pending Action Due Date 15 01 2009 00 00 00 Priority Normal Severity Medium lt State Open sy Modified Date 22 12 2008 17 16 24 Date Created 21 12 2008 12 28 38 Title User Certification Eurekify Admin Resource certification Description User Certification Eurekify Admin Resource certification Close Save and Reassign Hide Selected Reassigned From ie ME ons 1 X gt Progress Violations PersonID UserName Organization OrganizationType Ol 3 6 Joe Dassin 99883136 Joe Dassin Sales Corporate E Roles 2 Resources 4 Add Attachment View Initiators View Tra
260. in 40 Applicative Role Company BASIC ROLE Basic role for all users that have access to IT Org Role Enterprise Fifth av Applicative role Role By 2 Resources Applicative Role Fifth Ave Branch Novell HR Application Characteristic Role 40 0 Min 40 Applicative Role Company Organization Application Development Characteristic Role 100 0 Min 40 Org Role Application Development Organization Database Administrators Characteristic Role 100 0 Min 40 Org Role Database Administrators Organization Fifth Ave Branch Characteristic Role 100 0 Min 40 Org Role Fifth Ave Branch Organization Finance Characteristic Role 100 0 Min 40 Org Role Finance Customize Filter Records per page HR More information Role Card see page 31 Chapter 12 Introducing the Entity Browser 311 Specific Entity browser Resource Browser Click the Resources tab to view the Resource browser The Entity Browser s Resource Browser shows resource information for the selected configuration The data and the field names are obtained from the configuration s resource database rdb Note The highlighted column is predefined and cannot be customized You can click the highlighted Res Name 1 in any record to open that resource s Resource Card Entity Browser Universe Portal Configuration Model2_ConfigwithRoles M Users Roles Resources Showing 1 to 10 of 83 9172394567899 Res Name 1 Res Name 2 Res Name 3 APPLDEV RA
261. in the lt Eurekify home directory gt lt Converter directory gt Use the Eurekify DM module to update Master configuration The original configuration downloaded from the production computer The master configuration presents the real world definitions Model configuration A copy of the master configuration The audit process is run on the model configuration and the resulting updated set of configuration files is compared by the Eurekify Sage DNA system to the original master configuration files The differences are then uploaded to the production computer RACI A RACI diagram or RACI matrix is used to describe the roles and responsibilities of various teams or users It is especially useful in clarifying roles and responsibilities in cross functional departmental projects and processes Within the Eurekify Portal this is the source of the Approvers mentioned in this manual They are listed in the Accountable configuration file 420 Portal User Guide Role to Role Link Ticket Universe Violations Workflow The RACI diagram divides tasks into four participatory responsibility types which are then assigned to different roles in the project or process The following responsibility types make up the acronym RACI Responsible Those who do work to achieve the task There can be multiple resources responsible Accountable Also Approver The resource ultimately answerable for the correct and thorough completion of the tas
262. in the DNA and you want to make sure that anyone running the system will use the updated data Enterprise Role and Compliance Manager Home Ticket Queue Dashboards Self Service Entity Browser Reports Administration Logout AD1 EAdmin Administration gt Clear Cache Clear Caches To load a specific configuration into the Eurekify Server s memory cache 1 On the Administration menu click Clear Cache The Clear Cache screen opens 2 Click Clear Caches to clear the Eurekify Server s memory cache Chapter 13 Using Administration Functions 355 Properties Settings Properties Settings The Properties Settings utility gives you access to the system property file Eurekify properties allowing you to create new property keys and access and edit the values of existing property keys For ease of use properties that are considered to be common properties such as of the type properties headers commonProperties are listed separately under the Settings sub menu as Common Properties Settings This utility functions in the same way as the general Properties Settings utility Enterprise Role and Compliance Manager Home Ticket Queue Dashboards Self Service Entity Browser Administration gt Settinas gt Properties Settings Reports eure Administration Showing 1 to 20 of 111 Type Edit Eurekify_home_properties_file Edit Eurekify_home_properties_file Edit Eurekify_home_properties_file Edit Eurekify_ho
263. ing and audit processes proceed Use the instructions in Appendix A Duplicating a Configuration see page 391 to generate the master model configuration files using the Eurekify Sage DNA module If necessary edit the Universe so that the listed master model configurations will match the ones you generated After creating editing a Universe you have to enter the users associated with the universe into the Eurekify master configuration so that the users will have access to the Eurekify Portal More information Eurekify Configuration Settings see page 362 RACI Operations see page 364 Editing a Universe see page 332 Chapter 3 Getting Started 45 Step 5 Creating a Campaign Step 5 Creating a Campaign A campaign is an audit process which entails reviewing links between users roles and resources Managers in charge of various entities are notified that a campaign has begun The tasks assigned during the campaign are presented to the campaign owner and approvers as tickets The tickets include the data they have to review and approve or reject as the case may be More information Running a Campaign A Case Study see page 48 Adding Campaigns see page 313 Step 6 Exporting Entity Data 46 Portal User Guide The differences between the original real world configuration that was downloaded from the system end points Master and the updated and corrected configuration that has gone through a
264. ing Campaigns You can take advantage of Audit Cards and utilize them during a certification campaign by providing the name of the Audit Card in the Add Campaign screen In this case the Audit Card provides a kind of overlay over the entities being certified enabling the display of the current violations The campaign entities are matched with the violations in the selected Audit Card and for each such entity or link that is found to have a violation associated with it the campaign presents the entity or related entity in case of link in red and the number of violations is displayed in red as well in the Approver ticket s entity link table in the Violations column Reassigned From Approver Progess 0 6 0 1 v X d Progress Violations PersonID UserName Organization OrganizationType Comment gaa 74 Joe Dassin 99883136 Joe Dassin Sales Corporate x Chapter 13 Using Administration Functions 323 Adding Campaigns For example if there is a pattern violation regarding a user e g the user is suspected as a collector or if there is a compliance violation for a user who is not allowed to have both roles A and B and yet it is found that the user is linked to both roles Such a finding will cause the user name to appear in red in the campaign s Approver ticket entity table Campaign Manager Approver EEE A 1409 Owner Eurekify Admin AD1 Previous Owner Status Pending Action Due Date 31 01 2009 00 00 00
265. ing Dept Records per page As the Manage My Roles screen allows many options and great flexibility the procedures will be broken up by section m The fields in the General section m The Currently Enrolled Roles table options and functionality m The Other Roles table options and functionality To manage my role assignments click Mange My Role Assignments on the Self Service menu The Manage My Roles screen appears More information Customizing a Data Table see page 22 Presenting the General Section Manage My Roles Screen see page 216 Presenting the Currently Enrolled Roles Table Manage My Role Screen see page 217 Presenting the Other Roles Table Manage My Role Screen see page 218 Chapter 10 Running Self Service Tasks 215 Manage My Role Assignments Presenting the General Section Manage My Roles Screen Manage My Roles Business Area Universe Portal Business Process Description The General section of the Managing My Roles screen contains the following fields Universe Select the Universe you wish to work with The users table and the available roles depend on the universe Business Area General information descriptive This information will appear in the Description field of the ensuing Self Service Approval Root ticket Business Process General information descriptive This information will appear in the Description field of the ens
266. ing the link between the user and the selected role If you choose more than one user the Currently Enrolled Roles table will present an additional column Enrollment Currently Enrolled Roles Add Remove Enrollment Role Name Description Type Organization Rule Owner i i Basic role for all users that o AS 3 3 100 BASIC ROLE have aces fT Org Role Enterprise No Rule 82922230 Database Organization Database Administrators Administrators 2 3 66 Title DB Developer Characteristic Role 50 Org Role Title DB Developer Title DB Developer 77371120 Organization Database Characteristic Role 100 0 3 3 100 admin istrators Min 40 Org Role 99883135 In the case of multiple user selection you can m Select the Remove check box next to a role thereby severing the link between the users and the selected role m Select the Add check box next to a role to which only some of the selected users were enrolled thereby linking all the chosen users to the selected role The Currently Enrolled Roles table provides the following options Add A column of check boxes one per role Select one or more The check boxes next to roles that are already linked to all selected users will be disabled Remove A column of check boxes one per role Check one or more to remove the link between the selected users and the selected roles Enrollment This column appears only when selecting multip
267. ion the Entity Browser main window displays the search results Entity Browser Universe I Configuration odel2_ConfigWithRoles x Users Roles Resources Showing 1 to 10 of 69 4 41234567 Person ID lt Name Organization Organization Type 45489940 teiven Pat System Management Corporate 47868650 Moris Bill System Management Corporate Rodman Adam System Management Corporate Cooper Amos IT Security Corporate Alex Patrick Application Development Corporate 58723810 Miles Buyer Purchasing Corporate 64646410 Herman Barbara Operations Corporate 65656540 Pheonix Wiliam Application Development Corporate 67283470 Angel Ben System Management Corporate 67565330 Schwarts Barry Human Resources Corporate Customize Filter Records per page 10 _ The search results are presented using three tabs m Users m Roles m Resources The standard operations available for all data tables are available here as well To obtain a specific list of entities 1 Click Entity Browser on the menu bar to open the search screen 2 Select a Universe from the drop down list 3 Select a Configuration from the drop down list The Loading bar is visible until the search results appear More information Entity Card and Data Table Tabs see page 26 Setting the Number of Records Per Page see page 23 Customizing a Data Table see page 22 Filtering a Data Table see page 24 308 Portal User Guide Specific Entity brows
268. ions the following functions can be found in all of the tickets Escalate Delegate More Details Less Details The functions that are unique to the various tickets will be described in the relevant sections Approval Root campaign owner m Delete Link Entity1 Entity2 campaign owner m Delete Link Entity1 Entity2 Approver ticket Escalate This function lets you transfer the selected ticket to a more senior manager Once you have transferred the selected ticket to the new ticket owner the original ticket is archived and will no longer appear in your list of active tickets Only the current ticket owner can escalate a ticket When a ticket is escalated a new ticket is generated with the new owner listed in the Owner field and the manager who escalated the ticket s is listed in the Previous Owner field Ticket Properties Form Windows Internet Explorer http flocalhost 8080 eurekify tms ui wicket bookmarkablePage com eurekify tms web template DefaultTicketPagetticketId 1824 Herman Barbara Previous Owner Rami Sas Eurekify Rat Status pending Action 19 01 2009 22 47 43 Priority Low lt Severity State open J Modified Date 19 01 2009 23 25 28 Date Created 19 01 2009 23 11 22 Title User Approval Request to delete role Organization Database Administrators Characteristic Role 100 0 Min 40 from user Rodney Sergio 75676560 Description User Approval Request to delete role Organiz
269. is indicates a problem that needs to be corrected Chapter 14 About Security amp Permissions Security In a world where corporate security has immense ramifications especially when you consider the potential harm that could result from loss inaccuracy when unauthorized personnel attempt to use various features alteration by unauthorized users or misuse of data and resources It is important that the software operate at a level of security that is consistent with the prevention of such potential harm The Eurekify Portal is accessible to both senior administrators and regular users The different types of users have different needs and system usage The Eurekify Portal has a comprehensive Role based security and permissions structure aimed at ease of use on one hand and maintaining appropriate security on the other hand This chapter discusses the Eurekify Portal s security issues and solutions both on the general level and on the user level This section contains the following topics Security see page 369 Permissions see page 372 Software security is intended to prevent both unintentional and malicious harm There are various ways of achieving this goal This section presents the Eurekify Portal s solutions for specific security issues This section covers the following topics Turning security on or off Authentication settings m Encryption More information Turning Security On Off see page 370 A
270. isabled for Approval Process tickets View Entity Opens the entity s card Two buttons are provided one for each side of the link under review View Consult Results This button appears only when the Consult service has been activated More information Add Comment see page 88 Add Attachment see page 90 View Transaction Log see page 91 View Initiators see page 163 View Parent see page 163 View Entity see page 165 Consult see page 179 Approval Process Approver Tickets View Consult Results When an Approver sends a request for a consult during an Approval Process the View Consult Results button is added to the ticket s Advanced function buttons When you click this button you open the View Consult Results window in a separate browser window Click Close to close the window You can use this utility to see what the consultation results are If at the time of the viewing no answers are available the screen will list this data as follows http localhost 8080 eurekify tms ui DER E http localhost 8080 eurekify tms ui wicket bookmarkablePa Y View Consult Results Action Counter No Answer 4 Close Internet R100 7 9a R zi Chapter 9 Approval Process Tickets 187 Approval Process Approver Tickets The View Consult Results table has two columns Action The action was taken by the consulting parties Counter The number of consultants who responded in this manner
271. it settings file Choose One Setting a Universe The Create New Universe screen contains the following fields Universe Name Provide the name of the universe Description Provide a description of this universe its use the type of configuration used etc Master configuration name The Universe s master configuration The file name has to have the extension cfg If the configuration was uploaded to the database the name will appear in the autocomplete list Model configuration name The Universe s model configuration If the configuration was uploaded to the database the name will appear in the autocomplete list Approved Audit Card The list of approved violations for the Universe if it exists Configuration Login field The field in the selected configuration file which provides the users login ID located in the users database file Configuration email field The field in the selected configuration file which provides the users email address located in the users database file Configuration user manager field The field in the selected configuration file which provides the user manager s ID user approver Configuration role manager field The field in the selected configuration file which provides the role manager s ID role approver Configuration resource manager field The field in the selected configuration file which provides the resource manager s ID the resource approver
272. ities see page 198 Introducing the Requests Table see page 253 Chapter 10 Running Self Service Tasks 221 Manage My Team s Resources Manage My Team s Resources For the purposes of the Eurekify Portal your team is essentially the users that you were assigned to manage As a team manager you may find it necessary to update resources because of corporate changes resource updates or following an audit process The Manage My Team s Resources MMT Resources allows you to manage your team s resources By generating a request to add new resources for either a specific user or a for a group of users m By severing the link between selected users and their current resources The resource management utility allows you to manually select a specific target resource but it also provides you with a list of suggested resources and their pattern based behavior thus giving you the information necessary to make an informed choice Enterprise Role and Compliance Manager _ eureXify Home Ticket Queue Dashboards Self Service Entity Browser Reports Administration Logout DOMAIN Herman Barbara Self Service gt Manage My Team s Resources Assignments _ Manage My Team s Resources Business Area Universe Portal Business Process Description Users Showing 1 to 10 of 69 Add Person ID 9 98383770 84847310 86544420 75676560 75464420 86023090 88311130 67565330 99883110 8921
273. ity Medium State Open E Modified Date 16 12 2008 18 41 40 Date Created 16 12 2008 18 37 42 Title User Certify Dec 2008 User Certification Description Certification Campaign for the end of 2008 Universe Portal Campaign Type USER Auto Generate Permissions true Configuration Model2_ConfigWithRoles Link Filter Direct Dual Audit Card Entity Filter No Filter Attachments Comments Campaign Management Start Campaign Stop Carnpaign Restart Carnpaign Start Approval Processes View Campaign Progress Send Reminder Add Attachment View Transaction Log View Children gt gt Hio a Campaign Management provides the campaign management functionality Ticket Properties Form Windows Internet Explorer 7 http f localhost 8080 eurekify tms ui wicket bookmarkablePage com eurekify tms web template Default TicketPagesticketId 835 Campaign Ticket Id Owner Eurekify Admin AD1 Previous Owner Status pending Action Due Date 15 01 2009 00 00 00 Priority Normal Severity Medium v State Open v Modified Date 21 12 2008 13 00 50 Date Created 21 12 2008 12 51 21 Title User Review User Certification Description End of year user audit Universe Portal Campaign Type USER Auto Generate Permissions true Configuration Model2_ConfigWithRoles Link Filter Direct Dual Audit Card Entity Filter No Filter Attachments jomments Campaign Management Restart Cam
274. k There must be only one A resource specified for each task Consulted Those whose opinions are sought Two way communication Informed Those who are kept up to date on progress One way communication Very often the role specified as accountable is also specified responsible Outside of this exception it is generally recommended that each role in the project or process for each task receive at most one of the participatory role types Although some companies and organizations do allow for example double participatory types this generally implies that the roles have not yet been truly resolved and so impedes the value of the RACI approach in clarifying each role on each task For further information on RACI see http www pmforum org library tips pdf_files RACI_R_Web3_1 pdf This type of link represents a hierarchal relationship Users who are members of a parent role are automatically members of the sub role and therefore provisioned with all the sub roles privileges Tickets are work items that can be viewed in the Ticket Queue They can be work related or informational and or hierarchal or provide a plain notification concerning a process A term used to denote a unique Master configuration Model configuration pair A violation is a breach of corporate security policies guidelines BPRs and or regulations The Eurekify ERCM identifies such infractions and lists them in Audit Cards where relevant While using the Eurekify Po
275. ked to the same resource Direct links and dual links are examined during the various review processes for example during campaigns or when assigning a role to a specific corporate team Indirect links are listed for the completeness of the information but are not subject to the review process The following is a list of possible direct links between entities user role m user resource m role resource m role role hierarchy Step 1 Creating a Universe Step 1 Creating a Universe A universe is a virtual location that encompasses the data collected from the enterprise security and or identity management system s This data is stored in the Eurekify configuration files A universe consists of a specific pair of master model configurations enabling tracking of differences between the real world configuration downloaded from the system master and the desired configuration generated following a campaign model To create a Universe you need the following information Master configuration file name and path Model configuration file name and path Approved Audit Card optional Audit Settings file name and path recommended Names of the fields in the configuration files that contain the following information login email user manager role manager and resource manager Note You can provide names of configuration files that do not yet exist In this case you will not have the field names and you will ha
276. ket Functions 192 Portal User Guide The Approval Process info tickets provide the following Advanced functionality Add Comment Manually add a comment to the ticket Add Attachment Add an attachment or URL to the ticket View Transaction Log The transaction log provides a history of the ticket related actions executed since the creation of the ticket View Parent Opens the current ticket s parent s ticket View Initiators View of list of the users who launched this ticket Click any of the functions to access data connected with the info ticket More information Add Comment see page 88 Add Attachment see page 90 View Transaction Log see page 91 View Parent see page 163 View Initiators see page 163 Chapter 10 Running Self Service Tasks The Eurekify Portal s Self Service feature provides local managers with the ability to do their own provisioning and or provision their team members on the fly by adding or removing links between themselves their team members and the corporation s roles and resources The Self Service tasks include the ability to create new roles or update existing one only available to managers with appropriate permissions Each task involves the functionality of one or more screens which will be documented in this chapter In Adding Campaigns we stated that managers do not update entity links during campaigns They are limited to approving or rejecting the current links At times eit
277. ks 239 Defining a New Role Defining a New Role 240 Portal User Guide The term roles as used by the CA Eurekify Role amp Compliance Manager is flexible and versatile allowing it on one hand to answer the need to define roles that comprise a class of access privileges and on the other hand answer the need to define roles that represent organizational structures within a business context For example a role can represent access to a specific type of software or a role can represent a hierarchal business structure component such as Manager Privileges Using the CA Eurekify Role amp Compliance Manager to build and maintain a corporate role model requires the flexibility to approach this issue from two points of view The first is by planning the corporate roles and defining them accordingly based on the organizational structure and other human resources related attributes The second is by mining existing corporate security and privileges information and structuring roles in a bottom up approach to match the enterprise privileges requirements The Eurekify Portal allows you to define new roles on the fly When the need arises to define a new role whether following an audit or in the course of an enterprise s life cycle you can do so directly and quickly The procedure comprises two screens m Request New Role Definition Definitions For Role Name New Role Name More information Reguest New Role Definition
278. ks or Resource links Chapter 8 Campaign Approver Tickets 141 Auditing Links Reassigning a Link The Eurekify Portal allows managers to choose to reassign a link listed in their CMA ticket for review to another Approver Therefore you as an Approver ticket owner can reassign any link listed in your Approver tickets When the reassignment process is completed a notice is sent automatically to both your email inbox and to the Approver who was reassigned the link Campaign owners can also decide to reassign links listed in specific Approver tickets so that they will now appear in the newly assigned entity manager s ticket in his her ticket queue The Approver who was reassigned the link will see the relevant ticket When you click the Save and Reassign button any changes already made to the ticket are saved Then the Find Reassign Users screens opens in a separate browser window Browse Tickets Windows Internet Explorer C http flocalhost 8080 eurekify tms uif wicket interface 10 Find Reassign Users Where Choose Field v Where Choose Field v Where Choose Field v Showing 1 to 30 of 140 UserName Rodney Sergio Moris Bill Rolen Dave Fred John Deer Alex O Goid Wiliam Organization Database Administrators System Management Finance System Management Fifth Ave Branch Human Resources Fifth Ave Rranch OrganizationType Corporate Corporate Corporate Corporate B
279. le resource notification title errcode changeapproval child remove role resource notification description errcode changeapproval child role task addroletoraci description errcode changeapproval child remove user role notificati on description errcode login errors invalidcredentials errcode login errors invalidcredentials errcode page admin failuremessage errcode error validate optionvalue errcode error validate command notfound errcode error validate command disabled errcode error addattachment noname errcode error filter errcode error filter resultempty errcode error command revokecmd errcode 386 Portal User Guide Code tkt033 tkt034 tkt035 tkt036 tkt037 tkt038 tkt039 tkt094 tms001 tms001 tms002 tms003 tms004 tms005 tms006 tms007 tms008 tms009 Description request to delete resource 1 from role 1 rejected request to delete resource 0 from role 1 failed the request to delete resource 1 from role 0 was rejected request was submitted on universe 2 from 3 the request to delete resource 1 from role 0 failed request was submitted on universe 2 from 3 request to delete resource 1 from role 0 is already in process the request to delete resource 1 from role 0 is already in process request was submitted on universe 2 from 3 to continue please choose an accountable user to 0 role the request to delete role 1 from
280. le users Numerically displays of users enrolled total of users selected for example 2 3 means that two of the three selected users are enrolled to this role This column also provides the value as a percentage for example 1 3 33 Role Name Click any highlighted role name listed in this column to open its Role Card Depending on the type of action you wish to take you may find that after selecting the appropriate check boxes in this section you have completed the task In this case you can ignore the Other Roles section and skip submit your requests by clicking Submit at the bottom of the Manage My Team s Roles screen Chapter 10 Running Self Service Tasks 209 Manage My Team s Role Assignments To make selections in the Currently Enrolled Roles table 1 In the Currently Enrolled Roles table click the relevant check boxes in the Add and or Remove columns At this point you can choose to a End the process at this point m Add additional roles to the selected users If you do not want to add new roles submit your requests Presenting the Other Roles Table MMT Role Screen This section allows you to enroll your selected user s to additional roles of your choice The actual enrollment will take place following a review process Note When you click Get Roles in the Users section a list of roles that are not linked to the currently selected user s appears in the Other Roles table In addition to managing
281. lected users Chapter 10 Running Self Service Tasks 235 Manage My Resources Presenting the Currently Enrolled Resources Table Manage My Resources Screen This section lets you manage your current resource enrollment When you originally selected the Universe the Eurekify Portal provided the list of your current resources within the universe s configuration Currently Enrolled Resources Remove Res Name 1 Res Name 2 Res Name 3 Description ManagerID Owner Location 236 Portal User Guide UGSAVESYS NTSAVE WinNT NTSAVE WinNT Fifth Av br System Admin 91236370 Houson TX UGADMGR Administration ROOT NOVELADM Novel4 NOVELADM Novell4 Active Directory Manager 67283470 Portland OR UGMPOPR RACFPROD RACF22 RACFPROD RACF22 Production RACF 77292450 Irvine CA UGMTOPR RACFTEST RACF22 RACFTEST RACF22 Test RACF 77292450 Irvine CA UGSILVSYS NTSILV WinNT NTSILV WinNT Silicon V br System Admin 91236370 Houson TX UGSTAMSYS NTSTAM WinNT NTSTAM WinNT Stamford br System Admin 91236370 Houson TX e mail outlook WinNT outlook WinNT MS email 91236370 San Mateo CA office2003 2003 WinNT 2003 WinNT MS office2003 91236370 San Mateo CA unixoper UNXMARKT Solaris26 UNXMARKT Solaris26 Unix operator 89123140 San Mateo CA In this case the only option available to you in this section is to click the Remove check box next to a resource thereby severing the link between you and the selected resource
282. les that you access while working with the Eurekify Portal Chapter 2 Using The Eurekify Portal Interface 21 User Interface Customizing a Data Table The Customize option is available for both Entity tables where it appears at the bottom of the data table and in the Ticket Queue Customize This option allows you to select which fields appear as columns in the data table E i g S S 2 5 Name Organization 87368000 Toper Jim Stamford Branch Branches 75675330 Davis Brett Database Administrators Corporate 94738470 German Tom Fifth Ave Branch Branches 58723810 Eyal Yavetz Purchasing Corporate 82653450 Hill Gary Fifth Ave Branch Branches 64646410 Ron Marom Operations Corporate 84848110 Fidelity Bob Operations Corporate 89653230 Doll Charles Database Administrators Corporate 94362210 poster Jillian Application Development Corporate 97373330 Katz Nancy Silicon Valley Branch Branches Add C l E O l D E E E E O O l a Is 2 N ID To customize a data table 1 Click Customize A Select Fields for lt Entity gt screen opens in a separate browser window Country UserName Location Organization Title OrganizationType Cost Center Suspended 22 Portal User Guide User Interface 2 In the Available Fields left hand panel select one or more using Ctrl Shift of the listed fields 3 Click the right arrow button to transfer the selected field s to the Selected Fields panel 4 Optio
283. links or they encompassed both adding and removing links the tickets generated by the request to remove links will still be generated As an approver you are tasked with making the decision whether to approve the request to add sever a link or not To aid you in the decision making process you have the ability to consult with other managers Important As several complex procedures are documented in this chapter it is important to remember that every ticket has a unique ticket ID number that can be used to differentiate between tickets of the same type that deal with the same issue but have different functionality or purpose This section contains the following topics Role Definition Approval Root Ticket see page 263 Role Definition Main Request Parent Ticket see page 267 Add New Role Ticket Tree see page 276 Update Role Ticket Tree see page 296 Role Definition Approval Root Ticket The Self Service Approval Root ticket is the root ticket that appears in the ticket queue belonging to the manager administrator who submitted the Self Service request When expanded you can view the tickets generated for the specific Role Definition Approval Process Enterprise Role and Compliance Manager Home Ticket Queue Dashboards Self Service Entity Browser Reports Administration Ticket Queue gt Open Mew Done Tickets State ID 2220 2221 2222 2223 2224 2225 2226 2227 2228 2229 2230 Ti
284. ll the requests to add a link between the new role and other entities For more information see Self Service Request Update Role Approver Ticket see page 303 Enterprise Role and Compliance Manager eure k ify Home Ticket Queue Dashboards Self Service Entity Browser Reports Administration Logout AD1 EAdmin Ticket Queue gt Open New Done Tickets gt ID Title State Status Children Type Received Owner Previous Owner H l P 1765 E Gy Link of Team to Role s Approval Root Request Open In Progress 1 pores 19 g Eurekify Admin fth av A N Update 19 01 2009 Eurekify Admin P 1766 E G update Role Fifth av Applicative role Open In Progress 11 Role 16 48 55 AD1 EAdmin Flag Lee Update 19 01 2009 oA eo Archived Approved 0 Role 16 49 24 DOMAIN Flag gt 1767 Role Approver Update Role Fifth av Applicative Lee role 296 Portal User Guide Update Role Ticket Tree After the Role manager has approved the enrollment of all the users in the Approver ticket stage 2 begins and a new set of tickets is generated Stage 2 Ticket Description 2 Approval Root ticket This ticket is identical to other Approval Process Approval Root tickets Self Service Main Request Parent An Update Role parent ticket Ticket Approver Ticket Only one An Update Role approver ticket The following sub trees are examples of possible Request sub trees for an Update Role ticket tree Ticket Description Approver Ticket This Role Approver ticke
285. llowed in Fifth Ave Roles Score 100 oO You can decide to make the request despite any violations or you can amend your selections 238 Portal User Guide Manage My Resources To link to additional resources 1 In the Manage My Resources screen scroll down to the Other Resources table Optional Click Find Resources to access the Select Resource filter screen Optional Click Suggest Resources to see the Eurekify Portal s recommendations Select one or more resources to link to the chosen users Optional Click Test Compliance to review your selections and check for possible violations The Violations screen opens in a separate browser window Click lt gt to close the Violations window Click Submit The Requests screen opens Person ID Name Privilege Herman Barbara 64646410 Herman Barbara 64646410 UGFINAR RACFPROD RACF22 Production RACF Herman Barbara 64646410 Herman Barbara 64646410 UGMTDBA RACFTEST RACF22 Test RACF Herman Barbara 64646410 Herman Barbara 64646410 UGSILVSYS NTSILV WinNT Silicon V br System Admin More information Approval Process Tickets see page 151 Customizing a Data Table see page 22 Setting the Number of Records Per Page see page 23 Filtering a Data Table see page 24 Test Compliance see page 196 Suggesting Entities see page 198 Introducing the Requests Table see page 253 Chapter 10 Running Self Service Tas
286. lt State Open Modified Date 16 12 2008 18 41 40 Date Created 16 12 2008 18 37 42 Title User Certify Dec 2008 User Certification Description User Certification Campaign for the end of 2008 Universe Portal Campaign Type USER Auto Generate Permissions true Configuration Model2_ConfigWithRoles Link Filter Direct Dual Audit Card Entity Filter No Filter Campaign Management Start Campaign stop Carnpa Restart Carnpais Internet R100 The screen presents you with both data and functionality The top part of the screen is always the same and contains the ticket information Field Description lt Ticket Title gt The type of ticket you are viewing appears in the screen s first line Ticket ID Each ticket has a distinct ticket ID number Owner The owner of the specific ticket The functionality of the ticket changes according to who is viewing the ticket Only the owner will have access to all the functions available for the specific ticket type Previous During campaigns or approval processes tickets may be Owner delegated escalated to other managers If a ticket was sent to the owner from another user that user s name not the current owner appears in this field Status Provides the ticket status 84 Portal User Guide Field Due Date Priority Severity State Modified Date Date Created Title Description The Ticket Properties Form Description Each ticket has
287. lt label gt lt data gt com eurekify web selfservice ResourcesT eamServicePage lt data gt lt checkPermission gt true lt checkPermission gt lt tag gt lt tag id manageSelfResources gt lt type gt internal lt type gt lt label gt Manage My Resources Assignments lt label gt lt data gt com eurekify web selfservice ResourcesSelfServicePage lt data gt lt checkPermission gt true lt checkPermission gt lt tag gt lt tag id requestNewRole gt lt type gt internal lt type gt lt label gt Request a New Role Definition lt label gt lt data gt com eurekify w eb rolerequests RoleDefinitionPage lt data gt lt checkPermission gt true lt checkPermission gt lt tag gt Appendix C Portal Structure XML 407 Sample Portal Structure XML lt tag id requestUpdateRole gt lt type gt internal lt type gt lt label gt Request Changes to a Role Definition lt label gt lt data gt com eurekify web rolerequests UpdateRolePage lt data gt lt checkPermission gt true lt checkPermission gt lt tag gt lt tag gt lt tag id EntityBrowser gt lt type gt internal lt type gt lt label gt Entity Browser lt label gt lt data gt com eurekify web entitybrowser EurekifyBrow serPage lt data gt lt checkPermission gt true lt checkPermission gt lt tag gt lt tag id Reports gt lt type gt mark lt type gt lt label gt Reports lt label gt lt checkPermission gt true lt checkPermission gt lt
288. lt lt Close Children View Resource Type Status Title Action Owner Select Select 176 Portal User Guide Goodman Bruce A rover Pending User Approval Request to delete resource UGMPMRK RACFPROD RACF22 DOMAIN Goodman Bruce pp Action Production RACF from user Garr Jim 77371120 Keren Cindy DOMAIN Keren Pending Resource Approval Request to delete resource UGMPMRK RACFPROD RACF22 Cindy Approve A ction Production RACF from user Garr Jim 77371120 You can access the corresponding Approver tickets by clicking Select in the ticket s row Approval Process Approver Tickets More information Add Comment see page 88 Add Attachment see page 90 View Transaction Log see page 91 View Initiators see page 163 View Parent see page 163 View Entity see page 165 View Children see page 164 Approval Process Approver Tickets When an Approval Process is set it motion following a campaign the Approver tickets are sent to all the relevant entity managers As an Approver your job is to either approve or reject the request to reject a link between two specific entities The Approver ticket supplies you with all the data you need to make the decision and with the required functionality to assist you in the process Ticket Properties Form Windows Internet Explorer http localhost 8080 eurekiFy tms uif wicket bookmarkablePage com eurekiFy tms web template DefaultTicketPagesticketId 1758 Delete Link U
289. lumns At this point you can choose to m End the process at this point m Add additional resources to the selected users If you do not want to add new resources submit your requests Manage My Team s Resources Presenting the Other Resources Table MMT Resources Screen This section allows you to enroll your selected user s to additional resources of your choice The actual enrollment will take place following a review process Note When you click Get Resources in the Users section a list of resources that are not linked to the currently selected user s appears in the Other Resources table In addition to managing the resources currently linked to the members of your team you can also request that the system provide a list of recommended resources for your selected users This list of resources will be displayed in the section Other Resources Other Resources Showing 1 to 10 of 76 4 412345678 Res Name 1 Res Name 2 Res Name 3 UGMTSYS RACFTEST RACF22 UGSYS TSSCREDIT TSS50 TESTDEV RACFTEST RACF22 UGMPOPR RACFPROD RACF22 UGMPMINI RACFPROD RACF22 UGSAPPUR SAPPROD SAPR3 secmgr UNXMARKT Solaris26 UGADGEN2 Administration ROOT NOVELADM Novel TESTDEV RACFPROD RACF22 UGMPDB2 RACFPROD RACF22 Customize Test Compliance Suggest Resources Records per page 10 Chapter 10 Running Self Service Tasks 229 Manage My Team s Resources 230 Portal User G
290. m Anne DOMAIN Yoham Anne Herman Barbara DOMAIN Herman Barbara o Steiven Pat A campaign owner can see all the tickets generated by the campaign and can therefore follow the campaign by navigating the 103 Info tickets Note A campaign has to be manually started by the campaign owner When you create a campaign and the campaign ticket is first created its state is listed as New After you open the ticket for the first time its state is changed to Open There are various actions a campaign owner can take prior to starting a campaign for example escalate a campaign The Approver tickets are listed as Hidden until you start the campaign Once you start the campaign the approvers can see the campaign tickets in their own ticket queue A campaign can be manually stopped by the campaign owner and later restarted if necessary The campaign owner can choose to archive a campaign ticket when he she is done with it The status column provides additional information When you first create a campaign the status is Pending Action After you manually start the campaign the status changes to In Progress As the campaign owner you can open any ticket that appears in your campaign tree You can therefore open Approver tickets and reassign the processes links entities listed within When you click on the campaign ticket title the top level of the campaign tree the Ticket Properties Form opens in a separate browser window Ticket
291. manager in swiftly setting the new role s Accountable Approver 2244 Owner Eurekify Admin Previous Owner Pending Action Low lt Severity Minimal x Open he 01 02 2009 13 04 15 Date Created 01 02 2009 13 01 40 Select Accountable to Role Manage Human Resources To continue please choose an accountable user to Manage Human Resources role GENTKT039 Delegate Escalate Continue Select Accountable Model2_ConfigWithRoles Manage Human Resources Type Organization2 Organization3 Organization Owner Rule Description Organizational Role Branch Corporate Human Resources 82922230 Organization Human Resources Organization Type Branches Ma resources 90873220 87368000 UGSTAMGEN NTSTAM WinNT UGSTAMLAN NTSTAM WinNT Domain Users NTSAVE WinNT Organization3 Organization Owner Rule Descrip Organizational Role Branch Corporate Human Resources 82922230 Organization Human Resources Organization Type Branches Managin Resources To Add UGSTAMGEN NTSTAM WinNT UGSTAMLAN NTSTAM WinNT Domain Users NTSAVE WinNT Add Comment Add Attachment View Transaction Log View Violations lt 280 Portal User Guide Add New Role Ticket Tree The Select Accountable Task ticket follows standard Eurekify Portal ticket guidelines In this section you will find information specific to the Select Accountable Task ticket lt Ticket Title gt
292. markablePage com eurekify tms web template DefaultTicketPagetticketId 2237 2237 Owner Cooper Amos DOMA Previous Owner 01 02 2009 05 38 49 Priority Low Severity Minimal State open Y Modified Date 02 02 2009 00 17 22 Date Created 01 02 2009 00 38 49 U Approval Request to add role Corporate Security Role provides resources to users who are involved with security at the corporate level to user Orr Taylor 8921372 Description Approval Request to add role Corporate Security Role provides resources to users who are involved with security at the corporate level to user Orr Taylor 89213720 Request was submitted on Universe Portal from Add Role lt lt Less Details Model2_ConfigwithRoles 89213720 ole Name Corporate Security pproval Process Result 3 lt gt C internet The New Role Approver ticket supplies you with all the data you need to make the decision whether to approve or reject the Role definition request The Approver ticket also provides you with the required functionality to assist you in the process More information Reject see page 185 Approve see page 184 New Role Approver Tickets General Functions see page 294 New Role Approver Tickets Advanced Functions see page 295 Chapter 11 Role Definition Tickets 293 Add New Role Ticket Tree New Role Approver Tickets General Functions 294 Portal User Guide The Self Service provisioning
293. me Approver 3 Click Save and Reassign The Find Reassign Users screen opens in a separate browser window 4 Optional Click Select to filter the table Browse Tickets Windows Internet Explorer DER a http localhost 8080 eurekify tms uif wicket interface 10 2 B Find Reassign Users Where UserName v contains Herman and Where Choose Field v contains and Where Choose Fek v contains UserName Organization OrganizationType Email Location Title ede Operations Corporate 64646410 company com coo vi LE internet R 100 5 Select a user from the list Click OK The selected links have been reassigned and the relative progress made is reported on the Approver Progress bar You see the icon gt next to the reassigned link in the entity table Note Replace user in the above procedure with either resource or role for instructions on how to reassign Role links or Resource links More information Filtering a Data Table see page 24 Eurekify Properties see page 397 Chapter 8 Campaign Approver Tickets 145 Auditing Links Adding Comments to Links The Approver ticket s Entity Link table provides you with the option to add comments next to specific links L X T Progress Violations PersonID UserName Organization OrganizationType Comment E goo 2 6 Joe Dassin 99883136 Joe Dassin Sales Corporate E Ta You can add comments next to the main entity collapsed table or next to a spe
294. me_properties file Edit Eurekify_home_properties_file Edit Eurekify_home_properties_file Edit Eurekify_home_properties_file Edit Eurekify_home_properties_file Edit Eurekify_home_properties_file Edit Eurekify_home_properties file Edit Eurekify_home_properties_file Edit Eurekify_home_properties_file Edit Eurekify_home_properties_file Edit Eurekify_home_properties file Edit Eurekify_home_properties_file Edit Eurekify_home_properties_file Edit Eurekify_home_properties_file Edit Eurekify_home_properties_file Edit Eurekify_home_properties_file Edit Eurekify_home_properties_file Property Key tms fiter variable delimiter workpoint deleteRole reference sage admin password format date display approvals configuration mail user tms debug raci sageMaster udb defualtCustomFields approvals configuration mail from sleepDelay approvals configuration webservice retry delay seconds approvals configuration updateRole minimumLinks approvals configuration mail serverPort workpoint deleteUserRole reference tms configuration mail user tms configuration xml properties tms ticketQueue maxChildren tms userColumns sage batch role sage batch debugMode tms configuration mail from Fiter Properties Keys Containing Apply Filter 441723456 Property Value DROL eurekify dd MM yyyy HH mm ss DemoV4 Eurekify com false ManagerID Title TMS eurekify com 2500 30 4 25 DURO DemoV4 Eurekify com tmsProperties approvalProperties 20 UserNam
295. mmended resources for yourself This list of resources will be displayed in the section Other Resources Res Name 1 Res Name 2 Res Name 3 UGMTSYS RACFTEST RACF22 UGSYS TSSCREDIT TS550 TESTDEV RACFTEST RACF22 UGMPMINI RACFPROD RACF22 UGADGEN1 Administration ROOT NOVELADM Novel UGSAPPUR SAPPROD SAPR3 secmgr UNXMARKT Solaris26 UGADGEN2 Administration ROOT NOVELADM Novell4 TESTDEV RACFPROD RACF22 UGMPDB2 RACFPROD RACF22 Records per page 10 Y The Other Resources section provides the following options Add A column of check boxes one per resource Select one or more Res Name 1 Click any highlighted resource name listed in this column to open its Resource Card Customize Allows you to determine the columns that will appear in the Other Resources table Records per page Select the number of records that will appear in the Other Resources table Find Resources Opens the Select Resource filter screen to assist you in locating specific resources Test Compliance Checks whether the selections made in the Other Resource table comply with existing policies and BPRs Business Practice Rules Suggest Resources Provides a list of possible resources based on the CA Eurekify Role amp Compliance Manager pattern recognition technology Chapter 10 Running Self Service Tasks 237 Manage My Resources This table presents you with several options m You can manually select one or more resources to which you wish to
296. mments You can click the violation number to display the relevant violations in a separate browser window Violations Windows Internet Explorer Type Date Status First Second Direct User 2009 01 06 Joe Dassin office2003 2003 WinNT MS Resource Link 16 21 04 0 99883136 office2003 Dua User 2009 01 06 Joe Dassin office2003 2003 WinNT MS Resource Link 16 21 04 0 99883136 office2003 Suspected Suspected 100 324 Portal User Guide Start Approval Process from DNA You can also apply the Audit Card to a campaign as a kind of filter which will place restrictions over which entity links are displayed in the Approver tickets and which are not In this case in addition to selecting an Audit Card in the relevant field in the Add Campaign screen you will also have to select one of the available options Only use links from Audit Card The Campaign Approver tickets will only display links that are listed in the Audit Card This is very useful if you wish to run a campaign that reviews only links that have been determined to be violations of system rules Only use links not in Audit Card The Campaign Approver tickets will only display links that are not listed in the Audit Card This is very useful when the Audit Card represents authorized violations and by filtering them out you are saving time as you do not want the approvers to re examine and certify these links Start Approval Process from DNA There is a p
297. n Filtering a Data Table see page 24 As an approver it is your task to approve or reject the request to delete a link between two entities When you choose to approve such a request click Approve and a Confirmation pop up window opens Confirmation 2 Are you sure you want to Approve Yes No Click Yes and the Executing bar appears When done the approver ticket s status is Approved and the ticket is archived The user whose privileges were altered by this decision receives a ticket and email notifying him of the change In the case of a role resource or role role hierarchy link the designated role resource managers are informed Enterprise Role and Compliance Manager eureXify 184 Portal User Guide Ticket Queue Dashboards Self Service Entity Browser Reports Administration Logout DOMAIN Angel Ben State Status Children Type Received Owner Previous Owner Delete Pending Link 29 01 2009 Action User 09 15 10 Role Request to delete role Organization System Management Characteristic Role 100 0 Min 40 New from Angel Ben DOMAIN Angel Ben Approval Process Approver Tickets More information Approval Process Info Tickets see page 189 Reject As an approver it is your task to approve or reject the request to delete a link between two entities When you choose to reject such a request click Reject and a Confirmation pop up window opens Confirmation J we vou sure you want to
298. n s ticket has the status Completed and a new ticket has been generated for Steve Kistor Enterprise Role and Compliance Manager Home Ticket Queue Dashboards Self Service Administration Ticket Queue gt New Tickets Entity Browser Reports E User Certification Katz Nancy First User Audit 2009 Hidden User Certification Goodman Bruce First User Audit 2009 Hidden E User Certification Allen Sherman First User Audit 2009 Hidden E User Certification Purple Mary First User Audit 2009 Hidden IS User Certification Katz Nancy First User Audit 2009 Hidden z User Certification Cooper Amos First User Audit 5009 Hidden fy User Certification Herman Barbara First User Audit 2009 Hidden E user Certification Levi Jay First User Audit 2009 Hidden g User Certification Schwarts Barry First User Audit 2009 Hidden El User Certification Allen Sherman First User Audit 3009 Hidden Action Pending Action Pending Action Completed Pending Action Pending Action Pending Action Pending Action Pending Action Pending Action Pending Action Campaign Manager Approver Campaign Manager Approver Campaign Manager Approver Campaign Manager Approver Campaign Manager Approver Campaign Manager Approver Campaign Manager Approver Campaign Manager Approver Campaign Manager Approver Campaign Reassigned Approver Chapter 4 Showcasing the
299. n auditing process Model are uploaded to the original endpoints thus updating the corporate and platform user and user privileges information so that they are now in compliance with corporate policies and various regulations More information Creating a New Export Connector see page 342 Scheduling a New Job see page 349 Chapter 4 Showcasing the Eurekify Portal Enterprise information security auditing has become increasingly relevant following new US and world wide legislation mandating corporate and enterprise auditing The computer security audit is a systematic measurable technical assessment of how the confidentiality availability and integrity of an organization s information is assured CA Eurekify Role amp Compliance Manager is capable of performing such security audits and it can also assist you in upgrading your information security The Eurekify Portal provides the Campaign facility as a tool towards assessing your corporate compliance with BPRs Best Practice Rules and the relevant legislation It is recommended that you run campaigns regularly on a quarterly or annual basis though critical information systems dealing with sensitive information or large monetary transactions should probably be audited as often as once a month Running a Campaign Campaigns review the system s permissions thereby assuring that only users with the appropriate provisioning can access the corporate resources and that u
300. n the users and the selected resource m Click the Add check box next to a resource to which only some of the selected users were enrolled thereby linking all the chosen users to the selected resource The Currently Enrolled Resources table provides the following options Add A column of check boxes one per resource Select one or more The check boxes next to resources that are already linked to all selected users will be disabled Remove A column of check boxes one per resource Check one or more to remove the link between the selected users and the selected resources Enrollment This column appears only when selecting multiple users Shows numerically of users enrolled total of users selected for example 2 3 means that two of the three selected users are enrolled to this resource This column also provides the value as a percentage For example 1 3 33 Resource Name Click any highlighted resource name listed in this column to open its Resource Card Depending on the type of action you wish to take you may find that after selecting the appropriate check boxes in this section you have completed the task In this case you can ignore the Other Resources and submit your requests by clicking Submit at the bottom of the Manage My Team s Resources screen To make selections in the Currently Enrolled Resources table in the Currently Enrolled Resources table click the relevant check boxes in the Add and or Remove co
301. nagement and auditing of role based privileges as well as solutions for the full enterprise compliance life cycle In 2008 Eurekify was acquired by CA the world s leading independent IT management software company This manual provides an overview and step by step instructions on how to use the Eurekify Portal The Eurekify Portal is a web based interface for CA Eurekify Role amp Compliance Manager The Eurekify Portal is designed to provide the user with access to the various Role Management RM and Compliance Management CM features offered by the CA Eurekify Role amp Compliance Manager system CA Eurekify Role amp Compliance Manager targets one of the most sensitive areas in information security and computer infrastructure management identity and access management IAM of user applications and enterprise role management ERM The large number of systems and applications and the frequent changes at large enterprises has made the management of authorization of employee access to information applications and other resources a very complex task especially given increasing regulatory requirements Eurekify has developed an engine that aims to automatically align a procedure or person s access to his her job at the enterprise For in depth details concerning the CA Eurekify Role amp Compliance Manager architecture and technology see the documents CA Eurekify Role amp Compliance Manager Sage DNA Data Management User Manual and CA Eu
302. nal To change the order of the fields listed in the Selected Fields panel select a field and click the down arrow or up arrow button 5 To remove a field from the Selected Fields panel select the field and click the left arrow button 6 When you finish making your selections click OK The selected fields will now appear in the relevant entity table Setting the Number of Records Per Page Most Entity tables allow you to determine the number of records per page that you can view The Records per page option appears at the bottom of the data table This option allows you to select from a pre defined list the number of records that will appear on every page The default number of records per page for most data tables is 10 Users Showing 1 to 10 of 69 4 41234567 Person ID Name Organization Organization Type 7368000 Toper Jim Stamford Branch Branches 75675330 Davis Brett Database Administrators Corporate 94738470 German Tom Fifth Ave Branch Branches 58723810 Eyal Yavetz Purchasing Corporate 82653450 Hill Gary Fifth Ave Branch Branches 64646410 Ron Marom Operations Corporate 84848110 Fidelity Bob Operations Corporate 89653230 Doll Charles Database Administrators Corporate 94362210 poster Jillian Application Development Corporate 97373330 Katz Nancy Silicon Valley Branch Branches Add 9 Oo E Oo E Oo Oo Oo Oo Lal o O ic a IS 3 N gt Records per page Chapter 2 Using The Eurekify Portal Inte
303. nd role hierarchy Similar resources In out of pattern entities Entities with many few connections An Audit Card file can be generated via the CA Eurekify Role amp Compliance Manager DNA client tool For further information see the section on Audit Card Generation and Management in the CA Eurekify Role amp Compliance Manager Sage DNA User Guide E Audit Card SQL localhost sqlexpress sdb Model2_ConfigWithRoles cfg Read Only Audit1 aud Configuration SQL localhost sqlexpr DER Base Configuration Suspected Suspected Suspected Suspected Suspected Suspected Suspected Suspected Suspected Suspected Suspected Suspected Suspected Suspected Suspected Suspected Suspected Suspected Suspected Suspected Suspected Z T Ea fd kd Ed Ed a Fd Fa kd Ea ig id a EZ id id id id Bd SQL sa localhostisqlexpress sdb Model2_ConfigwithRoles cfg Audit Code Score Descripti Tue Jan 06 1 Tue Jan 06 1 Tue Jan 06 1 Tue Jan 06 1 Tue Jan 06 1 Tue Jan 06 1 Tue Jan 06 1 Tue Jan 06 1 Tue Jan 06 1 Tue Jan 06 1 Tue Jan 06 1 Tue Jan 06 1 Out of Pattern User Out of Pattern User Out of Pattern User Out of Pattern User Out of Pattern User Out of Pattern User Out of Pattern User Out of Pattern User Out of Pattern User Out of Pattern User Out of Pattern User Out of Pattern User Helmuth Howard 83838380 Tope
304. ndent content where the content of the drop down list depends on the field you select One filter is an include statement Selected Field Includes Free text Note Sometimes the third filter statement option is the same as the first two To filter a data table 1 Click Filter A Filter lt Entity gt screen opens in a separate browser window Filter Roles Where Any Field v Is Any Value X And Any Field v Includes 2 Select the fields and their values from the drop down lists Enter text in the Includes box if necessary Note The Autocomplete feature is active for the lt Field Dependent Content gt drop down list You can also start typing a value and the list will automatically scroll down to it 3 Click OK The current table will now be filtered according to the selections you made Chapter 2 Using The Eurekify Portal Interface 25 User Interface Entity Card and Data Table Tabs Rule Description Reviewer The Eurekify Portal presents data in a very concise and easy to use manner To facilitate this the information is sometimes broken up into several parallel tables and each table is located under a separate tab For example the Entity Browser shows the search results in three tables Users Roles and Resources and each one is located under a separate tab The active tab s label is bold while the other tabs are gray Entity Browser Universe Portal XY Configur
305. ner start the campaign none of the approvers assigned to this campaign will be able to view their Approver tickets and the approval process will not begin Starting the campaign creates the following changes Field Before Start Campaign State Campaign owner New Open Open ticket Status Campaign owner Pending Action In Progress ticket Approver tickets Hidden from Visible to approvers approvers Click Start Campaign in the campaign s Ticket Properties Form to get the campaign going All the campaign s Approvers will receive notice of the new campaign in the email designated by the Eurekify master configuration Campaign Management Functions Stop Campaign You as the campaign owner can wait for all the approvers to complete their review or you can manually stop the campaign A campaign that was manually stopped can later be restarted Ticket Properties Form Windows Internet Explorer 7 http localhost 8080 eurekify tms uij wicket bookmarkablePage com eurekify tms web template Default TicketPage amp ticketId 835 Campaign Ticket Id Ras Owner Eurekify Admin AD1 Previous Owner Status pending Action 15 01 2009 00 00 00 Priority Normal lt Severity Medium State Modified Date 21 12 2008 13 00 50 Date Created 21 12 2008 12 51 21 Title Description Due Date Open user Review User Certification End of year user audit Universe Portal Campai
306. net Explorer L http localhost 8080 eurekify tms ui wicket bookmarkablePage com eurekify tms web template DefaultTicketPagesticketId 834 Campaign Ticket Id Owner Due Date Modified Date Cooper Amos Previous Owner Grek Admin AD1 Status Jp Progress Normal Severity Medium v State Open Title Description Resource certification User Certification jEnd of year review Universe Portal Campaign Type USER Auto Generate Permissions Configuration Model2_ConfigWithRoles Link Filter Direct Dual Audit Card Entity Filter No Filter Attachments comments Received Owner Note X 21 12 2008 12 29 06 Eurekify Admin AD1 EAdmin Delegated to Cooper Amos Campaign Management Stop Campaign Restart Carnpaign View Campaign Progress v 100 86 Portal User Guide The Ticket Properties Form Most non info type tickets have the following functionality Add Comments Click to add a comment to the ticket Add Attachments Click to add an attachment to the ticket View Transaction Log Click to view the ticket s transaction log Additional functions such as the option to view the ticket initiators view violations or view the relevant user depend on the ticket type Ticket Properties Form Windows Internet Explorer http localhost 8080 eurekify tms ui wicket bookmarkablePage com eurekify tms web template DefaultTicketPagesticketId 118
307. nfiguration Model2_ConfigWithRoles Link Filter Direct Dual Audit Card Entity Filter No Filter The General section of the Campaign Ticket Properties Form contains the following fields Universe The name of the universe on which the campaign is being run Campaign Type There are three possibilities User A campaign in which the approvers certify the entitlements of the user under their management The certification is in regard to the user s roles and resources Improper entitlements can be rejected Role A campaign in which the approvers certify the connection of the roles under their management The certification is in regard to the role s linked users and resources The certification also examines role to role hierarchal links Improper entitlements can be rejected Resource A campaign in which the approvers certify the connection of the resources under their management The certification is in regard to the resource s linked users and roles Improper entitlements can be rejected Auto Generate Permissions True or False When true the campaign overrides the system permissions and automatically provisions the campaign permissions Audit Card The name of the Audit Card Entity Filter The entity filter More information Adding Campaigns see page 313 110 Portal User Guide General Campaign Ticket Functions Advanced Campaign The Advanced section appears below the campaign ticket s General secti
308. nfiguration Data Formats 417 Glossary Approved Audit Card An Audit Card where all the listed violations have been approved It can be used during an audit to prevent repeated notices of violations that have already received approval Audit Card A file with the extension aud It is generated by the DNA It contains a list of violations or out of pattern situations Each entry is a violation connected to an entity or to a link It is possible to edit an Audit Card in the DNA module adding instructions to either fix a violation or approve one For further information see the CA Eurekify Role amp Compliance Manager DNA User Manual Children Ticket type specific The number of children listed for any campaign ticket denotes the number of Approvers assigned to the campaign The number of children listed for an Approver ticket is the number of entities the specific approver has to audit where entities refers to the campaign type user role or resource certification Configuration A Eurekify proprietary data structure that holds a snapshot of the definitions of users resources and roles if available as well as the relevant relationships privileges between them Connectors Connectors use the converters to access the production computer for both download and upload processes There are separate connectors for import and export procedures defaultSettings xml A connection details XML file located in the lt Eurekify home di
309. ng important information Once you have transferred the selected ticket to the new ticket owner the original ticket is archived and will no longer appear in your list of active tickets Only the current ticket owner can delegate a ticket When a ticket is delegated a new ticket is generated with the new owner listed in the Owner field and the manager who delegated the ticket s is listed in the Previous Owner field Ticket Properties Form Windows Internet Explorer http localhost 8080 eurekiFy tms ui wicket bookmarkablePage com eurekiFy tms web template DefaultTicketPagesticketId 1824 1824 Owner Henman Barbara__ Previous Owner Rami Sas Eurekify Ra Status Pending Action gt 19 01 2009 22 47 43 Priority Low Y Severity Minimal lt State open E Modified Date 19 01 2009 23 25 28 Date Created 19 01 2009 23 11 22 Title User Approval Request to delete role Organization Database Administrators Characterkstic Role 100 0 Mn 40 from user Rodney Sergio 75676560 _ Description User Approval Request to delete role Organization Database Administrators Characteristic Role 100 0 Min 40 from user Rodney Sergio 0520000 Request was submitted on Universe Demo1 from Link of Team to Role s Model_ConfigWithRoles 75676560 Organization Database Administrators Owner Note 19 01 2009 23 11 22 Rami Sas Eurekify Rami Escalated to Herman Barbara C internet A comment is gener
310. ng Action Due Date 18 12 2008 18 51 50 Priority Low Sore Minimal lt State Open 8 Modified Date 3 12 2008 13 52 39 Date Created 9 12 2008 13 51 50 Title Request to delete role Novell HR Application Characteristic Role 40 0 Min 40 from user Novell HR Application Characteristic Role Description The request to delete role Novell HR Application Characteristic Role 40 0 Min 40 from user Goid Wiliam 84847310 was rejected from User Certify Dec 2008 Delegate Escalate Acknowledge 92 Portal User Guide Info tickets The info ticket type is the same type as the ticket that was its origin For example an info ticket sent following an approval by both a role manager and a user manager of a request to delete the link between the user and role will be of the type Delete Link User Role gt ID Title State Status Children Type Received Owner Request to delete role Novell HR Application Delete j Herman Barbara 570 Characteristic Role 40 0 Min 40 from user New era Lin a DOMAIN Herman Nov i User Role Barbara Delete r Consult User Request to delete role BASIC ROLE Basic P 567 role for all users that have access to IT f Action re 13 45 08 Herman Barbara New Pending 18 12 2008 Receiving an Info Ticket The following lists who receives an info ticket and under what conditions Approval Process Owner When an approval process has been completed Approver When an a
311. ng without no bpr file defined proceeding without no universes available error starting approval process description field is required no user is selected no requests made missing raci configurations error getting raci configurations missing accountable for 0 raci error for 0 error fetching connector object 0 error fetching connector object request to delete role 1 from user 1 rejected request to delete role 0 from user 1 failed Chapter 15 Troubleshooting 383 Eurekify Sage Error Messages Field changeapproval child remove user role notificati on title errcode changeapproval child add user resource info title rejected errcode changeapproval child add user resource info title failed errcode changeapproval child add user resource info description rejected errcode changeapproval child add user resource info description failed errcode changeapproval child remove user resource info title rejected errcode changeapproval child remove user resource info title failed errcode changeapproval child remove user resource info description rejected errcode changeapproval child remove user resource info description failed errcode changeapproval child remove user resource notification title errcode changeapproval child remove user resource notification description errcode changeapproval child add role role info title rejec ted errcode changeapproval child add
312. ng_Dept Use this ticket s functionality when you wish to transfer the approval process tree to the management of another user or to cancel the approval process You can use the options in the ticket s Advanced section to access additional information concerning the current ticket and its parent and child tickets Click the ticket title to open the Ticket Properties Form in a separate browser window Ticket Properties Form Windows Internet Explorer le http localhost 8080 eurekify tms uif wicket interface 8 Add Role Ticket Id 2221 Owner Eurekify Admin AD1 Previous Owner Due Date 01 02 2009 05 29 04 Priority Low gt Severity Minimal lt State open Modified Date 01 02 2009 00 38 37 Date Created 01 02 2009 00 29 05 Title New Role Corporate Security Description New role Corporate Security More Details gt gt Done La Internet 100 This section covers the following topics m The Role Definition Main Parent ticket s General functions The Role Definition Main Parent ticket More Details section m The Role Definition Main Parent ticket s Advanced functions 270 Portal User Guide Role Definition Main Request Parent Ticket More information The Ticket Properties Form see page 84 Main Parent Ticket General Functions Role Definition see page 271 Main Parent Ticket Details Section see page 272 Main Parent Ticket Advanced Functions Role Definition see page 273
313. ns click OK The selected links will now appear in the Home page Reports navigation bar 66 Portal User Guide The Business Processes Bar The Business Processes Bar The Business Processes navigation bar lets you easily navigate to your most popular business processes The business processes that are available are those procedures listed also in the Self Service menu You can click Q to add links to your favorite ones Enterprise Role and Compliance Manager Home Ticket Queue Dashboards Self Service Entity Browser Reports Administration Logout AD1 EAdmin ID Title State Status Children Type Received Owner Previous Owner Eurekify 21 12 2008 12 51 21 Admin AD1 EAdmin Pending 835 Gi user Review User Certification Open Action 9 Campaign Audit Basic Alerts Manage My Team s Role Assignments Role Modeling Methodologies Comparison Manage My Team s Resources Assignments Policy Verification Report Certification Progress Report Chapter 5 Presenting the Home Page 67 The Business Processes Bar To generate a list of Business Process links 1 In the Business Process navigation bar header click o The Select Links for Business Process screen opens in a separate browser window Select Links for My Business Processes Manage My Team s Role Assignmen Manage My Roles Assianments Manage My Team s Resources Assic Manage My Resources Assignments Request a New Role Definition Request Changes to a Role Definiti
314. nsaction Log Ca internet R100 Chapter 8 Campaign Approver Tickets 137 Auditing Links Three columns in entity table contain check boxes with icons in the column header Sometimes a fourth icon appears in a row The icons associated with the entity tables are as follows Icon Description Expands the nested links tree showing the entities linked to the original entity For example in a user certification campaign Approver ticket each user is linked to roles and resources Clicking on the Roles and Resources in separate tables will reveal the linked Additional information A The Approve checkbox column Click this checkbox to approve a link x The Reject checkbox column Click this checkbox to reject a link sb The Reassign checkbox column Click this checkbox to Approver Progess reassign a link Z Collapses the link tree Click to expand the entity tree and see all the entity tables for the entities linked to this entity 0 8 0 1 N d Progress Violations RoleName Description Organization Type Comment jaf Organization IT Security Characteristic Role Characteristic Role 100 0 E 100 0 Min 40 Min 40 Sinin Org Role 2 E users vx Name Violations Relationtype Username Organization Organizationtype Country History Comment Flag Lee 91236370 Direct Flag Lee TT Security Corporate US History Cooper Amos Direct Cooper Amos IT Security Corporate us
315. nt campaign it is called a Campaign Reassigned Approver ticket and the reassignment details will be posted above the Approver Progress bar in the target Approver s new ticket Ticket Properties Form Windows Internet Explorer DER he http localhost 8080 eurekify tms ui wicket bookmarkablePage com eurekify tms web template DefaultTicketPage ticketId 1053 Campaign Reassigned Approver Ticket Id H 053 Owner Due Date 15 01 2009 00 00 00 Priority Normal lt d Medium State Open E Modified Date 25 12 2008 13 42 44 Date Created 24 12 2008 14 28 15 Title user Certification Purple Mary User Review Description User Certification Purple Mary User Review Reassigned From Purple Mary DOMAIN Purple Mary Approver Progess 0 10 0 S X Progress Violations PersonID UserName Organization OrqanizationType Comment HAalooo Purple Mary 67762440 Purple Mary Fifth Ave Branch Branches E Attachments comments Add Comment Add Attachment View Initiators View Transaction Log Done 144 Portal User Guide Auditing Links To reassign a user link In the Ticket Properties Form click next to the user you wish to audit 1 The associated Roles and Resources tables appear 2 Select the check box in the T reassign column next to the user s role s and or resource s you want to reassign Note If you select more than one role resource they will all be reassigned to the sa
316. o 10 of 28 Add Customize Role Name Organization Human Resources RACF Public access Organization Applicetion Development Title Operator Sales Team Organization Database Administrators Organization System Management Organization Stamford Branch Title Branch Manager Organization Marketing_Dept Test Compliance Description Basic role for all users that have access to IT Organization Operations Characteristic Role 100 0 Min 40 Suggest Ro Type Organization Rule Org Role Enterprise Description Characteristic Role 85 7 Min 40 Characteristic Role 100 0 Min 60 Characteristic Role 100 0 Min 40 Characteristic Role 50 Role By 2 Users Characteristic Role 100 0 Min 40 Characteristic Role 100 0 Min 40 Characteristic Role 100 0 Min 40 Characteristic Role 50 Characteristic Role 100 0 Min 40 les Org Role Operations Type Org Role Applicative Role Org Role Org Role Org Role Org Role Org Role Org Role Org Role Org Role Copyright C 2008 Eurekify All Rights Reserved Build 08 11 26 01 No Rule Organization Operations Logout DOMAIN Herman Barbara Owner 82922230 64646410 444123 gt Organization Human Resources Company Application Development Title Operator Sales Database Administrators System Management Stamford Branch Title Branch Manager Market
317. o add role to role association parent role Corporate Security child Link Role Role In Progress role Organization IT Security In Progress Request to add role to resource association resource public role Corporate Security In Progress Request to add role to resource association resource PUBLIC role Corporate Security In Progress Request to add role to resource association resource UGMTSYS role Corporate Security Records per page 20 Y 274 Portal User Guide Role Definition Main Request Parent Ticket During an Update Role approval process you can see Stage 1 The Role Approver ticket is listed Stage 2 All the Request Parent tickets for each requested link are listed Note that the new role s manager is the listed owner of these tickets Notice the ticket Type for information on what ticket you are currently viewing Add Comment Add Attachment View Transaction Log lt lt Close Children View Role Type Status Title Comme Allen Sherman K Belect DOMAIN Iian Sharoni Approver Approved Role Approver Update Role Organization Marketing_Dept Allen Sherman In j S a elect DOMAIN Iian Sharoni Link User Role Progress Request to add user to role association role Organization Marketing_Dept user 84847310 Allen Sherman Remove User In Request to remove user to role association DOMAIN Ilan Sharoni Role Progress role Organization Marketing_Dept user 77371120 Allen Sherman Rem
318. o be the ticket owner Escalate The act of appointing a more senior manager to be the ticket manager Note The term reassign is used in relation to links to mark the transfer of the responsibility for reviewing a link s from one Approver to another Approver More information Delegating a Campaign see page 112 Reassigning a Link see page 142 Chapter 6 Tickets and the Ticket Queue 71 Ticket Life Cycle Ticket Types A ticket s Ticket Type appears under the Type column in the user s Ticket Queue and also as the ticket title in the Ticket Properties Form Ticket Properties Form Windows Internet Explorer ej http j localhost 8080 eurekify tms ui wicket bookmarkablePage com eurekify tms web template Default TicketPage amp ticketId 1970 f Approval Root Ticket Id 1970 Owner Cooper Amos Previous Owner Status In Progress Due Date 26 01 2009 22 12 39 Priority Low x Severity Minimal v State Open Modified Date 26 01 2009 17 43 46 Date Created 26 01 2009 17 12 39 Title Link of Team to Role s Approval Root Request Description Business Area SelfService role update Business Process Remove and or Add roles to the selected group Description remove The ticket type presents the ticket s purpose Each ticket type has its own unique life cycle Each ticket s state and status attributes denote where it is currently situated within the ticket s life cycle Tickets can be
319. o delete role Organization Database Administrators Characteristic Role 100 0 Min 40 from user Rodney Sergio 75676560 Request was submitted on Universe Demo1 from Link of Team to Role s Model_ConfigWithRoles 75676560 Organization Database Administrators Owner Note Rami Sas Eurekify Rami Escalated to Herman Barbara ir Internet Chapter 6 Tickets and the Ticket QUeue 97 Info tickets 98 Portal User Guide A comment is generated stating that the ticket has been Escalated to current owner This comment appears in both the old ticket and in the new ticket When viewed in the original ticket owner s Archive screen Ticket Queue Archived tickets the old ticket and the new ticket create a hierarchal tree in which the original ticket the Status is set to Escalated is the root ticket and the new ticket is the next node Enterprise Role and Compliance Manager Home Ticket Queue Dashboards Self Service Entity Browser Reports Administration Ticket Queue gt Archived Tickets ID Title State Status Children Type Received Owner User Approval Request to delete role Delete 7 ami gt 179 E Gr organization Database Administrators Characteristic Archived Escalated Unk User ee far ee Ram Role 100 Role sas miad Logout Eurekify Rami L equest te lete role Pendin E organiza tabase Administrators Characteristic New fenon Role 100 19 01 2009 c Rami Sas 23 11 22 Herman Barbara Eurekif
320. oaes BS RRR A dca hese RN Walle Rdows dad eee E need TE AE N 198 Manage My Team s Role AssignmentsS 0 nunana nanne cee cece ence nett teen e ene eeee 203 Presenting the General Section MMT Role Screen 0 ccc cc eect ene tenn eens 205 Presenting the Users Table MMT Role Screen 0 0 ccc cece cnet eee e eee eeee 206 Presenting the Currently Enrolled Roles Table Manage My Roles Screen 208 Presenting the Other Roles Table MMT Role Screen 00 cece ec cee cee nee ee eeee 210 Manage My Role Assignment 0 ccc ce een nent nee teen teen rnnr nnen 214 Presenting the General Section Manage My Roles Screen 0 c ccc ec eee e eee eee 216 Presenting the Currently Enrolled Roles Table Manage My Role Screen 217 Presenting the Other Roles Table Manage My Role Screen 200 e cece cece eee ees 218 Manage My Team s RESOUICES 2 nee nnn nee tenn ee teen teen eee eeeeee 222 Presenting the General Section MMT Resources Screen 0 cece cee cence ee eeee 223 Presenting the Users Table MMT Resources Screen 0c ccc cence eee t eee eees 224 Presenting the Currently Enrolled Resources Table Manage My Roles Screen 226 Presenting the Other Resources Table MMT Resources SCreen 0 00 cece eee eee ee eee 229 Manage My ReSourceS 2 2 055 eee ee ne ee AR R RR ee be ecb ba eae e beeen dedebeeeede 233 Presenting the General Section Manag
321. og The transaction log provides a history of the ticket related actions executed since the creation of the ticket View Parent Opens the current ticket s parent s ticket View Initiators View of list of the users who launched this ticket View Children Opens a table which provides you with information concerning the leaf that is located below the current ticket For the Request Parent ticket this means that you can view information concerning the link s Approver ticket View Role Opens the Role s card View Entity The Add New Role Approver tickets review links between the new role and other entities This button will provide you with the entity card associated with the entity to be linked to the new role More information Add Comment see page 88 Add Attachment see page 90 View Transaction Log see page 91 View Initiators see page 163 View Parent see page 163 View Entity see page 165 View Children see page 164 Add New Role Ticket Tree Self Service Request New Role Approver Ticket During the third stage of an Add New Role Approval Process after the role manager has approved the suggested links to the new role a new set of Approver tickets is generated These tickets are standard Link Entity Role Approver tickets one for each link requested during the Request New Role Definition task Ticket Properties Form Windows Internet Explorer le http flocalhost 8080 eurekify tms ui wicket book
322. ogress Indicates that the ticket is being processed None Indicates that there is an error related to this ticket so it cannot be processed Pending Action Indicates that the ticket is waiting for a user to take action Reassigned Indicates that a link approval has been sent to another entity manager Rejected Indicates that a link has been rejected Chapter 6 Tickets and the Ticket QUeue 75 Ticket Tables Ticket Tables The Ticket Queue enables you to display and interact with tickets that are displayed in table format You can view your own tickets and tickets that were generated by you even though they have a different owner The columns are customizable The Ticket Queue menu provides a set of display filters The available filters are Open New Done Presents tickets whose state is Open New or Done New Tickets Presents new tickets Overdue Tickets Presents the tickets whose end date has already passed Approver Tickets Presents the current user s Approver tickets This is most relevant to Administrators who can view their own tickets and the Approver tickets associated with campaigns they own Campaign Tickets Presents Campaign tickets Archived Tickets Presents tickets that were sent to be archived Enterprise Role and Compliance Manager eurefify Home Ticket Queue Dashboards Self Service Entity Browser Reports Administration Logout DOMAIN Cooper Amos Ticket Queue gt Approver Tickets g
323. ole 2222 IS select Accountable to Role Corporate Security Archived Completed Task 2223 Role Approver New Role Corporate Security Archived Approved Add Role Link User 01 02 2009 Request to add user to role association 4 Role 00 38 36 role Corporate Security user 89213720 New In Progress Request to add user to role association 2225 B role Corporate Security user 54672910 Link User 01 02 2009 HE ape Role 00 38 36 Link User 01 02 2009 Role 00 38 36 a Request to add user to role association 2226 role Corporate Security user 91236370 New In Progress Link User 01 02 2009 Request to add user to role association 2227 2 Role 00 38 36 role Corporate Security user 89123140 New In Progress Request to add user to role association E 2228 B role Corporate Security user 84847310 Link User 01 02 2009 he Popes Role 00 38 36 Link Role 01 02 2009 Request to add role to role association parent S a Role 00 38 36 role Corporate Security child role Organization I New In Progress Request to add role to resource association Link Role 01 02 2009 2230 a resource public role Corporate Security Resource 00 38 36 Copyright C 2008 Eurekify All Rights Reserved Build 08 11 26 01 New In Progress L gt mD Title State Status Type Received Owner Approval 01 02 2009 Root 14 05 45 Eurekify Admin Update 01 02 2009 Eurekify Admin Role 14 05 45 AD1
324. om 98383770 company com 86544420 company com Choose Field Showing 1 to 30 of 140 Userliame Rodney Sergio Moris Bill 4 412345 Database Administrators System Management Corporate Developer Rolen Dave Finance Accountant Fred John Deer Alex Goid Wiliam Corporate System Management Corporate Developer Branch Officer Clerk Psychologist Branch Officer Clerk HR Officer Branch Officer Clerk Fifth Ave Branch Branches 91238730 company com Human Resources Corporate 84847310 company com Sharon Johnson Fifth Ave Branch Branches Moos Steve Rojer Dave Steiven Pat 89123470 company com 87623450 company com 88490390 company com 45489940 company com Human Resources Corporate Stamford Branch Branches System Management Corporate Security Admin Manager a internet R10 The Find Delegate Users screen is divided into two sections The filter Located in the window s header The filter lets you narrow down the list of proposed approvers The proposed users This table presents a pre filtered list of users who can receive the delegated approval task s This list can be filtered to aid in finding a specific user The names listed in the proposed users list are governed by several default property filters of the type tms delegate filter To delegate a ticket 1 Click Delegate in the ticket s Ticket Properties Form The Find Delegate Users screen opens 2 Selec
325. om eurekify utils TXLogClientImpl Refers to completed Approval Processes EurekifyScheduler Refers to transactions involving the Job Scheduler SageDal Refers to transactions concerning the configuration files TMS Acronym Ticket Management System Transaction Log sbata2 M SAVE pressed Showing 1 to 10 of 111 ie e 7 a 4412345678910 ID Date Source Owner Ticket SDatal SData2 SData3 SData4 SData5 SData6 SData7 SData8 Parameters 2 17 11 2008 15 08 13 TMS GUN SAVE pressed 4 25 11 2008 21 30 20 TMS sUn SAVE pressed 6 25 11 2008 21 30 31 TMS sun SAVE pressed 8 25 11 2008 21 48 37 TMS GUI SAVE pressed 10 25 11 2008 21 48 57 TMS GUI SAVE pressed 12 25 11 2008 21 49 05 TMS GUI SAVE pressed 14 25 11 2008 21 49 14 TMS sun SAVE pressed 16 25 11 2008 21 49 38 TMS isun SAVE pressed 18 26 11 2008 09 36 25 TMS GUI SAVE pressed 20 26 11 2008 09 36 32 TMS GUI SAVE pressed Records per page 10 Y To view transactions in the Transaction Log table 1 On the Administration menu click TxLog Page The Transaction Log screen opens 2 Optional Filter the data you want to view in the Transaction Log table Select a field from the Column drop down box and enter the field content 3 Click OK The requested transaction logs appear in the Transaction Log table 4 Optional Click Delete All to delete all the transactions currently saved by the system More information Setting the Number of Records
326. omment see page 88 View Transaction Log see page 91 Add Attachment see page 90 View Initiators see page 163 View Parent see page 163 View Entity see page 165 View Consult Results see page 187 Chapter 11 Role Definition Tickets 295 Update Role Ticket Tree Update Role Ticket Tree The Update Role Ticket tree is generated following one of two tasks m In the case of where a request is made to update a role s definitions when the Self Service manager made a request to add links to the specific role When only requests to remove links have been made the Update Role ticket tree that is generated follows the standard format for other Self Service ticket trees m In the special case of Manage My Team s Role Assignments when the number of users selected to enroll in a role is greater than the system threshold a different set of tickets is generated The system threshold is set in the Eurekify properties file and is governed by the property filter Approvals configuration updateRole minimumLinks 4 The ticket tree in this case is constructed as follows Stage 1 Ticket Description Approval Root ticket This ticket is identical to other Approval Process Approval Root tickets see page 167 Self Service Main Request Parent An Update Role parent ticket Ticket Approver Ticket The Role Approver ticket This is an Update Role approver ticket It is sent to the Role manager It contains a
327. ompliance Manager Sage DNA Data Management User Manual Optional Name and location of the Enrichment Settings file see CA Eurekify Role amp Compliance Manager Sage DNA Data Management User Manual m Name of the converter s Java Class Name of the Workflow process More information Setting Connectors see page 334 Step 3 Importing Entity Data Step 3 Importing Entity Data Import refers to downloading the system s current user resource and role when available configuration data You can use the import connector that you created in Step 2 to download the entity data from the enterprise endpoints You can also use the Import option on the Eurekify Sage DNA Data Management menu bar to import the entity data see Chapter 2 in the CA Eurekify Role amp Compliance Manager Sage DNA Data Management Guide The output of the import process is a Sage configuration document cfg file which sets the stage for the role discovery process More information Running a Connector see page 345 Step 4 Generating Master Model Configurations When you created the Universe you provided the names of two configurations files one was the master configuration file and the other was the model configuration file The master configuration file contains the data imported from the system s endpoints The model configuration file is initially a copy of this data which will be processed and updated as the role model
328. on and above the Campaign Management section It presents the list of attached files and or links and any available comments concerning the campaign Attachments X Google Comments Received X 16 12 2008 22 58 41 Owner Note Eurekify Admin The Approvers have not begun The Advanced section of the Campaign Ticket Properties Form shows the attached file URL and a comments table Next to the attachment you can see an X Click X to delete the attachment The Comments table provides the following information Received Provides the date when the comment was generated Owner The name of the user who generated the comment Note The content of the comment Next to each comment you can see an X Click X to delete the comment General Campaign Ticket Functions Campaign Ticket Id Due Date The Campaign section of the Ticket Properties Form contains all the campaign ticket and campaign data 465 Owner Eurekify Admin AD1 Previous Owner 01 01 2009 00 00 00 Priority Normal v Severity Modified Date 16 12 2008 22 59 01 Date Created 16 12 2008 18 37 42 In Progress Medium v Open User Certify Dec 2008 User Certification User Certification Campaign for the end of 2008 Universe Audit Card Portal Configuration Model2_ConfigWithRoles Link Filter Campaign Type USER Direct Dual Entity Filter No Filter Auto Generate Permissions true Attachments X Google omments
329. on Finance Organization Human Resources Organization IT Security Organization Marketing_Dept Customize Filter Model2_ConfigWithRoles e mail outlook WinNT OTO Fifth Av Br Team Iterated Characteristic Role 44 4 Min 40 Basic role for all users that have access to IT Characteristic Role 100 0 Min 40 Characteristic Role 100 0 Min 40 Characteristic Role 100 0 Min 40 Characteristic Role 100 0 Min 40 Characteristic Role 85 7 Min 40 Characteristic Role 100 0 Min 40 Characteristic Role 100 0 Min 40 Type Org Role Applicative Role Org Role Org Role Org Role Org Role Org Role Org Role Org Role Org Role 4141123 Organization Fifth Ave Branch Company Enterprise Application Development Database Administrators Fifth Ave Branch Finance Human Resources IT Security Marketing Dept Records per page Chapter 2 Using The Eurekify Portal Interface 33 User Interface Resource cards also include separate lists under discrete tabs of the following linked information in table format Roles Provides a list of roles that are linked to this resource Users Provides a list of all the users linked to this resource RACI Provides the name of the user who is held accountable for this role This is the user who will be listed as the Approver when this role is being audited or when a change has been requested for this role Domain Users NTSILV WinNT Active
330. on gt true lt checkPermission gt lt tag gt 408 Portal User Guide Sample Portal Structure XML lt tag id ConfigurationUsersFull gt lt type gt report lt type gt lt label gt Configuration Users Full lt label gt lt data gt com eurekify web reports parameters configurationattributes users C onfigurationUsersFullParametersPage lt data gt lt checkPermission gt true lt checkPermission gt lt tag gt lt tag id ConfigurationRolesFull gt lt type gt report lt type gt lt label gt Configuration Roles Full lt label gt lt data gt com eurekify web reports parameters configurationattributes roles C onfigurationRolesFullParametersPage lt data gt lt checkPermission gt true lt checkPermission gt lt tag gt lt tag id ConfigurationResourcesFull gt lt type gt report lt type gt lt label gt Configuration Resources Full lt label gt lt data gt com eurekify web reports parameters configurationattributes resources C onfigurationResourcesFullParametersPa ge lt data gt lt checkPermission gt true lt checkPermission gt lt tag gt lt tag gt lt tag id PrivilegesQualityManagement gt lt type gt internal lt type gt lt label gt Privileges Quality Management lt label gt lt checkPermission gt true lt checkPermission gt lt tag id OverlappingRolesByUsers gt lt type gt report lt type gt lt label gt Overlapping Roles By Users lt label gt lt data gt com eurekify web reports parameters overlap
331. on of the export connector its use timing etc Universe Provide the name of the universe to be associated with this connector The uploaded data will be based on the universe s master model configuration files Settings XML file Create this file in the DM module It is usually located in the directory lt Eurekify Sage Home Directory gt lt Converter Directory gt For further information see the CA Eurekify Role amp Compliance Manager Sage DNA Data Management User Guide Setting Connectors Mapping XML file Create this file in the DM module It is usually located in the directory lt Eurekify Sage Home Directory gt lt Converter Directory gt For further information see the CA Eurekify Role amp Compliance Manager Sage DNA Data Management User Guide Remote system login password The password is not saved within the system settings Provide it at this point Max duration time seconds Provide an estimate of how long the export process takes This is useful when you know how long it should take and therefore a longer export time indicates that there is a problem The export process will end when the specified time is over Connector Java Class Select the Java Class that matches the converter you will be using to import the data from the system s endpoints Sbt classes enable the connection between the Eurekify Portal which was written in Java and the Eurekify Sage DNA which is not Workflow process name Sele
332. oni Approver Progess 0 13 0 1 Y X T progress Violations PersonID UserName Organization OrganizationType Comment H food Z1 Sterling Kent 86023090 Sterling Kent Human Resources Corporate E Hooo Z8 Bean Frank 99883110 Bean Frank Purchasing Corporate E Attachments omments Add Comment Add Attachment View Initiators View Transaction Log More information Campaign Approver Tickets see page 131 Reassigning a Link see page 142 54 Portal User Guide Running a Campaign A Case Study Starting the User Campaign To start the campaign Nancy opens her campaign owner ticket by clicking the ticket s title in the Ticket Queue The ticket s Ticket Properties Form screen opens Ticket Properties Form Windows Internet Explorer 7 http fflocalhost 8080 eurekify tms uij wicket bookmarkablePage com eurekify tms web template DefaultTicketPagetticketId 2281 Campaign Ticket Id Owner Katz Nancy DOMAIN Previous Owner en Status pending Action Due Date 21 02 2009 00 00 00 Priority Normal C Severity Medium v State Open v Modified Date 14 02 2009 21 39 59 Date Created 14 02 2009 21 12 3 Title First User Audit 2009 User Certification Description Running the first Silicon Valley user certification campaign e Universe Portal Campaign Type USER Auto Generate Permissions true Configuration Model2_ConfigWithRoles Link Filter Direct Indirect Dual Audit Card Mo
333. ons are for internal use only campaigns Two additional operators which involve the RACI model A approved entities gt links to approved entities Usage examples All roles whose approver is AD1 Admin A type role sageUser AD1 Admin All roles linked to users whose manager is AD1 Admin gt type role A type user SsageUser AD1 Admin Portal Structure XML The Portal structure the menus and sub menus is governed by an XML file portal structure xml A copy of the full xml document can be seen in Appendix C Portal Structure XML These instructions determine the Eurekify Portal s menu structure More information Portal Structure XML see page 405 Chapter 14 About Security amp Permissions 377 Chapter 15 Troubleshooting This chapter provides a list of the Eurekify Portal Error Messages This section contains the following topics Eurekify Sage Error Messages see page 379 Eurekify Sage Error Messages Eurekify Sage contains a system of messages that is intended to provide an alert when an activity cannot be completed as defined or if further information is needed to complete the activity The following table displays typical messages and the type of action to perform Field Code Description settings raci create missingmanagers errcode admoo1 It is recommended that all universe manager fields be filled before creating raci so that accountable links can be automatically
334. onsible C Accountable C Consultant Search Description Type Organization Characteristic Role 100 0 Min 40 Org Role Application Development To update an existing role 1 Click Request Changes to a Role Definition on the Self Service menu The Request Role Update screen opens Select a Universe from the drop down list 2 Click OK 3 The Select Role screen opens 4 Filter the data table to create a search pattern 5 Optional You can use the RACI based Advanced Search feature to include additional constraints on the search 6 Click Search A list of roles is displayed in the customizable Role table 7 Select the Add check box for the role you want to update 8 Click OK 252 Portal User Guide The Request Role Update screen opens Introducing the Requests Table More information Defining a New Role see page 240 Filtering a Data Table see page 24 Reguest New Role Definition Screen see page 241 Definitions for Role Name New Role Name see page 246 Introducing the Requests Table Each Self Service task requires you to submit a request to perform the changes generated via the task s screens When you have finished your selections in the selected Self Service screen and have clicked Submit the Requests screen appears This screen summarizes the requests you have made while performing the Self Service task Enterprise Role and Compliance Manager Home Ticket Queue Dashboards Self Ser
335. operty Key approvals configuration updateRole minimumLinks Property Value SB CCC Type Eurekify_home_properties file 360 Portal User Guide Properties Settings When editing an existing property the source of the property is listed in the Type drop down Save is disabled The reason is that for security reasons when you edit a property key the change is not saved directly to the properties file Instead the updated property key value is saved to the CA Eurekify Role amp Compliance Manager database The Eurekify Portal provides you with two databases to store your update key values DB_dynamic_properties The change is immediate You do not have to wait for the server to go offline to update the property values DB_static_properties The change will take place the next time that the server is restarted To edit a property key 1 Optional In the Eurekify Properties page enter a name of a property key or part of one in the filter text box located below the Properties table Click Apply Filter The Properties table presents only keys that match your filter criteria 2 Click Edit next to the property key that you want to change The Edit Property screen opens Enter a Property Value in the text box 4 Select a database Type from the drop down list 5 Click Save The updated property appears in the Properties screen table Chapter 13 Using Administration Functions 36 Eurekify Configuration Settings
336. ormation Presenting the Other Roles Table Manage My Role Screen see page 218 Presenting the Other Roles Table Manage My Role Screen This section allows you to enroll in additional roles of your choice The actual enrollment will take place following a review process In addition to managing the roles that you are currently linked to you can also request that the system provide you with a list of recommended roles for yourself This list of roles will be displayed in the section Other Roles Other Roles Showing 1 to 10 of 28 Add Role Name Organization Human Resources RACF Public access Organization Application Development Title Operator Sales Team Organization Database Administrators Organization System Management Organization Stamford Branch Title Branch Manager Organization Marketing_Dept Customize Find Roles Test Compliance 218 Portal User Guide Description Characteristic Role 85 7 Min 40 Characteristic Role 100 0 Min 60 Characteristic Role 100 0 Min 40 Characteristic Role 50 Role By 2 Users Characteristic Role 100 0 Min 40 Characteristic Role 100 0 Min 40 Characteristic Role 100 0 Min 40 Characteristic Role 50 Characteristic Role 100 0 Min 40 Suggest Roles Type Org Role Applicative Role Org Role Org Role Org Role Org Role Org Role Org Role Org Role Org Role 4
337. os User Certify Dec 2008 Hidden User Certification Schwarts Barry User Certify Dec 2008 Hidden User Certification Katz Nancy User Certify Dec 2008 Hidden 102 Portal User Guide Status Pending Action Pending Action Pending Action Pending Action Pending Action Pending Action Pending Action Pending Action Pending Type Received 16 12 2008 18 37 42 16 12 2008 18 37 43 Campaign Campaign Manager Approver Campaign Manager Approver Campaign Manager Approver Campaign Manager a Approver 7 Campaign Manager ooo Approver Campaign 16 12 2008 Manager 18 37 44 Approver Campaign Manager one Approver 7 7 Campaign 16 12 2008 16 12 2008 18 37 43 16 12 2008 18 37 44 Owner Eurekify Admin AD1 EAdmin Eurekify Admin AD1 EAdmin Herman Barbara DOMAIN Herman Barbara Purple Mary DOMAIN Purple Mary Goodman Bruce DOMAIN Goodman Bruce Cooper Amos DOMAIN Cooper Amos Schwarts Barry DOMAIN Schwarts Barry Katz Nancy DOMAIN Katz Nancy Levi Jay Enterprise Home Ticket Queue Info tickets As the campaign proceeds and links are approved or rejected reminders are sent and other tasks are performed changing the content of the tickets and or their State and Status campaign s ticket tree Role and Compliance Manager Dashboards Self Service Ticket Queue gt Campaign Tickets gt WD Title
338. ossibility to create an AuditCard in the CA Eurekify Role amp Compliance Manager Sage DNA module that reflects changes between two configurations the pre configuration and the post configuration along the lines of master and model and then submit the audit card for approval to the Eurekify Portal As a result an approval ticket tree will be generated similar to what happens when performing Self Service tasks However as opposed the Self service originated approval tickets and Campaign originated approval tickets DNA originated approval tickets are not automatically started and you have to click Start Process The former two types always appear in the ticket queue as In Process and hence Start Process is disabled Chapter 13 Using Administration Functions 325 Setting a Universe Setting a Universe 326 Portal User Guide A universe refers to a specific Master configuration and Model configuration pair that includes the entitlements of one or more end points The Master configuration contains the real world user and user privileges information The model configuration starts as an identical copy of the Master configuration but as the audit process proceeds the model configuration is updated based on the corporate policies and regulatory compliance demands The CA Eurekify Role amp Compliance Manager r4 1 2 Eurekify Portal permissions are derived from the universe definition Note Once you have defined a universe
339. ount resources alert description errcode resource count users alert description errcode resource count roles alert description errcode campaignchoicesvalidator errcode configurationname required errcode campaignname required errcode 380 Portal User Guide Code app009 app010 app011 app012 app013 app014 app015 app016 app017 app018 app019 app020 apr001 apr002 apr003 apr004 apr005 apr006 apr007 arp001 arp002 arp003 Description input is shorter than the minimum of minimum characters input is longer than the maximum of maximum characters input is not exactly exact characters long input is not between minimum and maximum input is less than the minimum of minimum input is larger than the maximum of maximum input does not match pattern pattern input is not a valid email address the credit card number is invalid input is not a valid url inputO from label0 and input1 from label1 must be equal label0 and lt labeli must be equal user has 0 roles user has 0 resources role has 0 users role has 0 children role has 0 resources resource has 0 users resource has 0 roles please select at least one option for byfield field please select a configuration please select a campaign Field byfield required errcode auditcard required
340. ove User In Request to remove user to role association DOMAIN Ilan Sharoni Role Progress role Organization Marketing_Dept user 88382990 Allen Sherman Link Role In Request to add role to resource association DOMAIN Ilan Sharoni Resource Progress resource UGMTSYS role Organization Marketing_Dept belect Allen Sherman Remove Role In Request to remove role to resource association resource UGADGEN2 Administration DOMAIN Iian Sharoni Resource Progress ROOT role Organization Marketing_Dept Belect elect elect Click Close Children to close the table Chapter 11 Role Definition Tickets 275 Add New Role Ticket Tree Add New Role Ticket Tree This process is started by the manager who made the Self Service request the Self Service Manager When an instruction to begin an Approval Process is given the Eurekify ERCM generates a hierarchal Approver Process ticket tree The Self Service Request a New Role Definition Add New Role task tickets are generated in stages 1 Select Accountable 2 3 The Add New role ticket tree is constructed as follows Stage 1 Description Ticket Approval Root ticket 276 Portal User Guide A Task ticket sent to the Self Service task manager Role Approver An Add Role ticket sent to the Role manager Link Approval Process sub trees One Link Entity Role parent and one Link Entity Role approver ticket for each request made during the original
341. over Process ticket tree While for most Self Service provisioning tasks the ticket tree is generated at once and the task managers and link approvers can work with their tickets directly Self Service Role Definition task tickets are generally generated in stages 258 Portal User Guide Introducing the Requests Table Add Role stages Stage 1 Select Accountable A Task ticket sent to the Self Service task manager Stage 2 Role Approver An Add Role ticket sent to the Role manager Stage 3 Link Approval Process sub trees One Link Entity Role parent and one Link Entity Role approver ticket for each request made during the original Self Service task The parent ticket is always assigned to the Role manager Update Role definition stages Stage 1 Role Approver An Update Role ticket sent to the Role manager This ticket is generated only when a request to Add entities is made Stage 2 Approval Process sub trees One parent and one approver ticket for each request made during the original Self Service task The request can be to either add a link or remove a link between the role and another entity The parent ticket is always assigned to the Role manager The ticket tree generally comprises four families of tickets Approval Root ticket This ticket belongs to the Self Service manager Each approval process has only one root ticket Main Request Parent ticket This ticket type depends on the type of request made during the role
342. over ticket presents the links in an entity link table When you first open the CMA s Ticket Properties Form you will find that the hierarchal entities tree is collapsed The visible entity is the target of the campaign For example in a user campaign you will see a table of users Ticket Properties Form Windows Internet Explorer _E tp localhost 080 eure bast bada aterse e eurekfy tms web template DefaulTcketPagesticketId 818 r Campaign Manager Approver Ticket Id 818 Owner Katz Nancy DOMAIN Previous Owner Status pending Action Due Date 15 01 2009 00 00 00 Priority Normal w Severity Medium v State Open Modified Date 11 01 2009 14 06 52 Date Created 21 12 2008 12 28 40 Title User Certification Katz Nancy Resource certification Description User Certification Katz Nancy Resource certification Save and Reassign Hide Selected Reassigned From Approver Progess 0 40 0 1w X Progress Violations PersonID UserName Organization OrganizationType Comment Taskoni Bob 97847110 Taskoni Bob Silicon Valley Branch Branches g Yoham Anne 93872110 Yoham Anne Silicon Valley Branch Branches Katz Nancy 97373330 Katz Nancy Silicon Valley Branch Branches Kistor Steve 93988710 Kistor Steve Silicon Valley Branch Branches LE internet Q10 136 Portal User Guide Auditing Links When you expand the tree for each entity listed in the table you w
343. owser Reports Administration Po Business Process s s O Cd Users Showing 1 to 10 of 69 Add Person ID 87368000 75675330 94738470 58723810 82653450 64646410 84848110 89653230 94362210 97373330 O Oo Oo E Oo o E E Oo Oo Oo Customize Toper Jim Davis Brett German Tom Eyal Yavetz Hill Gary Ron Marom Fidelity Bob Doll Charles poster Jillian Katz Nancy Organization Stamford Branch Database Administrators Fifth Ave Branch Purchasing Fifth Ave Branch Operations Operations Database Administrators Application Development Silicon Valley Branch Universe Demo vi 4 41234567 gt Organization Type Branches Corporate Branches Corporate Branches Corporate Corporate Corporate Corporate Branches Records per page 10 Currently Enrolled Roles e Records Found Other Roles No Records Found Customize Find Roles Test Compliance Copyright C 2008 Eurekify All Rights Reserved Build 08 11 26 01 The Users and Other Roles sections present customizable tables As the MMT Role screen allows many options and great flexibility the task s procedures will be broken up by section The fields in the General section The Users table options and functionality The Currently Enrolled Roles table options and functionality The Other Roles table options and functionality To manage my team s role assignments
344. paign Archive View Campaign Progre Send Reminder Chapter 7 Running Campaign owner Tickets 105 Info tickets Advanced provides additional functionality such as the ability to add comments or attachments view the transaction log or view the campaign children Ticket Properties Form Windows Internet Explorer DER N 7 http localhost 8080 eurekiFy tms uif wicket bookmarkablePage com eurekiFy tms web template Default TicketPage amp ticketId 465 Campaign Ticket Id Owner Eurekify Admin AD1 Previous Owner Stats pending Action v Due Date 01 01 2009 00 00 00 Priority Normal Severity Medium lt PELE open x Modified Date 16 12 2008 18 41 40 Date Created 16 12 2008 18 37 42 Title User Certify Dec 2008 User Certification Description User Certification Campaign for the end of 2008 Universe Portal Campaign Type USER Auto Generate Permissions true Configuration Model2_ConfigWithRoles Link Filter Direct Dual Audit Card Entity Filter No Filter Campaign Management Start Campaign Stop Carnpaign testart Carnpa C Send Reminder View Children gt gt S Internet This section contains the following topics Campaign Ticket Data see page 107 General Campaign Ticket Functions see page 111 Campaign Management Functions see page 117 Campaign Ticket Advanced Functions see page 126 Campaign Approver Tickets see page 128 106 Portal User Guide Campaign Ticket Dat
345. parent ticket having other tickets located below it in the specific Approval Process ticket tree then the complete sub tree will now be listed in the new ticket owner s Ticket Queue Status Children Type Received Owner Previous Owner Request to remove user to resource association Delete 21 01 2009 Cooper Amos Tailor Janet DOMAIN Cooper Amos gt resource office2003 2003 WinNT MS In Progress Link bets office2003 use User 18 37 01 Resource User Approval Request to delete resource Delete e ue a ga pending Link 21 01 2009 tay oto Simard MS office2003 from user New Action User 18 28 12 Tailor Janet Resource Delete Resource Approval Request to delete resource office2003 2003 WinNT MS office2003 from user New dieus vad ae Keren C Resource Flag Lee DOMAIN Fiag Lee If you choose to delegate an Approval Process root ticket the whole tree will now be visible in the new owner s Ticket Queue To delegate a ticket you have to select a user from the list of appropriate users legate Users Where Choose Field v contains Where Choose Field w contains and Where Choose Field v contains OK Cancel Showing 1 to 30 of 140 H 422345 gt gt UserName Organization OrganizationType Email 1 Title Rodney Sergio Database Administrators Corporate 75676560 company com DB Developer Moris Bill System Management Corporate 47868650 company com Developer O Rolen Dave Finance Cor
346. part of a larger process and therefore tickets in the same ticket type category may actually present different functionality The tickets are described in this manual as part of procedures and therefore we have given them names according to their purpose within the procedure The following table presents the list of tickets described in this guide Name Ticket Type s Description Campaign owner Campaign The campaign root ticket The ticket generated and ticket sent to the campaign owner when a campaign is created This ticket tree comprises the campaign ticket and all the campaign s Approver tickets For more information see Running Campaign owner Tickets see page 101 Approver ticket Campaign Manager A ticket sent to a user role or resource manager Approver depending on the campaign type It contains the list of entity links that the entity s manager Approver has to approve Each individual link can be approved rejected or reassigned by the ticket owner to another approver For more information see Campaign Approver Tickets see page 131 Info ticket Link Gives notice and supplies relevant information about Entity 1 Entity2 specific situations in the ticket life cycle for example the termination of an approval process For more Delete ink information see Info tickets see page 92 Entity1 Entity2 72 Portal User Guide Ticket Life Cycle Description A ticket generated after a campaign is stopped or
347. pingroles OverlappingRolesB yUsersParametersPage lt data gt lt checkPermission gt true lt checkPermission gt lt tag gt lt tag id OverlappingRolesByResources gt lt type gt report lt type gt lt label gt Overlapping Roles By Resources lt label gt lt data gt com eurekify web reports parameters overlappingroles OverlappingRolesB yResourcesParametersPage lt data gt lt checkPermission gt true lt checkPermission gt lt tag gt lt tag id SuspectedConnectionsUserRes gt lt type gt report lt type gt lt label gt Suspected Connections User Resource lt label gt lt data gt com eurekify web reports parameters suspectedconnections SuspectedConnectionsUserResParametersPage lt dat a gt lt checkPermission gt true lt checkPermission gt lt tag gt lt tag id SuspectedConnectionsUserRole gt lt type gt report lt type gt lt label gt Suspected Connections User Role lt label gt lt data gt com eurekify web reports parameters suspectedconnections SuspectedConnectionsUserRoleParametersPage lt da ta gt lt checkPermission gt true lt checkPermission gt Appendix C Portal Structure XML 409 Sample Portal Structure XML lt tag gt lt tag id PrivilegesStatisticsReportForUsers gt lt type gt report lt type gt lt label gt Privileges Statistics For Users Report lt label gt lt data gt com eurekify w eb reports parameters universeconfigurationreports PrivilegesStatistics ForUsersParametersPage lt data gt
348. porate 98383770 company com Accountant Fred John System Management Corporate 86544420 company com Developer The Find Delegate Users window is divided into two sections The filter Located in the window s header The filter lets you narrow down the list of proposed approvers The proposed users This table presents a pre filtered list of users who can receive the delegated approval task s This list can be filtered to aid in finding a specific user The names listed in the proposed approvers list are governed by several default property filters of the type tms delegate filter Chapter 9 Approval Process Tickets 159 General Approval Process Ticket Functions To delegate a ticket 1 Click Delegate in the ticket s Ticket Properties Form The Find Delegate Users screen opens 2 Select a name from the list You can use the filter option to reduce the number of records listed in the table 3 Click OK The Executing bar appears The original ticket is archived and its status is set to Delegated A new ticket is generated The ticket appears in the target user s Ticket Queue More information Add Comment see page 88 Filtering a Data Table see page 24 Eurekify Properties see page 397 More Details Less Details The More Details gt gt and lt lt Less Details buttons located below the general function buttons toggle between showing additional data and hiding the same data More Details gt gt
349. pproval process has been completed As each approval process is submitted to two approvers two such tickets are generated User The user whose provisioning has been altered by the approval process is notified Role Resource manage The manager of the role resource that has been updated is informed of the change s As the ticket that was the origin of the modification of the universe s configuration can be of various types the list of users can be longer or shorter depending on whether one user has more than one role a user is both the Approval Process owner and the user affected by the change or if the ticket was delegated escalated during the process Chapter 6 Tickets and the Ticket QUeue 93 Info tickets General Info Ticket Functionality Info tickets provide you with the following General functionality Close Closes the ticket Save Saves the changes made to the ticket Delegate When you want to share the info ticket s information you can transfer the ticket to another manager Escalate When you want to share the info ticket s information you can transfer the ticket to another manager Acknowledge Click after reading the information provided by the info ticket The info ticket is archived More information Delegate see page 157 Escalate see page 154 94 Portal User Guide Info tickets Delegating an Info Ticket This function lets you transfer the info ticket to another manager thus shari
350. procedures mentioned here are described in later chapters This section contains the following topics Introducing Entities and Links see page 42 Step 1 Creating a Universe see page 43 Step 2 Creating Import Connectors see page 44 Step 3 Importing Entity Data see page 45 Step 4 Generating Master Model Configurations see page 45 Step 5 Creating a Campaign see page 46 Step 6 Exporting Entity Data see page 46 Chapter 3 Getting Started 41 Introducing Entities and Links Introducing Entities and Links 42 Portal User Guide Throughout this guide we describe entities and links Entity refers to the users roles and resources that are the subject of the security review certification and attestation processes that are run using the Eurekify Portal A link is a connection between two or more entities The Eurekify Portal recognizes three categories of links Direct links An uninterrupted connection between two entities For example a user to resource link Indirect links A non direct connection between two or more entities For example A user is linked to a specific role and the role is linked to a specific resource The link between the user and the resource is an indirect link Dual links Refers to the case when both a direct link and an indirect link exist For example A user is linked directly to a specific resource and at the same time the user is linked to a role that is lin
351. provides access to the following families of reports Configuration reports Privileges quality management reports Role management reports Policy management reports Campaign Reports Chapter 2 Using The Eurekify Portal Interface 37 Menu Bar Administration Menu The Administration menu provides access to the following options Add a campaign Job scheduling Accessing the TxLog page m Load the cache m Clear the cache m Create RACI m Synchronize RACI TMS administration R Settings Determine the settings for the Universe Connectors and other basic properties R Connector Settings m Universe Settings m Properties Settings m Common Properties Settings Audit Properties Settings m Determine the Eurekify configuration settings R System Checkup More information Using Administration Functions see page 313 38 Portal User Guide User Interface for Non Administrators User Interface for Non Administrators The Eurekify Portal s flexibility becomes self evident when examining the access it allows users with limited or no administrative rights When such a user accesses the Eurekify Portal the user can run any process and view any data for which he she has been granted access permission Available menu bar options will change according to the user s privileges For example if you are a user without administrative privileges in charge of one or more resources then when opening the Eurekify Portal
352. ptions see page 321 Campaign Approver Tickets see page 131 Introducing the Privileges to Certify Options As you can see in the Add Campaign screen the Eurekify Portal identifies three types of links Direct links Indirect links m Dual links You can select to examine one or more types of links during your campaign Direct Links Refer to an immediate connection between entities This is the most often examined type of link and the most important Indirect Links Refer to a link that goes through an intermediary For example a role is linked directly to both a resource and a user There is no direct link between the user and the resource The link between the user and the resource is an indirect link Indirect Links can be reviewed but they cannot be audited A campaign can list them for general knowledge but an Approver cannot approve or reject such a link Dual links Are cases where there is both a direct link for example between a resource and a user but there is also an indirect link going through a role During a campaign only the Direct link is audited The Indirect link is listed for general knowledge Chapter 13 Using Administration Functions 321 Adding Campaigns Introducing Audit Cards CA Eurekify Role amp Compliance Manager provides a mechanism to identify and list suspicious users roles and resources in six categories Suspect entities m Suspect connections Similar roles a
353. r Jim 87368000 Steiven Pat 45489940 Angel Ben 67283470 Fred John 86544420 Toper Jim 87368000 German Tom 94738470 Steven Pat 45489940 Angel Ben 67283470 Fred John 86544420 Tortia Dan 98662230 Taskoni Bob 97847110 PUBLIC RACFTEST RACF22 UGSAVEGEN NTSAVE WinNT UGSAVELAN NTSAVE WinNT UGSAVELAN NTSAVE WinNT UGSAVELAN NTSAVE WinNT UGSAYELAN NTSAYE WinNT UGSAVESYS NTSAVE WinNT UGSTAMLAN NTSTAM WinNT UGSTAMLAN NTSTAM WinNT UGSTAMLAN NTSTAM WinNT UGSTAMSYS NTSTAM WinNT UGSILVSYS NTSILY WinNT Tue Jan 06 1 Out of Pattern User Mike Pamela 87347830 Tue Jan 06 1 Out of Pattern User Cherry Jay 89753140 Tue Jan 06 1 Out of Pattern User Davis Brett 75675330 Tue Jan 06 1 Out of Pattern User Rodney Sergio 75676560 Tue Jan 06 1 Out of Pattern User Doll Charles 89653230 Tue Jan 06 1 Out of Pattern User Helmuth Howard 83838380 UGADGEN2 Administration ROOT N UGADMGR Administration ROOT N UGAPPLDEY Administration ROOT N UGAPPLDEY Administration ROOT N UGAPPLDEY Administration ROOT N UGFINGL RACFPROD RACF22 Tue Jan 06 1 Tue Jan 06 1 Tue Jan 06 1 322 Portal User Guide Out of Pattern User Out of Pattern User Out of Pattern User Allen Sherman 99883135 Joe Dassin 99883136 Katz Nancy 973733301 UGMPBR RACFPROD RACF22 UGMPBR RACFPROD RACF22 UGMPBR RACFPROD RACF22 Add
354. r to role association role Corporate Security user 89213720 Request was submitted on Universe Portal from Add Role The More Details gt gt lt lt Less Details option provides additional information Use this ticket s functionality when you wish to transfer the specific sub tree to the management of another user or to cancel this specific review You can use the options in the ticket s Advanced section to access additional information concerning the current ticket and the Approver ticket associated with it in the sub tree More information The Ticket Properties Form see page 84 New Role Parent Ticket General Functions The Self Service Request Update Role Parent ticket provides the following General functionality Close Closes the ticket Save Saves the changes made to the ticket Delegate Transfers the ticket tree to another manager Escalate Transfers the ticket tree to another manager Cancel Process Allows you to manually stop the Approval Process at any stage Chapter 11 Role Definition Tickets 291 Add New Role Ticket Tree More information Escalate see page 154 Delegate see page 157 Cancel Process see page 170 New Role Parent Ticket Advanced Functions 292 Portal User Guide The Request New Role Parent ticket provides the following Advanced functionality Add Comment Manually add a comment to the ticket Add Attachment Add an attachment or URL to the ticket View Transaction L
355. ram Files Eurekify Eurekify Sage Client Tools V3 2 Software Converters ITIM46 ITIMConvert sage v32 connecters IBMImportJarName importFromIT IMClent jar sage v32 connecters IBMExportJarName exportTolTIMClient jar sage v32 connecters IBMJavaE xecutable c javal 4 java exe sage v32 connecters CAConnectorHomeDir C Program Files Eurekify Eurekify Sage Client Tools V3 2 Software Converters CA CAConvert sage v32 connecters CAlmportJarName importFromCA jar sage v32 connecters CAExportJarName exportToCA jar debug log gui std sage batch debugMode log sage sageBaseUrFhttp localhost 8080 eurekify tms sessionTimeoutAlert 1200000 tms test user tms debug false tms defaultD ueDateDelay 10 tms configuration realpath tms findUsersPage rowsPerPage 30 tms findUsersPage containsPrefix tms ticketQueue rowsPerPage 20 tms ticketQueue maxChildren 20 tms ticketQueue maxTitleLength 1 00 tms distinctMaxValues 100 tms attachment uploadSize 5000 tms attachment uploadFolder c Temp Sample Properties File tms userColumns UserName Organization Organizatio nType Email Location Title tms page customizeFields fieids overDue id title state status childrenCount typeName creationDate owner previo useOwner tms configuration xml tickettypes info Ticket errTicket consultTicket demo Ticket ougTicket tmsT estTicket campaig NcertificationTicket campaigr campaignTicket campaign campaignApproverTicket tms configuration xml
356. ranches Corporate Rranches Email Location 75676560 company com 47868650 company com 98383770 company com 86544420 company com 91238730 company com 84847310 company com 89123470 comnanv com 44 412345 gt Title DB Developer Developer Accountant Developer Branch Officer Clerk Psychologist Branch v 142 Portal User Guide F Internet Q100 Auditing Links The screen is divided into of two sections m Users Filter List of possible approvers The list of users provided in this screen is governed by the following property tms campaign entity Certification reassign filter G Filter specific filter Once you select the user to whom you intend to reassign the link the gt appears next to the selected row in the entity table Taskoni Bob 97847110 Taskoni Bob ee 7 Yoham Anne E Roles 3 E Resources 6 4 X Namel Name3 Violations UGSILVMGR NTSILV WinNT Silicon V br Manager o o uarkgen1 UNXMARKT Solaris26 Marketing Sun Server o office2003 2003 WinNT MS office2003 o e mail outlook WinNT MS email oO UGMPBR RACFPROD RACF22 Production RACF gt UGTELSILV TSSCREDIT TSS50 Top Secret on MVSCREDIT NTSILV WinNT Manager Marketing UNXMARKT Solaris26 Sorver 2003 WinNT MS ore outlook WinNT MS email RACFPROD RACF22 TSSCREDIT TSS50 You can view the reassignment details in a ToolTip that appears when you move the pointer over the g
357. rectory gt lt Converter directory gt Use the Eurekify DM module to update Direct Link An uninterrupted connection between two entities For example a user to resource link Dual Link Refers to the case when both a direct link and an indirect link exist For example A user is linked directly to a specific resource and at the same time the user is linked to a role that is linked to the same resource Entity Refers to one of the following Glossary 419 m User Role m Resource Indirect Link A circuitous connection between two entities For example A user is linked to a specific role and the role is linked to a specific resource The link between the user and the resource is an indirect link Here are some further examples User Role Resource Indirect link user to resource User Role Role Indirect link user to role hierarchy User Role Role Resource Indirect link user to resource Indirect links are not defined for the case of user to resource to role where the user is linked directly to a resource and a role is linked directly to the same resource The user in this case does not have any kind of link to the role in question Link or Entity Link Refers to a connection between two entities The possible links are m user role m user resource m role resource role role hierarchy Links can be categorized as direct links dual links or indirect links Mapping xml A mapping details XML file located
358. rekify Role amp Compliance Manager Sage DNA User Manual The Eurekify Portal provides access to identity and access management IAM data that streamlines compliance and regulatory reporting It also improves operational efficiency and provides corporate policy makers with increased clarity as to the enterprise risks The Eurekify Portal provides on the fly access to campaign management ticket management business processes and entity information These features helps customers clean up existing identity data and build a role model with the best available information This model serves as the foundation to automate the user provisioning process and enhances identity life cycle management This section contains the following topics About This Guide see page 14 Audience see page 15 Typical Processes see page 15 Opening the Eurekify Portal see page 17 Chapter 1 Introduction 13 About This Guide About This Guide 14 Portal User Guide This guide describes CA Eurekify Role amp Compliance Manager Portal operation and options Chapter 1 An overview of the Eurekify Portal a summary of typical processes and instructions how to open the Eurekify Portal Chapter 2 The Eurekify Portal s graphical interface Chapter 3 A step by step guide to getting started Chapter 4 A working example of how to use the portal Chapter 5 The Home page Chapter 6 The Ticket Queue menu and an introduction to Eurekify Portal ticke
359. rekify cfg permissions in order to ensure that campaign designated approvers are permitted access to the subjects of their approval Automatically provision campaign permissions Recommended Select to ignore the system permissions and automatically provision campaign permissions For example this shortcut is useful as it allows managers to view tickets that otherwise they wouldn t be allowed to view because the security administrator had to run a campaign even though the corporation is in the middle of setting up permissions When this option is disabled an Approver may receive a ticket yet the ticket will be empty if the permissions were not defined so as to allow this Approver to view the relevant links General Don t wait for ticket processing receive email when finished Select to enable processing of the campaign in the background When a ticket is generated you will receive email notification For very large campaigns have the system process the campaign creation offline the campaign owner can continue with other tasks and send an email to the campaign owner once the campaign has been created Generating a campaign is a resource intensive process especially as the number of links is not limited to the number of system users For example in a company with 10 000 employees and assuming each user has an average of 10 links to resources and roles you will have a campaign that requires the processing of approximately 100 000
360. related choices apply equally to all the users If at any point you alter the selected users click 212 Portal User Guide Get Roles again Manage My Team s Role Assignments To link roles to selected users 1 In the Manage My Team s Roles screen scroll down to the Other Roles table Optional Click Find Roles to access the Select Role filter screen Optional Click Suggest Roles to see the Eurekify Portal s recommendations Select one or more roles to link to the chosen users Optional Click Test Compliance to review your selections and check for possible violations The Violations screen opens in a separate browser window Click X to close the Violations window Click Submit T The Requests screen opens Enterprise Role and Compliance Manager Home Ticket Queue Dashboards Self Service Entity Browser Reports Administration Logout AD1 EAdmin Person ID Name Privilege Violations Rodney Sergio 75676560 Rodney Sergio 75676560 Organization Database Administrators Characteristic Role 100 0 Min 40 Davis Brett 75675330 Davis Brett 75675330 Title DB Developer Characteristic Role 50 Davis Brett 75675330 Davis Brett 75675330 Organization Database Administrators Characteristic Role 100 0 Min 40 Doll Charles 89653230 Doll Charles 89653230 Organization Database Administrators Characteristic Role 100 0 Min 40 More information Approval Process Tickets see page 151
361. rer BAL 7 http flocalhost 8080 eurekify tms uif wicket bookmarkablePage com eurekify tms web template Default TicketPage amp ticketId 868 Campaign Manager Approver a Ses ee Due Date 15 01 2009 00 00 00 Priority Normal Severity Medium lt State open x Modified Date 23 12 2008 11 49 44 Date Created 21 12 2008 12 51 2 User Certification Goodman Bruce User Review User Certification Goodman Bruce User Review 0 26 0 Free Georgia 93833870 Free Georgia Marketing_Dept Corporate E Devin Roger 88382990 Devin Roger Marketing_Dept Corporate E Garr Jim 77371120 Garr Jim Marketing_Dept Corporate E View Initiators View Transaction Log 9 tenet 134 Portal User Guide CMA Ticket Properties Form As you review progresses after every time you save your selections you can see your progress on the Approver Progress bar Your progress is also listed as number of links approved total of links to approve so that if you have a total of six links to approve and you have already approved two links you will see 2 6 in digits and the percentage 33 listed next to it icket Properties Form Windows Internet Explorer DAR http localhost 8080 eurekify tms ui wicket interface 11 4 Campaign Manager Approver Ticket Id 836 Owner Eurekify Admin AD1 Previous Owner Status pending Action 15 01 2009 00 00 00 Priority
362. rface 23 User Interface Filtering a Data Table 24 Portal User Guide In this example 69 records are available As the number of Records per page has been set to 10 we can see only 10 records per page in this table and we can see in the upper right corner that there are indeed seven pages available for this list of Users Click the Records per page drop down to select the number of records per page Records per page 19 Entity information presented in table format can be filtered When relevant a Filter option appears at the bottom of the specific data table or the filter statements will be part of the header of the screen displaying the entity table Find Delegate Users Where Choose Field v contains Where Choose Field lt contains Where Choose Field Showing 1 to 30 of 71 UserName Bell Kim Mills Robert Deer Alex v contains OrganizationType Corporate Branches Organization Marketing_Dept Fifth Ave Branch Fifth Ave Branch Email 87635420 company com 84774660 company com Branches 91238730 company com You can filter the table contents using a variety of patterns Is Any Value Is Any Value Any Field Any Field Any Field Includes User Interface The filter allows only And statements The filter is limited to three statements m Two are exact statements Is contains Selected Fiela s contains Field Depe
363. ription JobClass Start Time Previous Execution Next Execution Delete IMEX Weekly Basic import connector ImportExportScheduledJob 2008 12 25 02 00 00 2009 01 01 02 00 00 Delete 348 Portal User Guide Job Scheduling Scheduling a New Job To schedule a new import export event job you have to provide the following information Job Name Provide a concise and meaningful name Connector Choose one from the drop down list The type of job depends on the type of connector import export The target Eurekify configuration files depend on the Connectors universe Start Date Provide the date on which the job will begin HH The hour of the day 1 24 when the job will commence MM The minute 1 60 when the job will commence Repeat Hours When the job will be repeated The time period is specified in hours Add Job Click this button to add the new job to the list of existing jobs To schedule a new job import export event 1 On the Administration menu click Job Scheduler The Job Scheduling screen opens Enter a Job Name in the text box Select a Connector from the drop down list Enter a Start Date You can select a date using the pop up calendar Set the exact hour and minute when the job should begin Enter the number of hours before the job is repeated Click Add Sl B oe ew ON The new job is added to the Jobs table Chapter 13 Using Administration Functions 349 Job Scheduling The Jobs Table 350 Portal Us
364. role role info title faile d errcode changeapproval child add role role info descriptio n rejected errcode changeapproval child add role role info descriptio n failed errcode 384 Portal User Guide Code tkt003 tkt005 tkt006 tkt007 tkt008 tkt009 tkt010 tktO11 tkt012 tkt013 tkt014 tkt015 tkt016 tkt017 tkt018 Description request to delete role 1 from user 0 is already in process request to add resource 1 to user 1 rejected request to add resource 0 to user 1 failed the request to add resource 1 to user 0 was rejected request was submitted on universe 2 from 3 the request to add resource 1 to user 0 failed request was submitted on universe 2 from 3 request to delete resource 1 from user 0 rejected request to delete resource 1 from user 0 failed the request to delete resource 1 from user 0 was rejected request was submitted on universe 2 from 3 the request to delete resource 1 from user 0 failed request was submitted on universe 2 from 3 request to delete resource 1 from user 0 is already in process the request to delete resource 1 from user 0 is already in process request was submitted on universe 2 from 3 request to add role 0 to role 1 rejected request to add role 0 to role 1 failed the request to add role 0 to role 1 was rejected request was s
365. rormsg contcreateemptyproperty er rcode loginpage userauthentication failed errcode loginpage connecttoauthenticationservice failed errcode loginpage userauthentication failed sageadmin errcode 382 Portal User Guide Code cst008 cst009 cst010 cst011 cst012 cst013 dbc001 dbc002 dbc003 dbc004 dbc005 eml001 mal001 mal002 prp001 prp002 prp003 prt006 prt007 prt008 Description missing password field missing maxduration field error parsing maxduration field please use integer values missing connector client class to use missing work flow process missing ticket type please enter all audicard names name 0 appears more then once please enter all audicards audicard 0 appears more then once audicard 0 has no bpr alerts no match was found new error ticket title 3 a error ticket id the property 0 already exists an un encrypted property 0 is already exists please remove it first can not create a property with a null empty key failed to authenticate user invalid user name password failed to connect to authentication service please contact system administrator incorrect password for admin user Field loginpage userauthentication failed sagebatch er rcode loginpage userauthorization failed errcode internalerrorpage label infol errcode internalerrorpage label info2 errcode sagemaster headers foundconflicts errcode sa
366. rs resources and to other roles in a hierarchal relationship as either a parent role or a child role The Definitions for Role Name New Role Name screen provides you with a fast and easy way to select which links your new role will have When you have completed your selections you can test those selections for violations If you are satisfied with the results click Submit located below the entity tables to generate a request for a new role definition The request can be checked by you and if you have no corrections to make click Submit below the request table and generate the approval process tickets necessary to confirm the role definitions that you have created Enterprise Role and Compliance Manager _ eurekify Home Ticket Queue Dashboards Self Service Entity Browser Reports Administration Logout DOMAIN Herman Barbara Find Resources Showing 1 to 10 of 83 4 4123456789 Add Res Name 1 Res Name 2 Res Name 3 m UGMTSYS RACFTEST RACF22 UGSYS TSSCREDIT TSS50 TESTDEV RACFTEST RACF22 UGMPOPR RACFPROD RACF22 UGADMGR Administration ROOT NOVELADM Novel UGMPMINI RACFPROD RACF22 UGADGEN1 Administration ROOT NOVELADM Novel4 UGSAPPUR SAPPROD SAPR3 secmar UNXMARKT Solaris26 UGADGEN2 Administration ROOT NOVELADM Novel4 Customize U fio l To see which users are using the selected resources click here the results are in the Users table Users Showing 1 to 10
367. rs in the Description field of the ensuing Self Service Approval Root ticket Business Process General information descriptive This information appears in the Description field of the ensuing Self Service Approval Root ticket Request Description Provide a concise and meaningful description of the new role and its purpose The role definitions area includes the following fields Role Name The name of the new role concise and descriptive Description Describe the new role Owner Provide the owner ID You can use the Find function to open the Find User filter Type Provide the role type use autocomplete Organization Provide the name of the main organization use autocomplete Organization 2 Provide the name of the secondary organization use autocomplete Organization 3 Provide the name of the tertiary organization use autocomplete Rule Optional Provide a rule for the new Role You can use the Add Rule function to construct a rule Defining a New Role To define a new role first screen 1 Click Request a New Role Definition on the Self Service menu The Request New Role Definition screen opens 2 Select a Universe from the drop down list The newly defined role is associated with the configuration belonging to this universe The users and resources to be linked with this role is taken from this universe s configuration Enter the Business Area for the current action Enter the Business Process associ
368. rs who are involved New Action 0 Role Role 00 38 50 re itl Cooper Amos Request to add role to resource association Link Role 01 02 2009 2230 a a resource public role Corporate Security New In Progress 1 Resource 00 38 36 aon 4 Cooper Amos Request to add role to resource association Link Role 01 02 2009 4 2231 a L lennad PUBLIC role Corporate Security New In Progress 1 Resource 00 38 36 at IN Cooper Resource Approval Request to add resource Link Keren Cindy 2236 PUBLIC RACFPROD RACF22 Production RACF to New Pending O Role 03 02 2009 DOMAIN Keren role Corporate Resource Cindy Cooper Amos 2232 a Request to add role to resource association iw In Progress 1 Link Role 01 02 2009 DOMAIN Cooper resource UGMTSYS role Corporate Security Resource 00 38 36 Amos k The Link Entity Role parent and approver tickets are standard tickets More information Introducing the Requests Table see page 253 Self Service Request New Role Parent Ticket see page 290 Self Service Request New Role Approver Ticket see page 293 Chapter 11 Role Definition Tickets 279 Add New Role Ticket Tree Select Accountable Ticket Add New Role One of the advantages of the CA Eurekify Role amp Compliance Manager is its ability to take advantage of RACI presentation techniques When a request for a new role is generated the first thing that the Eurekify Portal does is to generate a Task ticket that aids the Self Service
369. rtal you will come across Violations columns where relevant The number listed in such columns provides the number of violations associated with the specific row in the table Campaigns and approval processes are guided by a workflow a collection of instructions that guide the application logic The workflow is generated by Workpoint which is a Business Processes Management BPM workflow design engine Glossary 421 Index A Accountable s 48 133 153 259 276 278 282 284 286 287 366 Acknowledge s 69 95 155 171 172 193 267 347 349 Administration s 15 35 38 39 315 329 330 338 351 353 356 357 358 360 364 366 367 369 407 Approval Process s 61 64 69 71 72 87 94 119 120 123 124 153 155 156 159 163 165 166 167 169 171 172 173 175 177 179 188 189 191 194 259 265 267 268 269 273 275 276 278 284 286 289 290 292 293 295 298 301 303 305 306 353 Approval Process Ticket s 61 64 71 87 155 156 159 163 165 166 167 169 175 188 269 Approver e 31 33 36 39 48 57 59 64 69 71 72 77 87 94 120 123 125 129 130 133 136 138 144 149 150 151 152 153 155 163 165 167 169 172 178 179 188 189 191 259 265 269 275 276 278 282 284 288 289 290 291 292 294 295 296 297 298 304 305 306 307 315 323 366 374 407 Approver Ticket s 36 69 72 77 133 136 138 144 153 179 259 278 289 295 298
370. rtant aid to this is the ability to view the link s entity cards during the approval process View Entity opens the entity s card in a separate browser window Free Georgia 93833870 Configurtion Person ID Name Organization Model2_ConfigWithRoles 93833870 Free Georgia Marketing_Dept Organization Type Corporate Country Location Title Cost Center Suspended US New Jersey Marketing 25331 No 88311130 93833870 company com DOMAIN Free Georgia Resources Organization Marketing_Dept Characteristic Role 100 0 Min 40 Org Role Marketing Dept Customize Filter Description Type Organization Basic role for all users that have access to IT Org Role Enterprise La internet Qio Chapter 9 Approval Process Tickets 165 Advanced Approval Process Ticket Functions 166 Portal User Guide The Approval Process tickets that provide this option Rejected Link Parent and Approver tickets provide two action buttons one for each side of the link Therefore if the rejected link being reviewed is a user role link the advanced function buttons will be View User and View Role Ticket Properties Form Windows Internet Explorer T Comer 22 01 2009 04 02 52 Priority Low LE Minimal_ Date Created 21 01 2009 23 02 5 Request to remove user to resource association resource UGADGEN2 Administration ROOT NO Description Request to remove user to resource association
371. rties errors found no universes available missing campaign description missing end date due date must be in the future configuration must be selected raci not available for 0 campaign 0 already exists user 0 has no access to campaign 13 missing name field missing description field duplicate name name already in use missing universe field was unable to find the settings xml file 0 was unable to find the mappings xml file 0 was unable to find the enrichment file 0 Chapter 15 Troubleshooting 381 Eurekify Sage Error Messages Field settings strings ie errors missingpassword errcod e settings strings ie errors missingmaxduration err code settings strings ie errors errorparsingmaxduratio n errcode settings strings ie errors missingconnectorclientc lass errcode settings strings ie errors missingworkflowprocess errcode settings strings ie errors missingtickettype errco de dashboard compliance error noname errcode dashboard compliance error multiname errcode dashboard compliance error nocard errcode dashboard compliance error multicard errcode dashboard compliance error nobpralerts errcode entity emptylist errcode mail builder createticket sage errticket subject e rrcode mail builder createticket sage errticket body errc ode properties errormsg propertyalreadyexists errco de properties errormsg unencryptedpropertyalready exists errcode properties er
372. rtification Action Approver 12 28 38 Cooper Amos e Campaign 4 Herman Barbara 2 User Certification Herman Barbara Resource Hidden Pending Manager 21 12 2008 DOMAIN Herman To delegate a campaign you have to select a user from the list of appropriate users Find Delegate Users Where C hoose Field contains Where Cho ose Field E contains Where Cho ose Field contains Showing 1 to 30 of 140 H 412345 UserName OrganizationType Email i Title Rodney Sergio Database Administrators Corporate 75676560 company com DB Developer Moris Bill System Management Corporate 47868650 company com Developer O Rolen Dave Finance Corporate 98383770 company com Accountant Fred John System Management Corporate 86544420 company com Developer The Find Delegate Users window is divided into two sections The filter Located in the window s header The filter lets you narrow down the list of proposed approvers The proposed users This table presents a pre filtered list of users who can receive the delegated approval task s This list can be filtered to aid in finding a specific user The names listed in the proposed approvers list are governed by several default property filters of the type tms delegate filter Chapter 7 Running Campaign owner Tickets 113 General Campaign Ticket Functions To delegate an campaign 1 Click Delegate in the Campaign Ticket s Properties Form The Find Delegate Users screen op
373. rvice is not available for the Role Hierarchy tables Highlighted Column In each customizable table there is one pre defined column that is highlighted Click the name of the entity to access its data card Customize Provides the option to select the fields that will appear in the specified table Records per page Select the number of records per page Test Compliance Tests the selections you made for violations Defining a New Role If you select to apply the Suggest Entities service to both users and resources you see data on the enrollment of the users and resources For example Enterprise Role and Compliance Manager Home Ticket Queue Dashboards Self Service Entity Browser Reports Administration g S C B 444123456789 gt Res Name 2 Res Name 3 Enrolled ra UGSYS TSSCREDIT TSS50 UGFIN1 TSSCREDIT TS550 public UNXMARKT Solaris26 UGMPSYS RACFPROD RACF22 ugrksys UNXMARKT Solaris26 UGMTSYS RACFTEST RACF22 TESTDEV RACFTEST RACF22 UGMPOPR RACFPROD RACF22 UGADMGR Administration ROOT NOVELADM Novell4 UGMPMINI RACFPROD RACF22 oooosoo000 80g Customize To see which users are using the selected resources click here the results are in the Users table 4442234567 gt Person ID Name Organization Organization Type Enrolled 45489940 Steiven Pat System Management Corporate 1 2 86544420 Fred John System Management Corporate 1 2 67283470 Angel Ben System Management Corporate 1 2 98383770 Rolen Dave Finan
374. rvice validatevalue errcode tms018 fail to update field 0 with value 1 in ticket type 2 error command saveticket optimisticlockexceptio n errcode tms019 the ticket was updated by another user please reopen ticket validation fail for value 0 cannot be error validate valuelength errcode tms020 tms021 longer then 1 error validate date errcode error batchtask errcode tms022 fail to parse date 0 6 fail to run batch actionname error batchtask startjob errcode tms023 tms024 action 0 of job 2 failed retry count 1 cannot update the ticket id error update ticket errcode error campaignnamenotfound errcode tms025 tms026 campaign 0 not found page recordnotfound message errcode page internalerror infol errcode tms027 0 was not found in 1 an error has occurred for more information please view the log file page internalerror info2 errcode tms028 null your session has expired please login page expirederror infol errcode tms029 tms030 again null page expirederror info2 errcode Chapter 15 Troubleshooting 387 Eurekify Sage Error Messages Field error workpoint dbconnection errcode text dialogs runfailed errcode text dialogs runfailed errcode settings strings universe masterequalmodel errc ode settings strings universes errors missingname errcode settings strings universes errors missingdescripti
375. s Update Eurekify configuration with universe users 2 Click Update Eurekify configuration with universe users The Update Eurekify Master with Universe Users screen opens Update Eurekify Master With Universe Users Select Universe STO lt Eurekify Configuration Settings 3 Select a Universe from the drop down list 4 Click Select An appropriate notice appears when the process is completed For example Update Eurekify Master With Universe Users Select Universe Portal v New users No records were found Users to update No records were found Users To Fix these users are missing a login field data No records were found 5 If the system identified records that need to be updated or fixed check the system suggestions and act as necessary Note We recommend that you use the Eurekify Sage DNA module to fix the records Chapter 13 Using Administration Functions 363 RACI Operations RACI Operations Create RACI 364 Portal User Guide The RACI model is a tool that can be used for identifying roles and responsibilities during an organizational audit thereby making the audit process easier and smoother The model describes what should be done by whom during audits and when corporate changes take place RACI is an abbreviation for R Responsible who owns the problem project A Accountable to whom R is accountable who must sign off Approver on work before it is acc
376. s see page 193 Role Definition Tickets see page 257 Chapter 10 Running Self Service Tasks 255 Chapter 11 Role Definition Tickets This chapter is designed for managers who can run Self Service based Approval Processes and for entity managers who may receive Approver tickets as part of the Self Service approval process Self Service requests can be divided into two basic types Provisioning tasks Manage my team s role assignments Manage my role assignments a Manage my team s resource assignments a Manage my resource assignments Role definition tasks m Request a new role definition m Request changes to a role definition While the tickets generated by both types of tasks are similar they do not behave in the same manner and therefore they are described separately The ticket functions work the same irrespective of the ticket where you find them for example a Consult utility works the same even if the ticket type providing the service is different As CA Eurekify Role amp Compliance Manager is a role management product many of the features focus on roles The Role Definition tasks focus on the roles The CA Eurekify Role amp Compliance Manager assumes that user updates will come from a relevant source such as a Human Resources database Resource information is collected from the end points during import Chapter 11 Role Definition Tickets 257 Introducing the Requests Table When a Role Definition task is
377. s Form Windows Internet Explorer La http localhost 8080 eurekiFy tms ui wicket bookmarkablePage com eurekify tms web template DefaultTicketPagetticketId 2302 Campaign Manager Approver oe Ticket Id 2302 Owner Katz Nancy DOMAINY Previous Owner Status pending Action v Due Date 21 02 2009 00 00 00 Priority Normal Severity Medium State Open v i E 14 02 2009 22 20 48 Date Created 14 02 2009 21 12 38 User Certification Katz Nancy First User Audit 2009 User Certification Katz Nancy First User Audit 2009 Save and Reassign Hide Selected Approver Progess l 0 40 0 1 7 X T Progress Violations PersonID UserName Organization OrganizationType Comment 80 Yoham Anne 93872110 Yoham Anne Silicon Valley Branch Branches 81 Katz Nancy 97373330 Katz Nancy Silicon Valley Branch Branches 78 Kistor Steve 93988710 Kistor Steve Silicon Valley Branch Branches 82 Taskoni Bob 97847110 Taskoni Bob Silicon Valley Branch Branches Chapter 4 Showcasing the Eurekify Portal 59 Running a Campaign A Case Study To see further details about the links to be reviewed Nancy expands the links assigned to her Ticket Properties Form Windows Internet Explorer 7 http localhost 8080 eurekiFy tms ull wicket bookmarkablePage com eurekify tms web template Default TicketPagesticketId 2302 Campaign Manager Approver
378. s in her campaign owner ticket The Eurekify Portal requests confirmation of the request to start an Approval Process Confirmation 2 Are you sure you want to Start Approval Processes After clicking Yes the Eurekify Portal generates the Approval Process tickets Following an Approval Process a user may find that roles or resources that were once available are no longer accessible If the user needs those resources to perform his her tasks they can ask their team manager to reassign the relevant roles or resources More information Approval Process Tickets see page 151 Running Self Service Tasks see page 193 Chapter 4 Showcasing the Eurekify Portal 61 Chapter 5 Presenting the Home Page The Eurekify Portal s home page displays your currently active tickets and provides easy access to your most frequently used reports and business processes Enterprise Role and Compliance Manager 5 0 Home Ticket Queue Dashboards Self Service Entity Browser Reports Administration Logout AD1 EAdmin ID Title State Status Children Type Received Owner Previous Owner Eurekify 21 12 2008 12 51 21 Admin AD1 EAdmin Pending 835 Gi user Review User Certification Open Action 9 Campaign Audit Basic Alerts Manage My Team s Role Assignments Role Modeling Methodologies Comparison Manage My Team s Resources Assignments Policy Verification Report Certification Progress Report This section contains the
379. s is completed More information Job Scheduling see page 348 The Ticket Properties Form see page 84 Delegating an Info Ticket see page 95 Escalating an Info Ticket see page 97 346 Portal User Guide Setting Connectors Import Error Tickets When an import operation fails for some reason the Eurekify Portal generates an Error Ticket Ticket Properties Form Windows Internet Explorer DAR http localhost 8080 eurekify tms ui wicket bookmarkablePage com eurekify tms web template DefaultTicketPage amp ticketId 1488 he Owner SAGE ADMIN GROUP Previous Owner Status pending Action v v 07 01 2009 22 41 29 Priority Normal Severity Medium State New Modified Date 07 01 2009 22 08 46 Date Created 07 01 2009 22 08 46 Title Error in Basic import connector 2009 01 07T22 08 09 com eurekify batch remoteConnectors cients CARemoteSystemExternalProcessConnet Description Master Configuration Name Master_firstRun Model Configuration Name Model_firstRun Import Name Basic import connector cose MENR EE CEE RR LE internet The Error ticket provides the following functionality Close Closes the ticket Save Saves any changes made to the ticket Delegate Transfers the ticket to another manager Escalate Transfers the ticket to another manager Acknowledge The button is disabled until the process is completed Click to complete and archive the ticket Handle This button
380. s processes and therefore have to access the portal in the course of their daily activities Other users will have limited access to the Eurekify Portal s options Familiarity with the Microsoft operating system and applications and relevant peripheral and remote equipment is also assumed More information About Security amp Permissions see page 369 Typical Processes The Eurekify Portal provides access to both information and processes necessary for system wide role management compliance management certification campaigns and relevant security management oversight The following are the main Eurekify Portal processes Ticket Management Granting privileges approval processes and certification campaigns are tracked via tickets Tickets are issued when a campaign is generated and also during the approval processes associated with the campaign The user s Ticket Queue acts as a ticket inbox where the various tickets including campaign tickets notification tickets related to approval processes whether campaign related or following self service requests or other tickets generated by the system can be viewed and managed Chapter 1 Introduction 15 Typical Processes Running Campaigns Campaigns utilize Eurekify s basic auditing tools to run an enterprise certification and attestation process by designated approvers The purpose of the campaign is to certify that granted privileges comply with the business an
381. s section you will find information specific to the family of info tickets lt Ticket Title gt Delete Link Entity1 Entity2 For example Delete Link User Resource Title Request to remove Entity1 to Entity2 association Entity1 Entity1 name Entity2 Entity2 name For example Request to delete role Organization System Management Characteristic Role 100 0 Min 40 from user Angel Ben 67283470 Approved and Completed Successfully Description A description of the ticket It includes the details of the request Request was submitted on Universe Universe name from Campaign Title For example The request to delete role Organization System Management Characteristic Role 100 0 Min 40 from user Angel Ben 67283470 was approved and completed successfully Request was submitted on Universe Portal from Link of Team to Role s Use this ticket s functionality when you wish to transfer the specific info ticket to the management or attention of another user You can use the options in the ticket s Advanced section to access additional information concerning the current ticket More information The Ticket Properties Form see page 84 Approval Process Info Tickets General Approval Process Info Ticket Functions The Rejected Link Parent ticket provides the following General functionality Close Closes the info ticket Save Saves the changes made to the ticket Delegate Transfers the info ticket to
382. s sete ovate E TE E EE ERE RE TE EERDE eee eee a A 139 Rejecting a LINK ss shane toot ees sacs RAER A E TE A R ETA ewe tees eae EO E ENE G ESE E 141 Reassignhing a Link 2s ccicncsendaiee biked wate dads tid bye rdaee oad age baer aeieeraseeete seaside 142 Adding Comments to Links 0 2c ccc nent nett teen eee eeeeees 146 General CMA Ticket Functions 0 c ccc ccc tenet een ete e etn rnrn 147 Hide Selected 2 5 2 0 c oere tomes Case seers ieee sd Seiad tee PATE AOO TES do ecwes ee ASEE DEFEN 148 Advanced CMA Ticket Functions 2 0 cece e ene tees eeee reenn 149 View InitiatorS lt v e 0 R 0 T 9 9 RON N N NER TRR TRN NN seals N RH a NN eae eee nde RRR teats E 150 Chapter 9 Approval Process Tickets 151 General Approval Process Ticket Functions 0 ccc cen tenn rere rrer rrene 153 Escalate eapo ah gees fo in a ohn BGA TA 4b Re ae ee edd ALE N E OSE 154 Delegate ea he Rcd dee select Eaa RENER aha es wedge are Le Sa a NE 157 More iDetails L ss Details E PR 0e sess cae TA sence dy oe deeb oeeue sede dens eewea eevee sees 160 Advanced Approval Process Ticket Functions 0 cc cece cence tenn eee eens 161 View InitiatorS s 0 ccid cde tS atletied Cad se tis eo aes ae a aed ade eae eee Dae eae Pads 163 MIGW Parent arsos crs e emaa a a a a Gaate seit EE ate a auastinmn ee iddaretatatand wishtiane ace ath aed 163 View Childr nc i c c0s ccacnc eesti cone Le donee bac de ebda NEN E Vado esd EERE de 164 View EMtity
383. s the changes made to the ticket Delegate Transfers the ticket tree to another manager Escalate Transfers the ticket tree to another manager Consult Allows you to request a consult from one or more managers When you activate this service a View Consult Results button appears in the Advanced functions section of the Ticket Properties Form Approve Approve the Self Service request In this case this leads to the second stage of the Approval Process where the user review Approval Process sub trees are generated and the Approver tickets are sent to the user managers Reject Reject the Self Service request Note It is important to remember that when reviewing an Update Role Approver ticket you can either accept the request for ALL listed users enrolling all of them or you can reject the request for ALL users Update Role Ticket Tree More information Escalate see page 154 Delegate see page 157 Consult see page 179 Approve see page 184 Reject see page 185 Update Role Approver Tickets Advanced Functions The Approver ticket provides the following Advanced functionality Add Comment Manually add a comment to the ticket Add Attachment Add an attachment or URL to the ticket View Transaction Log The transaction log provides a history of the ticket related actions executed since the creation of the ticket View Parent Opens the current ticket s parent s ticket View Initiators View of list of the us
384. s the ticket Save Saves the changes made to the ticket Delegate Transfers the ticket tree to another manager Escalate Transfers the ticket tree to another manager Cancel Process Allows you to manually stop the Approval Process at any stage More information Delegate see page 157 Escalate see page 154 Cancel Process see page 170 Chapter 9 Approval Process Tickets 175 Rejected Link Parent Ticket Rejected Link Parent Ticket Advanced Functions The Rejected Link Parent ticket provides the following Advanced functionality Add Comment Manually add a comment to the ticket Add Attachment Add an attachment or URL to the ticket View Transaction Log The transaction log provides a history of the ticket related actions executed since the creation of the ticket View Parent Opens the current ticket s parent s ticket View Initiators View of list of the users who launched this ticket View Children Opens a table which provides you with information concerning all the nodes leaves that are located below the current ticket For the Reject Link Parent ticket this means that you can view information concerning the link s Approver tickets View Entity Opens the entity s card Two buttons are provided one for each member of the link under review The View Children function shows you the two Approver tickets associated with this parent ticket Add Comment Add Attachment View Transaction Log View Initiators
385. s will remain hidden until the campaign is activated When you start a campaign the state changes to New An email notification is sent to all the campaign s Approvers notifying them that a campaign has begun and that they have links to approve Stop Campaign This allows you as the campaign owner to arbitrarily stop a campaign at any time Restart Campaign This function is active only after a campaign has been stopped Archive Provides you with the option of moving the campaign from the main ticket table to the archive Start Approval Processes As the campaign progresses not all the links are approved The rejected links have to be sent through a secondary approval process View Campaign Progress Opens a separate browser window where you can view the campaign progress for each individual approver Send Reminder Lets you send email reminders to approvers whose performance is not acceptable under the campaign s deadline More information Approval Process Tickets see page 151 Chapter 7 Running Campaign owner Tickets 117 Campaign Management Functions Running the Campaign Start Campaign 118 Portal User Guide This section examines the management functions Start Campaign Stop Campaign m Restart Campaign Start Approval Processes m Archive Once you have added a campaign to the system and the campaign ticket has been generated it resides in your Ticket Queue Until you as the campaign ow
386. se Settings Properties Settings Common Properties Settings Audit Properties Settings 2 Click Universe Settings The Universe list appears Chapter 13 Using Administration Functions 327 Setting a Universe Creating a New Universe 328 Portal User Guide It is recommended that you create a new universe the first time you run the Eurekify Portal You will use this universe in order to run the first import and audit procedures Sometimes it is necessary to create a separate universe for specific purposes for example when running an audit on a partial configuration As a universe contains a specific master model configuration pair you can either use real configuration names if you already have them or you can use names that will be place savers and can be replaced in the future when you know the true configuration file names When you aren t referring to an existing configuration the information fields will have to remain empty during the creation of the new universe Make sure to fill in the information prior to running a campaign based on this universe Note If the configuration files do not exist the Import process will create them Universe name Description Master configuration name Model configuration name Approved AuditCard Choose One v Configuration login field Configuration email field Configuration user manager field Configuration role manager field Configuration resource manager field Aud
387. ser Role Ticket Id 1758 Owner Cooper Amos DOMAJ Previous Owner Status pending Action Due Date 19 01 2009 05 18 41 Priority Low Severity Minimal lt State Open Modified Date 22 01 2009 10 35 58 Pate Created 19 01 2009 00 18 41 Title User Approval Request to delete role Organization Database Administrators Characteristic Role 100 0 Min 40 from user Davis Brett 75675330 Description User Approval Request to delete role Organization Database Administrators Characteristic Role 100 0 Min 40 from user Davis Brett 75675330 Request was submitted on Universe Portal from Link of Team to Role s IEA RR Se RH KA K onfiguration Name Model2_ConfigWithRoles erson ID 75675330 Role Name Organization Database Administrators Approval Process Result v C internet R10 The Ticket type s name is constructed from the ticket s action delete link and the entities involved Therefore an Approver ticket for a request to delete a link between a user and a resource will be called a Delete Link User Resource ticket Your main task is to either approve or reject the submitted request to severe a link between two entities You can use any of the ticket s functions to find out more information or perform any related task This section covers the following topics m Approver tickets General functions m Approver tickets Advanced functions Chapter 9 Approval Process Tickets 177
388. sers who do not have administration rights can see only their own tickets where they are listed as the ticket Owner Specific ticket data and functionality can be accessed by clicking on a specific ticket and opening its Ticket Properties Form in a separate browser window The data functions and options available to the user from within a Ticket Properties Form depends on the ticket type Tickets in general encompass two types of functions m Link related actions m Ticket related actions Link related actions can be found in the Campaign Approver tickets Ticket related actions depend on the ticket type Ticket functionality includes general functions such as Close or Save that are generic for all ticket types and specialty functions that are available for specific types of tickets such as the View Campaign Progress option which is unique to campaign owner tickets or Acknowledge which is found in info tickets Chapter 6 Tickets and the Ticket QUeue 69 The Business Processes Bar 70 Portal User Guide The complexity and extensive functionality available through the Eurekify Portal tickets is described in six separate chapters Chapter 6 Provides information concerning general ticket data and functionality shared by all types of tickets Chapter 7 Campaign Tickets Provides information concerning data and functionality available in campaign related tickets Chapter 8 Campaign Approver Tickets Approver tickets
389. sers who should not have access to various resources are indeed barred from them The Eurekify Portal campaign provides you with two basic options either to approve the corporate permissions sent to you for review or to reject them and notify the system that specific access permissions should be removed The campaign does not check if users are lacking permissions that should have been granted to them Additional case studies can be found at http ca com support This section contains the following topics Running a Campaign A Case Study see page 48 Chapter 4 Showcasing the Eurekify Portal 47 Running a Campaign A Case Study Running a Campaign A Case Study Nancy Katz is a corporate branch manager at the Silicon Valley branch In the past user provisioning and resource allocation was performed on the fly as the need arose Now as part of an integrated audit Nancy K finds that she is required to audit the company s information systems and validate correct usage of access rights to information resources Cooper Amos needs to discover obsolete and suspect privileges best practice violations have to be identified and he has to obtain an overall view of the corporate access rights structure The corporate system administrator has installed the Eurekify ERM server and client modules and has downloaded the corporate security data generating a set of Eurekify configuration files Nancy has followed the instructions in th
390. stem s copy paste rename functions in order to duplicate a configuration You need to actually change the content of the configuration file during the process You can use the Trim Configuration process provided by the Eurekify Sage DNA module to duplicate a configuration This allows you to generate a configuration in which the new duplicate users and resource database files are referenced from within the new configuration file Trim Configuration r Input Source Configuration age Client Tools 4 0 Sage Demo ConfigwWithRoles cfg Browse Output Output Configuration Browse Output Users Database Browse Output Resources Database Browse a Appendix A Duplicating a Configuration 391 Eurekify Sage Error Messages 392 Portal User Guide The Trim Configuration screen contains the following fields Source Configuration Fill in the name and path of the Source Configuration to be trimmed Use the Browse button for convenience to choose the file Output Configuration Fill in the name and path of the Output Configuration to be created Use the Browse button for convenience to choose the file Output Users Database Fill in the name and path of the Output Users Database to be created Use the Browse button for convenience to choose the file Output Resources Database Enter the file name and path of the Output Resources Database to be created Use the Browse button for convenienc
391. stration ROOT NOVELADM Novell4 TESTDEV RACFPROD RACF22 UGMPDB2 RACFPROD RACF22 Records per page 10 ooooooooo0o008 O ic 4 iS S N D Find Resources Test Compliance Suggest Resources Copyright C 2008 Eurekify All Rights Reserved Build 08 11 26 01 Chapter 10 Running Self Service Tasks 233 Manage My Resources The screen is divided into three sections General Provides descriptive information concerning the current action Currently Enrolled Resources The current resources linked to the selected users Other Resources A list of available resources The Other Resources section displays a customizable table As the Manage My Resources screen allows many options and great flexibility the procedures will be broken up by section The fields in the General section The Currently Enrolled Resources table options and functionality The Other Resources table options and functionality To manage my resources click Mange My Resource Assignments on the Self Service menu The Manage My Resources screen appears More information Customizing a Data Table see page 22 Presenting the General Section Manage My Resources Screen see page 234 Presenting the Currently Enrolled Resources Table Manage My Resources Screen see page 236 Presenting the Other Resources Table Manage My Resources Screen see page 237 Presenting the General Section Manage My Resources Screen Manage My Resources B
392. t icon E Resources 6 4 X d Namel Name2 Name3 Violations i Description Managerid owner v Win on V br UGSILVMGR NTSILV WinNT Silicon V b Silicon V br Manager Manager Marketing Sun NTSILV WinNT 91236370 TReassigned to Herman Barbara ticketId 914 UNXMARKT Solaris26 Server 89123140 office2003 2003 WinNT MS D DU office2003 oo e mail outlook WinNT MS ema 2003 WinNT MS office2003 91236370 outlook WinNT MS email 91236370 Chapter 8 Campaign Approver Tickets 143 Auditing Links The target user can view the reassignment details as a ToolTip marked by li which is located in the column Violations PersonID UserName anization OrganizationType Comment Rolen Dave 98383770 Rolen Dave Finance Corporate Steiven Pat 45489940 Steiven Pat System Management Corporate More Cathrine 97774230 More Cathrine Finance Corporate Yoham Anne 93872110 Yoham Anne Silicon Valley Branch Branches S SRN N s E Sd Nancy DOMAIN Katz Nancy Capel Linda 98383830 Capel Linda Application Development Corporate Note You can reassign all the links listed in a specific link table at once by clicking the column label for that link table Important Do not click the column label unless you want to reassign all the links to one single user If the reassignment process generates a new ticket i e the target user did not have an Approver ticket as part of the curre
393. t p 872 717 Title State Status Children Type Received Owner Previous Owner Campaign 19 Manager Approver Campaign Cooper Amos Manager rag DOMAIN Cooper Approver S Amos Cooper Amos DOMAIN Cooper Amos Pending Action 21 12 2008 User Certification Cooper Amos User Review New 12 51 21 Pending Action Role Certification Cooper Amos Role Certification Hidden After selecting a display mode from the menu you can interact with the tickets You can m Expand a closed ticket tree Collapse an open ticket tree m Click the owner s hyperlink to view the owner s data card m Sort the table based on one of the table s columns m Click the ticket title and open the Ticket Properties Form in a separate browser window Here you can perform various operations depending on the ticket type 76 Portal User Guide More information Sorting a Data Table by Column see page 27 Main Screen Layout see page 77 Main Screen Operations see page 79 Main Screen Layout Ticket Tables The Ticket Queue screen contains the following main features Menu Bar Provides the Ticket Queue functionality Ticket table Presents the various tickets Enterprise Role and Compliance Manager Home Ticket Queue Dashboards Ticket Queue gt Open New Done Tickets Self Service State User Approval Request to delete resource UGSYS TSSCREDIT TSSS0 Top Secret on MVSCREDIT New from
394. t a name from the list You can use the filter option to reduce the number of records listed in the table 3 Click OK The Executing bar appears The original ticket is archived and its status is set to Delegated A new ticket is generated The ticket appears in the target user s Ticket Queue Info tickets More information Add Comment see page 88 Filtering a Data Table see page 24 Eurekify Properties see page 397 Escalating an Info Ticket This function lets you transfer the info ticket to a more senior manager thus sharing important information Once you have transferred the selected ticket to the new ticket owner the original ticket is archived and will no longer appear in your list of active tickets Only the current ticket owner can escalate a ticket When a ticket is escalated a new ticket is generated with the new owner listed in the Owner field and the manager who escalated the ticket s is listed in the Previous Owner field Ticket Properties Form Windows Internet Explorer http j localhost 8080 eurekify tms ui wicket bookmarkablePage com eurekify tms web template Default TicketPage amp ticketId 1824 1824 Owner Herman Barbara Previous Owner Rami Sas Eurekify Rai Status pending Action 19 01 2009 22 47 43 Priority Low Y Severity Minimal State Open x Modified Date 19 01 2009 23 25 28 Date Created 19 01 2009 23 11 22 Title Description User Approval Request t
395. t checkPermission gt true lt checkPermission gt lt tag gt lt tag id RoleEngineeringMethodologies gt lt type gt report lt type gt lt label gt Role Modeling Methodologies Comparison lt label gt lt data gt com eurekify web reports parameters roleengineering RoleEngineeringParametersPage lt data gt lt checkPermission gt true lt checkPermission gt lt tag gt lt tag gt lt tag id PolicyManagement gt lt type gt internal lt type gt lt label gt Policy Management lt label gt 410 Portal User Guide Sample Portal Structure XML lt checkPermission gt true lt checkPermission gt lt tag id PolicyVerificationReport gt lt type gt report lt type gt lt label gt Policy Verification Report lt label gt lt data gt com eurekify web reports parameters universeconfigurationreports PolicyVerificationParametersPage lt data gt lt checkPermission gt true lt checkPermission gt lt tag gt lt tag gt lt tag id Campaigns gt lt type gt internal lt type gt lt label gt Campaigns lt label gt lt checkPermission gt true lt checkPermission gt lt tag id FullCertificationReport gt lt type gt report lt type gt lt label gt Full Certification Report lt label gt lt data gt com eurekify web reports parameters campaign FullCertificationParametersPage lt data gt lt checkPermission gt true lt checkPermission gt lt tag gt lt tag id CertificationProgressReport gt lt type gt report lt type
396. t has been completed and is now archived Self Service Request Parent A Link User Role parent ticket ticket Approver Ticket Only one A Link User Role approver ticket 3 Self Service Request Parent A Remove Link Role Resource parent ticket ticket Approver Ticket Only one A Remove Link Role Resource approver ticket Chapter 11 Role Definition Tickets 297 Update Role Ticket Tree Note If the Self Service request included removing links the sub trees generated in stage 2 will include Remove Entity Link type tickets The number of Remove Link Link User Role subtrees depends on the number of entity role requests that were originally submitted If a request was made to enroll 10 users to a role then there will be 10 Link User Role subtrees generated during the second stage of the Self Service Approval Process AD1 EAdmin Enterprise Role and Compliance Manager Home Ticket Queue Dashboards Self Service Administration Ticket Queue gt Open New Done Tickets Admin View Refresh Clear Filter State Entity Browser Reports Status Type Received Owner Approval 19 01 2009 Root 16 48 54 Eurekify Admin Update 19 01 2009 Eurekify Admin Role 16 48 55 AD1 EAdmin Flag Lee Update 19 01 2009 Role 16 49 24 DOMAIN Fag Flag Lee DOMAIN Flag Lee e Link of Team to Role s Approval Root Request Open In Progress ae Update Role Fifth av Applicative role Open In Progress Role Approver Update Role Fifth av Applicative
397. ta Campaign 062 R e 0 K R R cece a be bebe dae eee RRR R ba ec toee eee RR RET 108 General Data Campaign 0 cece cece teen EEE EI teen ee en ee RR 110 Advanced Campaign ea e a cece e R R RR e RR RRR tenn RRR RRR RRR RRR RRR 111 General Campaign Ticket Functions 0 ccc cc ccc cece teen ee eee e tenn ee eens 111 Delegating a CAMPAIGN ene nee ene teen teen ete eens 112 Escalating a Campaigh 0 R N N N caries ei dew Oh a hag E ERE a EA EA ER 114 Campaign Management Functions 0 eee cee e eet e ene nnne nen 117 Running the Campaign e ne enn n ee tenn eee nett ene e ee rnn 118 View Campaign Progress ccc ccc cece R NR NN eee teen RRR R N REKA 123 6 Portal User Guide send Reminder sepeser eere igh uct aa Bee od e agua a tas Se Ne heehee ae thee 125 Campaign Ticket Advanced FUunctionS 00 cc ccc ccc ene een n eee eet nee nee 126 View Childrens 2 c0 00 2 aucveedeecuser rete ctbsoeeden tase see eee rede bere ere esos vewaee ere sede 127 Campaign Approver Tickets 0 cc ccc ccc ee enn tenn ee eee orreen ernro nnen 128 Chapter 8 Campaign Approver Tickets 131 CMA Ticket Properties Form lt 20 css 0cds asco veeaded rri EN Er EEEE EE Ewe e OE EES EE TENE rE E 134 Auditing LINKS siscrissgsrer asesan na aE aA AE E oa REA E dA bes GESE 136 Presenting the Entity Links Table 0 ccc enrere rororo enrere rroen 136 Approving a Links 2 22 edhe
398. tag id ConfigReports gt lt type gt internal lt type gt lt label gt Configuration Reports lt label gt lt checkPermission gt true lt checkPermission gt lt tag id ConfigurationProperties gt lt type gt report lt type gt lt label gt Configuration Properties lt label gt lt data gt com eurekify web reports parameters universeconfigurationreports ConfigurationPropertiesParametersP age lt data gt lt checkPermission gt true lt checkPermission gt lt tag gt lt tag id ConfigurationUsersAttributes gt lt type gt report lt type gt lt label gt Configuration Users Attributes lt label gt lt data gt com eurekify web reports parameters configurationattributes users C onfigurationUsersAttributesParametersPage lt data gt lt checkPermission gt true lt checkPermission gt lt tag gt lt tag id ConfigurationRolesAttributes gt lt type gt report lt type gt lt label gt Configuration Roles Attributes lt label gt lt data gt com eurekify web reports parameters configurationattributes roles ConfigurationRolesAttributesParametersPage lt data gt lt checkPermission gt true lt checkPermission gt lt tag gt lt tag id ConfigurationResourcesAttributes gt lt type gt report lt type gt lt label gt Configuration Resources Attributes lt label gt lt data gt com eurekify web reports parameters configurationattributes resources C onfigurationResourcesAttributesParame tersPage lt data gt lt checkPermissi
399. tal which was written in Java and the Eurekify Sage DNA which is not Workflow process name Select the default import process You can use the bundled Workpoint BPM engine to generate additional workflow processes Ticket Type Tickets are work items that can be viewed in the Ticket Queue Select the default ticket type Chapter 13 Using Administration Functions 339 Setting Connectors Priority Set the priority level The available options are m Low Normal m Rush Critical Severity Set the severity level The available options are Minimal Medium m Serious m Urgent Critical 340 Portal User Guide Setting Connectors To create a new Import Connector 1 2 3 a ee 7 8 9 10 11 12 13 14 In the Connector pane click Create New Enter the name of the new Import Connector Provide a clear and concise Description of the import connector Select the Universe from the drop down list Enter the name and location of the Settings XML File You have to provide the full path and file name You can locate the file using your systems file browser and copy the name and path from the Address bar and paste it in the text box Enter the name and path of the Mapping XML File You have to provide the full path and file name You can locate the file using your systems file browser and copy the name and path from the Address bar and paste it in the text box Optional Provide the
400. tart Approval Process from DNA 0 6 ccc cc ce enn cence ee etn rrer renerne nnno 325 Setting a UNIVErSe 0 K N 9 2404400 neo R R be chi R RE AAR RRR ie R RR had R RR cee Eaa 326 The Universe Settings Table e e ce cee rnnr errr eet e ence ee eee ennees 327 Creating a New Universe 0 e K K K R e e K eee eee RRR 328 Editing a WUNIVENSe 2 03 3 cc0085 ana tEn a acu snreede Shae Canaan E wade e Ne oe E E AS ESE 332 Deleting a Universe 2 0 cece cece cece ee eee eee ence cece RRR RRR RRR RRR R 333 Setting CONMECtOMrs soc sa itea teec tea E asad ees E E mage TE EAEE Bees need tea as 334 The Connector Settings Panel Tables 0 ccc een teen een n nere neces 336 Creating a New Import Connector 0 ccc cent n eee teen nee enee 338 Creating a New Export Connector 0c enn e nnn ene n ee en enn 342 RUNNING a CONNECCOR s 2 0 cice ck 2 ors wea niena nena 4 aN deeded oe duiaaa A A EE ETE A 345 Import Error Tickets 0 lt ccseca8 chee bh 605 054 ceo avo an EL E bead ERE ROEEEEE LAS 347 JOD SCHEAUIING lt sisids da dawg gsaaduae de dond dewee deadMew ed doa dees PEE oee eee ee EEE eR RS EEE EROS 348 Scheduling a New Job ne eee eee tenn ee nee e teen ee ee tenn eeees 349 The JOBS Tables 2 2 02 c00turs sade need teers shee TR AEE OTE AEE NE ESEE ESE ANREDE ae 350 The Transaction LOG 9 4 ccc ccc eee cee ee ee eee eee ee ee ee eee R eee aeniei taidan id aiene 351 Cache Manipulation 2 4
401. te filter TicketType SAGE ChangeApprovalParentTicket GFilter Organizati on cookingdept Ticket name filter tms escalate filter _LinkUser Role tms escalate filter LinkUser Role GFilter Email ssimhi eurekify com Appendix B Eurekify Properties 403 tms campaign campaign type reassign filter tms campaign campaign type reassign filter Used for filtering the reassign option user list Comprises three options Description Reassign filter Property tms campaign campaign type reassign filter Example tms campaign userCertification reassign filter GFilter Organization owner Organization tms campaign roleCertification reassign filter GFilter Organization owner Organization tms campaign resourceCertification reassign filter GFilter Organization owner Organization 404 Portal User Guide Appendix C Portal Structure XML This section contains the following topics Sample Portal Structure XML see page 406 Appendix C Portal Structure KML 405 Sample Portal Structure XML Sample Portal Structure XML lt xml version 1 0 standalone yes gt lt DOCTYPE portal View Source for full doctype gt lt portal gt lt tag id HomePage gt lt type gt internal lt type gt lt label gt Home lt label gt lt data gt com eurekify w eb portal homepage HomePage lt data gt lt checkPermission gt false lt checkPermission gt lt tag gt lt tag id TmsSystem gt lt type gt e
402. ted Stage 2 Both the Select Accountable task ticket and the Role Approver tickets are listed Stage 3 All the Request Parent tickets for each requested link are listed Note that the new role s manager is the listed owner of these tickets Notice the ticket Type for information on what ticket you are currently viewing Action Owner Type Status Title Comment t Eurekify Admin Task Completed Select Accountable to Role Corporate Security Cooper Amos DOMAIN Cooper Amos Cooper Amos DOMAIN Cooper Amos Cooper Amos DOMAIN Cooper Amos Cooper Amos DOMAIN Cooper Amos Cooper Amos DOMAIN Cooper Amos Cooper Amos DOMAIN Cooper Amos Cooper Amos DOMAIN Cooper Amos Cooper Amos DOMAIN Cooper Link Role Amos Resource Cooper Amos DOMAIN Cooper Link Role Amos Resource Cooper Amos DOMAIN Cooper Link Role Amos Resource Approver Approved Role Approver New Role Corporate Security Link User Role In ProgressRequest to add user to role association role Corporate Security user 89213720 Link User Role In ProgressRequest to add user to role association role Corporate Security user 54672910 Link User Role In ProgressRequest to add user to role association role Corporate Security user 91236370 Link User Role In ProgressRequest to add user to role association role Corporate Security user 89123140 Link User Role In ProgressRequest to add user to role association role Corporate Security user 84847310 Request t
403. ternet Explorer DER v Hlocalhost 8080 eurekiFy tms uif wicket interFac r Campaign Ticket Id s35 Owner Eurekify Admin AD1 Previous Owner Status Pending Action x Due Date 15 01 2009 00 00 00 Priority Normal x Severity Medium lt State Open w Modified Date 21 12 2008 13 28 43 Date Created 21 12 2008 12 51 21 Title User Review User Certification Description End of year user audit Universe Portal Campaign Type USER Auto Generate Permissions true Configuration Model2_ConfigWithRoles Link Filter Direct Dual Audit Card Entity Filter No Filter Attachments Comments Received Owner Note x 21 12 2008 13 24 06 Eurekify Admin End of year audit LSS Se Start Approval Pro View Campaign Progress Done LE internet 100 lt Campaign Management Chapter 6 Tickets and the Ticket QUeue 89 The Ticket Properties Form Add Attachment An advanced ticket feature that allows you to attach a file or URL to a specific ticket Next to the listed attachment s you can see an X Click X to delete the attachment Ticket Properties Form Windows Internet Explorer DER 7 http fflocalhost 8080 eurekify tmsfui wicketsinterFace 17 1 v dd Attachment Name Url http File cance ERN La Internet R100 The Add Attachment screen contains three fields Name Lists the attachment name When the attachment is a file the file name is listed URL The URL to
404. the following table explains the logic behind these patterns Matching rights The CA Eurekify Role amp Compliance Manager looks at the current user s resources which correlate according to a given with the selected role s assigned resources and suggests to enroll the current user in the selected role The equivalent in the CA Eurekify Role amp Compliance Manager DNA In Out of Pattern User matching HR Pattern The CA Eurekify Role amp Compliance Manager looks for users that are similar to the current user in terms of human resources attributes and then looks at the common limited by a pre selected threshold roles linked to those users and suggests to add some of the common roles to the current user The equivalent in the CA Eurekify Role amp Compliance Manager DNA In Out of Pattern Propose new roles for users by Human Resources Privileges Pattern A generalized form of Matching Rights The CA Eurekify Role amp Compliance Manager looks at the current user s resources and compares them to the resources that other users have and based on a pre determined level of pattern matching suggests to add some of the roles that the other users have to the current user The equivalent in the CA Eurekify Role amp Compliance Manager DNA In Out of Pattern Propose new roles for users by Privileges Matching Rule The CA Eurekify Role amp Compliance Manager looks at the role s rule and finds the users that mat
405. the following ticket types Link User Role Link Role Resource or Link Role Role Generated when adding a link to specific role Delete Link User Role Delete Link Role Resource or Delete Link Role Role Generated when making a request to sever a specific link to the role Add Role The role manager approver ticket generated when a request is made to add a new role to the configuration 260 Portal User Guide Introducing the Requests Table Update Role The role manager approver ticket generated when a request to update role definitions is made or in the special case of multi user requests to enroll users in a role where the number of users exceeds the system s threshold Enterprise Role and Compliance Manager Home Ticket Queue Dashboards Self Service Entity Browser Reports Administration Ticket Queue gt Open New Done Tickets State ID Title Status Children Type Received Owner Approval 01 02 2009 Root 00 29 04 Eurekify Admin 01 02 2009 Eurekify Admin 00 29 05 AD1 EAdmin 01 02 2009 Eurekify Admin 00 29 17 Cooper Amos ele DOMAIN Cooper Keras Amos Cooper Amos DOMAIN Cooper Amos Cooper Amos DOMAIN Cooper Amos Cooper Amos DOMAIN Cooper Amos Cooper Amos DOMAIN Cooper Amos Cooper Amos DOMAIN Cooper Amos Cooper Amos DOMAIN Cooper Amos Cooper Amos DOMAIN Cooper Amar 2220 B G Add Role Approval Root Request Open In Progress 2221 E amp New Role Corporate Security Open In Progress Add R
406. their Person ID The Users table provides the following options Add A column of check boxes one per user Select one or more When you check multiple users all the changes you make will be implemented for all selected users Person ID Click any highlighted ID listed in this column to open the associated User s Card Get Roles Provides a list of Currently Enrolled Roles for the selected users Customize Allows you to determine the columns that will appear in the Users table Records per page Select the number of records that will appear in the Users table Find Users Opens the Select User filter screen to assist you in finding specific users Once you have selected the user s you want to manage at this time you can click Get Roles to obtain a list of the roles currently associated with these users Note If the actions you want to take do not involve the currently enrolled roles associated with the selected user you can skip the Currently Enrolled Roles table and go to the Other Roles table Chapter 10 Running Self Service Tasks 207 Manage My Team s Role Assignments To select users and obtain their roles 1 In the Users table select one or more users You can click Find Users to open the Select User screen 2 Click Get Roles The roles linked to the selected user s appear in the Currently Enrolled Roles table A list of roles that are not linked to the currently selected user s appears in the Other Roles
407. this chapter it is important to remember that every ticket has a unique ticket ID number that can be used to track the ticket and to differentiate between tickets of the same type that deal with the same issue but have different functionality or purpose This section contains the following topics General Approval Process Ticket Functions see page 153 Advanced Approval Process Ticket Functions see page 161 Approval Process Root Ticket see page 167 Rejected Link Parent Ticket see page 173 Approval Process Approver Tickets see page 177 Approval Process Info Tickets see page 189 General Approval Process Ticket Functions The Ticket Properties Forms for the various Approval Process tickets share many of the same functions The following table provides a summary of all the General functions available for the various Approval Process tickets Ticket Type Functions Approval Root Close Save Delegate Escalate Start campaign owner ticket Process Cancel Process Acknowledge More Details Less Details Delete Link Close Save Delegate Escalate Cancel Entity 1 Entity2 Process More Details Less Details Rejected Link Parent ticket Delete Link Close Save Delegate Escalate Consult Entity1 Entity2 Approver Approve Reject More Details Less Details ticket Chapter 9 Approval Process Tickets 153 General Approval Process Ticket Functions Besides the Ticket Properties Form General funct
408. tic Role 100 0 Min 40 Characteristic Role 100 0 Min 40 Characteristic Role 100 0 Min 40 Characteristic Role 100 0 Min 40 Type Org Role Applicative Role Applicative Role Org Role Applicative Role Applicative Role Org Role Org Role Org Role Org Role Copyright C 2008 Eurekify All Rights Reserved Build 08 11 26 01 Organization Fifth Ave Branch Company Company Enterprise Fifth Ave Branch Company Application Development Database Administrators Fifth Ave Branch Finance Records per page 10 _ Y Chapter 10 Running Self Service Tasks 247 Defining a New Role 248 Portal User Guide Role hierarchy evolves from role trees that are present in many corporate systems For example an Identity Manager application can have two levels of roles Provisioning Role and Provisioning Policy Users are always linked to a Provisioning Role that is linked to a specific Provisioning Policy This hierarchal structure is maintained during import export When generating a new role it is important to know whether there are system rules that demand specific hierarchal connections between roles Each section contains a customizable entity table listing all the relevant entities To assist you in your selection the following functions are available Find Entities Provides a filter screen Suggest Entities Provides suggested users for selected resources or suggested resources for selected users This se
409. tional Role 546729102 Role provides resources to users who are invoh 89213720 54672910 91236370 89123140 84847310 Organization IT Security public UNXMARKT Solaris26 PUBLIC RACFPROD RACF22 UGMTSYS RACFTEST RACF22 Parent Roles To Remove Organization2 Organization Type Owner Description Organization IT Security null null Enterprise TT Security Organizational Role 54672910 Role provides resources to users who are involved with security Resources To Add Parent Roles To Add public UNXMARKT Solaris26 Organization IT Security PUBLIC RACFPROD RACF22 UGMTSYS RACFTEST RACF22 Add Comment Add Attachment View Transaction Log View Initiators View Role J lt s Once the role manager approves the link requests listed in this ticket stage three of the Add New Role Approval Process begins and a new set of Approver tickets is generated This includes one sub tree for every requested link that consists of parent child pairs of tickets where the parent ticket is a standard Link Entity Role Parent ticket and the child ticket is a standard Link Entity Role Approver ticket The Role Approver ticket supplies you with all the data you need to make the decision whether to approve or reject the request The Role Approver ticket also provides you with the required functionality to assist you in the process Chapter 11 Role Definition Tickets 287 Add New Role Ticket Tree More information Self Service Request
410. tity Violations Records violations based on the Audit Card data Comment Allows you to assign a comment to a specific link The Link Entity table columns are also predetermined They depend on the entity being presented in the specific table However several columns appear in all Link Entity tables Violations Records violations based on the Audit Card data History Presents the history of the link between the main entity and the entity listed in the selected row Comment Allows you to assign a comment to a specific link Once a link is approved and the ticket is saved the audit process for this entity link is over Progress Violations 4 7 PersonID Free Georgia 93833870 UserName Organization Free Georgia Marketing_Dept L 0 9 Devin Roger 88382990 Devin Roger Marketing_Dept Violations Relationtype Description Characteristic Role 50 Characteristic Type Organization Rule Title Product Manager Title Product Manager Characteristic Role 50 Organization Marketing_Dept Characteristic Role 100 0 Direct Org Role Title Product Manager Direct Org Role Marketing Dept Organization Marketing Note You can approve all the links listed in a specific link table at once by clicking the column label V for that link table Chapter 8 Campaign Approver Tickets 139 Auditing Links To approve a user link 1 In the Ticket Properties Form click next to the user you wish to audit
411. tity Browser This browser aids the administrator business manager who is using the Eurekify Portal in viewing entities i e users roles resources associated with a specific Universe under a selected configuration The information is displayed in table format The tables contain basic information for each entity Running reports Provides access to a variety of reports Dashboards Automatically shows users useful statistical information as they go about their tasks Administration Administrators can create a universe generate import export connectors and define their scheduling They can also perform other functions available only to senior administrators 16 Portal User Guide Opening the Eurekify Portal More information Using The Eurekify Portal Interface see page 19 Opening the Eurekify Portal To activate the Eurekify Portal 1 Run your browser 2 Enter the address http ServerName ServerPort eurekify and click Go The Login screen opens Enterprise Role and Compliance Manager 3 Enter your User Name and Password in the text fields Note Both the User Name and Password are case sensitive 4 Click Login The Eurekify Portal Home Page appears Enterprise Role and Compliance Manager _ eureXify Ticket Queue Dashboards Self Service Entity Browser Reports Administration State Status Children Type Received Owner Previous Owner Chapter 1 Introduction 17 Opening the Eurekify Portal
412. tle E G Add Role Approval Root Request Status Children Type Received Owner Approval 01 02 2009 Root 00 29 04 01 02 2009 Add Role 99 99 05 01 02 2009 00 29 17 01 02 2009 00 35 53 Eurekify Admin Eurekify Admin AD1 EAdmin Eurekify Admin Open In Progress G New Role Corporate Security Open In Progress E Select Accountable to Role Corporate Security Archived Completed Task Cooper Amos DOMAIN Cooper Amos Cooper Amos DOMAIN Cooper Amos Cooper Amos Role Approver New Role Corporate Security Archived Approved Add Role Request to add user to role association role Corporate Security user 89213720 Link User 01 02 2009 Role 00 38 36 aa aa a a a aa aa New In Progress Request to add user to role association role Corporate Security user 54672910 Link User 01 02 2009 New Role 00 38 36 In Progress DOMAIN Cooper Amos Cooper Amos DOMAIN Cooper Amos Cooper Amos DOMAIN Cooper Amos Cooper Amos DOMAIN Cooper Amos Cooper Amos DOMAIN Cooper Amos Cooper Amos DOMAIN Cooper Arane Request to add user to role association role Corporate Security user 91236370 Link User 01 02 2009 E New In Progress gae 00 38 36 Request to add user to role association role Corporate Security user 89123140 Link User 01 02 2009 New Role 00 38 36 In Progress Request to add user to role association role Corporate S
413. ts Chapter 7 The Campaign Tickets and their functionality Chapter 8 The Campaign Approver Tickets and their functionality Chapter 9 The Approval Process Tickets and their functionality Chapter 10 The Self Service menu options Chapter 11 Self Service Provisionng tickets Chapter 12 Role definition tickets adding a role or updating an existing role Chapter 13 The Entity Browser menu options Chapter 14 The Administration menu options Chapter 15 Security and permissions information Chapter 16 Eurekify Portal error messages This guide also includes several appendixes a glossary and an index Audience Audience This guide is intended for Role Engineers system administrators and organizational managers who are in charge of granting and certifying entitlements Role Engineers are typically well trained professionals familiar with the target organization This manual assumes that the Role Engineer has had professional training on CA Eurekify Role amp Compliance Manager Sage client tools and is familiar with the CA Eurekify Role amp Compliance Manager documentation that accompanied the client tools installation package System administrators should be familiar with the CA Eurekify Role amp Compliance Manager software downloading and uploading of users and resources databases role discovery and audit operations This guide is also intended for general administrators and organizational managers who are in charge of variou
414. ubmitted on universe 2 from 3 the request to add role 0 to role 1 failed request was submitted on universe 2 from 3 Field changeapproval child add role role notification til e errcode changeapproval child add role role notification description errcode changeapproval child remove role role info title rejected errcode changeapproval child remove role role info title f ailed errcode changeapproval child remove role role info description rejected errcode changeapproval child remove role role info description failed errcode changeapproval child remove role role notificatio n title errcode changeapproval child remove role role notificatio n description errcode changeapproval child add role resource info title rejected errcode changeapproval child add role resource info title failed errcode changeapproval child add role resource info description rejected errcode changeapproval child add role resource info desc ription failed errcode changeapproval child add role resource notificati on title errcode changeapproval child add role resource notificati on description errcode Code tkt019 tkt020 tkt021 tkt022 tkt023 tkt024 tkt025 tkt026 tkt027 tkt028 tkt029 tkt030 tkt031 tkt032 Eurekify Sage Error Messages Description request to add role 0 to role 1 is already in process the request to add role 0 to role 1 is already in process requ
415. ue lt checkPermission gt lt tag gt lt tag id PropertiesSettings gt lt type gt internal lt type gt lt label gt Properties Settings lt label gt lt data gt com eurekify w eb properties PropertiesPage lt data gt lt checkPermission gt true lt checkPermission gt 412 Portal User Guide lt tag gt lt tag id CommonPropertiesSettings gt lt type gt internal lt type gt lt label gt Common Properties Settings lt label gt lt data gt com eurekify w eb properties CommonPropertiesPage lt data gt lt checkPermission gt true lt checkPermission gt lt tag gt lt tag id AuditPropertiesSettings gt lt type gt internal lt type gt lt label gt Audit Properties Settings lt label gt lt data gt com eurekify web properties AuditP ropertiesPage lt data gt lt checkPermission gt true lt checkPermission gt lt tag gt lt tag gt lt tag id SageMaster gt lt type gt internal lt type gt lt label gt Eurekify Configuration Settings lt label gt lt checkPermission gt false lt checkPermission gt lt tag id UpdateS agemaster gt lt type gt internal lt type gt lt label gt Update Eurekify configuration with universe users lt label gt lt data gt com eurekify web sageMaster UpdateSageMasterPage lt data gt lt checkPermission gt true lt checkPermission gt lt tag gt lt tag gt lt tag id Checkup gt lt type gt internal lt type gt lt label gt System Checkup lt label gt
416. uide The Other Resources section provides the following options Add A column of check boxes one per role Select one or more to link the selected users to additional resources Res Name 1 Click any highlighted resource name listed in this column to open its Resource Card Customize Allows you to determine the columns that will appear in the Other Resources table Records per page Select the number of records that will appear in the Other Resources table Find Resources Opens the Select Resources filter screen to assist you in locating specific resources Test Compliance Checks whether the selections made in the Other Resources table comply with existing policies and BPRs Business Process Rules Suggest Resources Provides a list of possible resources based on the Eurekify ERCM pattern recognition technology This table presents you with several options R You can manually select one or more resources that you wish to link to the selected users You can use the Find Resources filter option to find specific roles and then make a selection from the filtered list of resources R You can click Suggest Resources and use the information provided by this feature to link resources to the selected users Manage My Team s Resources Other Resources Showing 1 to 10 of 82 17234567 89K Res Hame 1 Res Name 2 Res Name 3 HR Pattern Privileges Pattern Details UGFINAR RACFPROD RACF22 RACFPROD RACF22 4 4 secmgr UNXMARKT
417. uing Self Service Approval Root ticket Description Provide a concise and meaningful description of the changes you intend to make to your roles Submit Click to submit your request for changes To enter the data in the Manage My Roles General section 1 Select a Universe from the drop down list The Currently Enrolled Roles table and the Other Roles table will show roles belonging to the selected Universe s configuration 2 Enter the Business Area for the current action Enter the Business Process associated with the current action 4 Enter a Description Note If the actions you want to take do not involve your currently enrolled roles you can skip the Currently Enrolled Roles table and skip to the Other Roles table If you do not wish to manage the currently enrolled roles add roles to the selected users 216 Portal User Guide Manage My Role Assignments More information Presenting the Currently Enrolled Roles Table Manage My Role Screen see page 217 Presenting the Other Roles Table Manage My Role Screen see page 218 Presenting the Currently Enrolled Roles Table Manage My Role Screen This section lets you manage your current roles enrollment When you selected the Universe the Eurekify Portal provided the list of your current roles within the universe s configuration Currently Enrolled Roles Add Remove Role Name Description Type Organization Rule Owner BASIC ROLE Basic role for all users
418. uing Self Service Approval Root ticket Description Provide a concise and meaningful description of the changes you intend to make to your team s roles Submit Click to submit your request for changes Chapter 10 Running Self Service Tasks 205 Manage My Team s Role Assignments To enter the data in the MMT Role General section 1 Select a Universe from the drop down list 2 Enter the Business Area for the current action 3 Enter the Business Process associated with the current action 4 Enter a Description Presenting the Users Table MMT Role Screen Users Showing 1 to 10 of 69 4 417234567 Add Person ID Name Organization Organization Type 98383770 Rolen Dave Finance Corporate 84847310 Goid Wiliam Human Resources Corporate 86544420 Fred John System Management Corporate 75676560 Rodney Sergio Database Administrators Corporate 75464420 Cohen Steve System Management Corporate 86023090 Sterling Kent Human Resources Corporate 88311130 Goodman Bruce Marketing_Dept Corporate 67565330 Schwarts Barry Human Resources Corporate 99883110 Bean Frank Purchasing Corporate 89213720 Orr Taylor IT Security Corporate Customize Records per page 10 X 206 Portal User Guide Manage My Team s Role Assignments The Users table displays a list of the users in the selected Universe s configuration files The members of your team are marked with a green dot next to
419. umn to open the associated User s Card Get Resources Provides a table of Currently Enrolled Resources for the selected users Customize Allows you to determine the columns that will appear in the Users table Records per page Select the number of records that will appear in the Users table Find Users Opens the Select User filter screen to assist you in finding specific users Once you have selected the users you want to manage at this time you can click Get Resources to obtain a list of the resources currently associated with these users Note If the actions you want to take do not involve the currently enrolled resources associated with the selected user you can skip the Currently Enrolled Resources table and go to the Other Resources table Chapter 10 Running Self Service Tasks 225 Manage My Team s Resources To select users from the MMT Resources Users table and obtain their roles 1 In the Users table select one or more users You can click Find Users to open the Select User screen 2 Click Get Resources The resources linked to the selected user s appear in the Currently Enrolled Resources table A list of resources that are not linked to the currently selected user s appears in the Other Resources table At this point you can choose to m Manage the current enrollment list m Add additional resources to the selected users Do both If you do not want to manage the currently enrolled resources add reso
420. urce General section 1 Select a Universe from the drop down list Enter the Business Area for the current action Enter the Business Process associated with the current action won Enter a Description Presenting the Users Table MMT Resources Screen Users Showing 1 to 10 of 69 4 41234567 Add m Customize Person ID Name Organization Organization Type 98383770 Rolen Dave Finance Corporate 84847310 Goid Wiliam Human Resources Corporate 86544420 Fred John System Management Corporate 75676560 Rodney Sergio Database Administrators Corporate 75464420 Cohen Steve System Management Corporate 86023090 Sterling Kent Human Resources Corporate 88311130 Goodman Bruce Marketing_Dept Corporate 67565330 Schwarts Barry Human Resources Corporate 99883110 Bean Frank Purchasing Corporate 89213720 Orr Taylor IT Security Corporate Records per page 19 Get Resources Find Users 224 Portal User Guide Manage My Team s Resources The Users table displays a list of the users in the selected Universe s configuration files The members of your team are marked with a green dot next to their Name The Users table provides the following options Add A column of check boxes one per user Select one or more When you select multiple users all the changes you make will be implemented for all selected users Person ID Click any highlighted ID listed in this col
421. urces to the selected users More information Customizing a Data Table see page 22 Setting the Number of Records Per Page see page 23 Filtering a Data Table see page 24 Presenting the Currently Enrolled Resources Table Manage My Roles Screen see page 226 Presenting the Other Resources Table MMT Resources Screen see page 229 Presenting the Currently Enrolled Resources Table Manage My Roles Screen This section allows you to manage the current resources enrollment for your selected users The options available to you depend on how many users you have selected for the current action In the case of single user selection click Get Resources and you will receive the list of resources linked to your chosen user Currently Enrolled Resources Remove Res Name 1 Res Name 2 Res Name 3 Description ManagerID Owner Location PUBLIC RACFPROD RACF22 RACFPROD RACF22 Production RACF 77292450 Irvine CA UGADGEN1 Administration ROOT NOVELADM Novel4 NOVELADM Novell4 Active Directory Admini 67283470 Portland OR UGADMGR Administration ROOT NOVELADM Novell NOVELADM Novell4 Active Directory Manager 67283470 Portland OR UGHR RACFPROD RACF22 RACFPROD RACF22 Production RACF 77292450 Irvine CA e mail outlook WinNT outlook WinNT MS email 91236370 San Mateo CA office2003 2003 WinNT 2003 WinNT MS office2003 91236370 San Mateo CA public UNXMARKT Solaris26 UNXMARKT Solaris26 Marketing Sun Server 89123140 San Mateo CA
422. urekify Sage by creating a communications link to the downloading production server Eurekify Sage database files are simple text files However Eurekify Sage converters ensure that imported files will adhere to Eurekify Sage file format rules The DM module provides a number of converters Each converter supports a specific type of data source There are three basic types of data sources Platform specific These converters enable the download upload of information stored in the native security systems on the most common operating systems for example UNIX or SAP Specialty security systems for example RACF This refers to security dedicated software systems located on various platforms Identity management systems for example CA Identity Manager This refers to human resource software systems located on various platforms The Eurekify Portal provides you with the option to define these converters as Import Connectors or Export Connectors for the specific corporate environment The converters are conveniently located in the Import and Export menus of the CA Eurekify Role amp Compliance Manager Sage DNA Data Management application For further information on importing exporting and converters see the CA Eurekify Role amp Compliance Manager Sage Data Management User Guide Note At some point you may have to access the DM in order to edit the specific converter s Settings and Mappings file For further information see the
423. user A User Approval Request to delete role RACF Developers Characteristic Role 100 0 Min 60 from Open User Approval Request to delete resource TESTDEV RACFTEST RACF22 Test RACF from user Keren Cindy Open 925 Role Certification Cooper Amos Role Checkup Open 834 E Resource certification User Certification Open Entity Browser Status Pending Action Pending Action Pending Action Pending Action In Progress Reports Administration Type Received Delete Link User ed Ea 08 Resource Delete Link User etf sa Role mrs Delete Link User 29 12 2008 Resource 20 23 12 2008 21 14 24 21 12 2008 Campaign 13 29 06 Logout DOMAIN Cooper Amos Owner Cooper Amos DOMAIN Cooper Amos Cooper Amos DOMAIN Cooper Amos Cooper Amos DOMAIN Cooper Amos Cooper Amos DOMAIN Cooper Amos Previous Owner Eurekify Admin AD1 Cooper Amos EAdmin Chapter 6 Tickets and the Ticket QUeue 77 Ticket Tables The menu bar provides three functions Search Customize m Refresh Users that were linked to the Eurekify Admin Role have an additional option m User View Admin View Enterprise Role and Compliance Manager Home Ticket Queue Dashboards Self Service Entity Browser Reports Administration Ticket Queue gt Open New Done Tickets gt D Tte State Status Children Type Received Owner dana Pending 01 01 2009 Eurekify Admin 1240 l End
424. usiness Area Universe Portal Business Process Description 234 Portal User Guide Manage My Resources The General section of the Managing My Resources screen contains the following fields Universe Select the Universe you wish to work with The users table and the available resources depend on the universe Business Area General information descriptive This information will appear in the Description field of the ensuing Self Service Approval Root ticket Business Process General information descriptive This information will appear in the Description field of the ensuing Self Service Approval Root ticket Description Provide a concise and meaningful description of the changes you intend to make to your resources Submit Click to submit your request for changes To enter the data in the Manage My Resources General section 1 Select a Universe from the drop down list The Currently Enrolled Resources table and the Other Resources table shows resources belonging to the selected Universe s configuration 2 Enter the Business Area for the current action Enter the Business Process associated with the current action 4 Enter a Description Note If the actions you want to take do not involve your currently enrolled resources you can skip the Currently Enrolled Resources table and skip to the Other Roles table If you do not want to manage the currently enrolled resources add resources to the se
425. uthentication Settings see page 371 Encryption see page 371 Chapter 14 About Security amp Permissions 369 Security Turning Security On Off 370 Portal User Guide Software security can have one of two default positions Default Deny Under these conditions everything not explicitly permitted is forbidden While it may improve security it does so at a cost in functionality Default Permit Everything is permitted The advantage of this kind of security operation is that it allows greater functionality and it may be adequate for the initial phases of setting up and testing the system By default the Eurekify Portal s security parameter is set as disabled This means that when a user logs in using a recognized user name the Eurekify Portal will not check the user s permissions no limits will be placed on what is visible to the user The user can see all the menus and menu options and the user can activate and use them all The security parameter located in the eurekify properties file is sage security disable true When this property is set to False the system shifts to the Default Deny position and only what is explicitly permitted will be visible and enabled for the user More information Permissions see page 372 Security Authentication Settings Encryption Authentication is the act of establishing that a user does indeed have security permission to gain access to the Eurekify Portal The
426. val Request to delete role Delete Organization Database Administrators Open Characteristic Role 100 Role Approval Request to delete role Organiation Datebase Administrators Characteristic New Role 100 19 01 2009 Rami Sas 17 47 43 Eurekify Rami Pending Action 19 01 2009 Rami Sas Sth Herman Barbara User Role 23 11 22 Eurekify Rami Delete Link User Role Allen Sherman IBMRSO Iian Sharoni Pending Action 19 01 2009 17 47 43 If the ticket that you chose to transfer is a parent ticket having other tickets located below it in the specific Approval Process ticket tree then the complete sub tree will now be listed in the new owner s Ticket Queue ID Title State Status Children Type Received Owner Previous Owner Delete Link 19 01 2009 User 23 38 50 Role Delete Pending Link 19 01 2009 Rami Sas Action User 17 47 43 Eurekify Rami Role Delete Pending Link 19 01 2009 Action User 17 47 43 Role Request to remove user to role association 1825 role Organization Database Administrators New In Progress Characterist Cooper Amos Flag Lee DOMAIN Cooper Amos User Approval Request to delete role B Organization Database Administrators Characteristic New Role 100 Allen Sherman IBMRSO Iian Sharoni Role Approval Request to delete role B Organization Database Administrators Characteristic New Role 100 Chapter 9 Approval Process Tickets 155 General
427. vanced Functions The Role Approver ticket provides the following Advanced functionality Add Comment Manually add a comment to the ticket Add Attachment Add an attachment or URL to the ticket View Transaction Log The transaction log provides a history of the ticket related actions executed since the creation of the ticket View Parent Opens the current ticket s parent s ticket View Initiators View of list of the users who launched this ticket View Violations View the list of violations View Role This button is disabled because all the role s details already appear in this ticket View Consult Results This button appears only when the Consult service has been activated More information Add Comment see page 88 Add Attachment see page 90 View Transaction Log see page 91 View Parent see page 163 View Initiators see page 163 View Violations see page 286 View Consult Results see page 187 Chapter 11 Role Definition Tickets 289 Add New Role Ticket Tree Self Service Request New Role Parent Ticket The Self Service Request New Role Parent ticket is a management ticket generated by the Eurekify portal during the third stage of the Add New Role Approval Process While the Approval Root ticket controls the lifecycle of the whole tree the New Role Request Parent ticket controls the lifecycle of the approver ticket generated during the third stage of the Approval The ticket s type is the same
428. ve to create the master model configuration files later and then update the Universe with the correct field names More information Setting a Universe see page 326 Chapter 3 Getting Started 43 Step 2 Creating Import Connectors Step 2 Creating Import Connectors 44 Portal User Guide After you have defined the universe that you intend to audit you need to import the user and user privileges data from various end points This requires you to define import connectors Connectors allow you to import export for example Active Directory CSV RACF or SQL files into the ERCM using a pre defined converter thereby creating a communications link to the downloading uploading production server The connectors are defined as either import connectors or export connectors and utilize a specific pre defined converter see CA Eurekify Role amp Compliance Manager Sage DNA Data Management User Guide Import refers to downloading the system s true user resource and role when available configuration data Export refers to uploading the desired changes in user resource and role data generated following an audit You will need the following information when you create a new connector Name and location of the converter s Settings XML file see CA Eurekify Role amp Compliance Manager Sage DNA Data Management User Manual Name and location of the converter s Mapping XML file see CA Eurekify Role amp C
429. verned by several default property filters of the type tms escalate filter Info tickets To escalate a ticket 1 Click Escalate in the ticket s Ticket Properties Form The Find Escalate Users screen opens 2 Select a name from the list You can use the filter option to reduce the number of records listed in the table 3 Click OK The Executing bar appears The original ticket is archived and its status is set to Escalated A new ticket is generated The ticket appears in the target user s Ticket Queue More information Add Comment see page 88 Filtering a Data Table see page 24 Eurekify Properties see page 397 Advanced Info Ticket Functionality Info tickets have standard advanced functionality Ticket Properties Form Windows Internet Explorer 7 http localhost 8080 eurekify tms ui wicket bookmarkablePage com eurekify tms web template Default TicketPagesticketId 1982 1982 Owner Angel Ben DOMAIN Previous Owner Status pending Action 30 01 2009 16 36 41 Priority Low Severity Minimal State open Modified Date 15 02 2009 16 09 10 Date Created 30 01 2009 11 36 42 Title Request to add role Organization Operations Characteristic Role 100 0 Min 40 to user Organization Operations Characteristic Role Description The request to add role Organization Operations Characteristic Role 100 0 Min 40 to user Angel Ben 67283470 was rejected R
430. vice Entity Browser Reports Administration t AD1 EAdmin Person ID Name Rodney Sergio 75676560 Rodney Sergio 75676560 Organization Database Administrators Characteristic Role 100 0 Min 40 Davis Brett 75675330 Davis Brett 75675330 Title DB Developer Characteristic Role 50 Davis Brett 75675330 Davis Brett 75675330 Organization Database Administrators Characteristic Role 100 0 Min 40 Doll Charles 89653230 Doll Charles 89653230 Organization Database Administrators Characteristic Role 100 0 Min 40 Depending on the Self Service task the Request screen may contain additional information For example when generating a new role request the Requests screen will also include the Attribute data for the new role Enterprise Role and Compliance Manager Home Ticket Queue Dashboards Self Service Entity Browser Reports Administration Senior manager in charge of local IT 54672910 Organizational Role IT Security Branch Corporate Organization IT Security ID Name User Steiven Pat 45489940 Steiven Pat 45489940 User Fred John 86544420 Fred John 86544420 User Angel Ben 67283470 Angel Ben 67283470 Resource UGFIN1 TSSCREDIT TSS50 Top Secret on MVSCREDIT UGFIN1 TSSCREDIT TSS50 Top Secret on MVSCREDIT Resource UGFINMGR TSSCREDIT TSS50 Top Secret on MVSCREDIT UGFINMGR TSSCREDIT TSS50 Top Secret on MVSCREDIT Chapter 10 Running Self Service Tasks 253 Introducing the Requests T
431. w Statistic Provides the status of all the children tickets More information Add Comment see page 88 Add Attachment see page 90 View Transaction Log see page 91 View Children see page 164 View Statistics see page 172 Role Definition Main Request Parent Ticket Role Definition Main Request Parent Ticket Search The Main Request Parent ticket is a management ticket generated by the Eurekify portal for each Role Definition procedure All the individual tickets and sub trees that make up the Role Definition Approval Process ticket tree are located beneath this ticket The number of children tickets changes over the course of the Approval Process During the first stage there is usually only one child ticket as the Approval Process moves on and generates the entity Approver tickets the number of children will increase to include the number of discrete requests made during the original Role Definition request plus whatever individual tickets were generated along the way Admin View Refresh Customize ID Title 2259 E 2 Update Role Approval Root Request 2260 B 2 Update Role Organization Marketing_Dept g Role Approver Update Role Organization Marketing_Dept Request to add user to role association F a role Organization Marketing_Dept user 84847310 Request to remove user to role association role Organization Marketing_Dept user 77371120 Request to remove user to role association rol
432. ws Internet Explorer BAR http localhost 8080 eurekify tms uif wicket interFace 14 v Approval Root a Ticket Id 1158 Owner Eurekify Admin Previous Owner Status In Progress v Due Date 29 12 2008 18 46 29 Priority Low x Severity Minimal State Open v Modified Date 29 12 2008 13 59 02 Date Created 29 12 2008 13 46 29 Title User Review Approval Root Request Description Approval Root Request Request was submitted on Universe Portal from User Review lt lt Less Details onfiguration Name Model2_ConfigWithRoles vv Done LE internet 100 In this section you will find information specific to the Approval Root ticket type It is important to remember that Approval Process tickets are based on specific campaigns The following fields give you the basic information concerning the current Approval Process lt Ticket Title gt Approval Root Title Campaign Title Approval Root Request Description A description of the ticket It includes the details of the request Request submitted on Universe Universe name from Campaign Title This section covers the following topics m The Approval Root ticket s General functions The Approval Root ticket s Advanced functions More information Rejected Link Parent Ticket see page 173 The Ticket Properties Form see page 84 168 Portal User Guide Approval Process Root Ticket Approval Root Ticket General Functions The Approval Root
433. xml file and the mapping xml file for this converter For more information see the lt role gt Sage Data Management User Guide Import client name Description Universe Choose One M Settings XML file Mapping XML file Enrichment settings file Remote system login password Max duration time seconds Connector Java Class Choose One Workflow process name Choose One Ticket Type Choose One Priority SAGE Normal Severity SAGE Medium Import client name Provide a name for the import connector Description Provide a description of the import connector its use timing etc Universe Provide the name of the universe to be associated with this import connector The data obtained through this connector will be downloaded into the universe s master configuration files In the case of a first time download and there are no pre existing configuration files the import process will create the configuration files Setting Connectors Settings XML file Create this file in the Eurekify DM module It is usually located in the directory lt Eurekify Home Directory gt lt Converter Directory gt The installation provides a default defaultsettings xml file For more information see the CA Eurekify Role amp Compliance Manager Sage DNA Data Management User Guide Mapping XML file Create this file in the Eurekify DM module It is usually located in the directory lt Eurekify Sage
434. xternal lt type gt lt data gt SAGE_SERVICE_URL tms ui credential lt data gt lt checkPermission gt true lt checkPermission gt lt tag id DefaultTickets gt lt type gt external lt type gt lt label gt Open New Done Tickets lt label gt lt data gt SAGE_SERVICE_URL tms ui credential filter DEFAULT lt data gt lt checkPermission gt false lt checkPermission gt lt tag gt lt tag id NewTickets gt lt type gt external lt type gt lt label gt New Tickets lt label gt lt data gt SAGE_SERVICE_URL tms ui credential filter ST ATE _NEW lt data gt lt checkPermission gt false lt checkPermission gt lt tag gt lt tag id overDue gt lt type gt external lt type gt lt label gt Over Due lt label gt lt data gt SAGE_SERVICE_URL tms ui credential filters gt OVER_DUE lt data gt lt checkPermission gt false lt checkPermission gt lt tag gt lt tag id approverTickets gt lt type gt external lt type gt lt label gt Approver Tickets lt label gt lt data gt SAGE_SERVICE_URL tms ui credential filter gt APPROVER_TICKET lt data gt lt checkPermission gt false lt checkPermission gt lt tag gt lt tag id campaignTickets gt lt type gt external lt type gt lt label gt Campaign Tickets lt label gt lt data gt SAGE_SERVICE_URL tms ui credential filters gt CAMPAIGN_TICKETS lt data gt lt checkPermission gt false lt checkPermission gt lt tag gt lt tag id archivedTickets gt
435. y TMs oun SAVE 25 11 2008 SAVE 21 48 37 tsun pressed Ticket When you first open the Transaction Log page the table is empty and you can see a filter that you can use to select which transactions you want to view Enterprise Role and Compliance Manager Home Ticket Queue Dashboards Self Service Entity Browser Reports Administration Logout AD1 EAdmin Administration gt TxLog Page woso ID Date Source Owner Ticket SDatal SData2 SData3 SData4 SDataS SData6 SData7 SData8 No Records Found Chapter 13 Using Administration Functions 35 The Transaction Log lt Column gt Select the column that will determine which transactions will be viewed in the Transaction Log table You can filter the table contents based on the following options Source The subsystem where the transaction originated Owner Owner or ticket ID SDatal SData2 SData3 lt text box gt Enter any data that may appear in the selected column to further filter the transactions The text is case sensitive OK Updates the data presented in the transaction log table If no filter was supplied all the existing transactions are listed Delete All Deletes all the transactions saved by the Eurekify system Records per page Select the number of records that will appear in the table 352 Portal User Guide The Transaction Log The following table provides some information on possible sources of transaction logs c
436. y Rami Delete Link User Role Find Escalate Users Where Choose Field contains Where Choose Field Z contains Where Choose Field contains Showing 1 to 30 of 140 4412345 UserName Organization OrganizationType Email i Title Rodney Sergio Database Administrators Corporate 75676560 company com DB Developer Moris Bill System Management Corporate 47868650 company com Developer Rolen Dave Finance Corporate 98383770 company com Accountant Fred John System Management Corporate 86544420 company com Developer Deer Alex Fifth Ave Branch Branches 91238730 company com Branch Officer Clerk Goid Wiliam Human Resources Corporate 84847310 company com Psychologist Sharon Johnson Fifth Ave Branch Branches 89123470 company com Branch Officer Clerk Moos Steve Human Resources Corporate 87623450 company com HR Officer Rojer Dave Stamford Branch Branches 88490390 company com Branch Officer Clerk Steiven Pat System Management Corporate 45489940 company com Security Admin Manager P internet R10 The Find Escalate Users screen is divided into two sections The filter Located in the window s header The filter lets you narrow down the list of proposed approvers The proposed users This table presents a pre filtered list of users who can receive the escalated approval task s This list can be filtered to aid in finding a specific user The names listed in the proposed users list are go
437. y Role approvals configuration webservice retry count 3 approvals configuration webservice retry delay seconds 30 tms workflow retry delay seconds 120 reports baseUrl http localhost 8080 viewer frameset __report report 402 Portal User Guide tms delegate filter tms delegate filter Description Property Example Description Property Example Description Used for filtering the delegate option user list Comprises three options Default delegate filter tms delegate fliter tms delegate filter GFilter Organization owner Organization Ticket type filter tms delegate filter TicketType SAGE ChangeApprovalParentTicket tms delegate filter TicketType SAGE ChangeApprovalParentTicket GFilter Organization cookingdept Ticket name filter Property tms delegate filter LinkUser Role Example tms delegate filter LinkUser Role GFilter Email ssimhi eurekify com The name property if defined takes precedence over type which in turn takes precedence over the default delegate property tms escalate filter Description Property Example Description Property Example Description Property Example Used for filtering the escalate option user list Comprises three options Default escalate filter tms escalate filter tms escalate filter GFilter Organization owner Organization Ticket type filter tms escalate filter TicketType SAGE ChangeApprovalParentTicket tms escala
438. yet the Test Compliance utility will find that the suggested links are in violation of system BPRs The reason is that the Suggest Entity service is based on analytical pattern based technology while the Test Compliance utility examines the rules written by the system s administrators rules that may or may not override the findings of the analytical pattern based examination of the corporation s configuration files For example the system may find that under certain conditions a specific application role is recommended for a group of users and yet the Test Compliance utility will record this as a violation because the application is licensed and there are no free licenses available at this time More information Test Compliance see page 196 Suggesting Entities see page 198 Chapter 10 Running Self Service Tasks 195 General Self Service Functions Test Compliance During a Self Service provisioning task you can select to link users to roles and or resources In other screens you can assign users and resources to specific roles You also have the ability to remove links between various entities during Self Service tasks After making your selection s you can test the compliance of your selections with the existing BPRs security regulations and policies For further information on violations stemming from non compliance and other security issues see the CA Eurekify Role amp Compliance Manager Sage ERM DNA User Guide Viol
439. you have a menu bar without the Administration option and the Self Service menu is limited to viewing your personal roles and resources and to handling the resources under your purview The Ticket Queue allows access to Approver tickets that were allocated to you as a resource manager Access to all other items via the menu bar would depend on your assigned permissions Enterprise Role and Compliance Manager l eurekity Home Ticket Queue Dashboards Self Service Entity Browser Reports Logout DOMAIN Angel Ben One of the advantages the Eurekify Portal gives its corporate users is that even individual users with very limited permissions can still see tickets that are relevant to them For example a non manager whose roles or resource access has been changed can view tickets informing him her of these changes in his her personal Ticket Queue The following shows an example of a menu bar for a user with very limited permissions Enterprise Role and Compliance Manager Home Ticket Queue Logout DOMAIN Cooper_Amos More information About Security amp Permissions see page 369 Chapter 2 Using The Eurekify Portal Interface 39 Chapter 3 Getting Started This chapter describes the order of procedures to be carried out when running the Eurekify Portal on a system whose user role and resource data has not yet been downloaded by the CA Eurekify Role amp Compliance Manager system The step by step details for each step in the
440. ystem Management Corporate 52656727 Rodman Adam System Management Corporate 54672910 Cooper Amos IT Security Corporate 57644540 Alex Patrick Application Development Corporate 58723810 Miles Buyer Purchasing Corporate 64646410 Herman Barbara Operations Corporate 65656540 Pheonix William Application Development Corporate 67283470 Angel Ben System Management Corporate 67565330 Schwarts Barry Human Resources Corporate 67762440 Purple Mary Fifth Ave Branch Branches 74733340 Lu marry Peter Stamford Branch Branches 75464420 Cohen Steve System Management Corporate 75675330 Davis Brett Database Administrators Corporate 676560 Rodge Q e Adn S Q More information User Card see page 30 310 Portal User Guide Specific Entity browser Roles Browser Click on the Roles tab to open the Roles Browser The Entity Browser s Roles Browser shows role information for the selected configuration Note The highlighted column is predefined and cannot be customized You can click the highlighted Role Name in any record to open that role s Role Card Universe I M Configuration Modell_ConfigWithRoles X Users Roles Resources Showing 1 to 10 of 30 4 4123 gt Role Name lt Description Type Organization SAV Fifth Av Br Team Iterated Org Role Fifth Ave Branch Active Directory Domain Users Characteristic Role 100 0 Min 60 Applicative Role Company Active Directoty Branch Users Characteristic Role 44 4 M
Download Pdf Manuals
Related Search