CA Role & Compliance Manager Portal User Guide
Contents
1. tms delegate filter tms delegate filter Description Property Example Description Property Example Description Used for filtering the delegate option user list Comprises three options Default delegate filter tms delegate fliter tms delegate filter GFilter Organization owner Organization Ticket type filter tms delegate filter TicketType SAGE ChangeApprovalParentTicket tms delegate filter TicketType SAGE ChangeApprovalParentTicket GFilter Organization cookingdept Ticket name filter Property tms delegate filter LinkUser Role Example tms delegate filter LinkUser Role GFilter Email ssimhi eurekify com The name property if defined takes precedence over type which in turn takes precedence over the default delegate property tms escalate filter Description Property Example Description Property Example Description Property Example Used for filtering the escalate option user list Comprises three options Default escalate filter tms escalate filter tms escalate filter GFilter Organization owner Organization Ticket type filter tms escalate filter TicketType SAGE ChangeApprovalParentTicket tms escalate filter TicketType SAGE ChangeApprovalParentTicket GFilter Organiz ation cookingdept Ticket name filter tms escalate filter LinkUser Role tms escalate filter LinkUser Role GFilter Email ssimhi eurekify com Appendix A CA RCM Pr2. This ticket is the specific Self Service request manager ticket For each set of Approver tickets generated for a Self Service request and sent to the link s entity managers there is a parent ticket thus creating a sub tree for each rejected link For more information see Running Self Service Tasks see page 133 and Role Definition Tickets see page 173 The Approver tickets generated when a self serviced process requires approval from entity managers For more information see Running Self Service Tasks see page 133 The ticket generated when a self serviced process Approver wishes to consult another user regarding the specific request For more information see Running_ Self Service Tasks see page 133 A ticket generated when a specific task needs to be performed usually as part of a larger procedure For example defining a new role s manager accountable For more information see Role Definition Tickets see page 173 A task ticket that is generated for the purpose of passing information Chapter 6 Tickets and the Ticket Queue 57 Ticket Life Cycle Name Import Export ticket Error ticket Ticket State 58 Portal User Guide Ticket Type s Description Import Export A ticket generated when an import or export event runs For more information see Running a Connector see page 240 Error Ticket generated when system error occur For more information see Troubleshooting see pag
3. Home Ticket Queue v Dashboards y Self Service v Entity Browser Reports Administration v Ticket Queve Search Customize Refresh P vip Title State 1 w Status Children Type vReceived Owner 7 Previous Owner 248 Initial User Audit User Certification New Pending 9 Action Campaign 03 06 2009 Hill Gary 14 46 11 DOMAIN Hill_Gary Under the Children column the number 9 signifies that nine Approver tickets have been generated at this level in the reviewer tree for Gary and the eight managers immediately under him in the reviewer tree DOMAIN Hill_Gary Log Out 7 Previous Owner a Role amp Compliance Manager Home Ticket Queue v Dashboards y Self Service Entity Browser Reports Administration v Ticket Queue Search Customize Refresh xP EIR EST Sate Status Children Type Received Owner e Pe P Enaki Pending ion 03 06 2009 Hill Gary 248 B amp Initial User Audit User Certification Open Action 9 Campaign 14 46 11 DOMAIN Hill_Gary Campaign v diala igus Pe Pending 03 06 2009 Hill Gary 249 Ba User Certification Hill Gary Initial User Audit New Action 2 Manager 14 46 12 DOMAIN Hill_Gary pprover 251 User Certification Goodman Bruce Initial User N Pending 3 campaign 03 06 2009 Goodman Bruce Audit ee Action anager 44 46 12 DOMAIN Goodman_Bruce
4. Running a Campaign A Case Study Gary Hill is a corporate branch manager at the Silicon Valley branch Gary must audit the company s information systems and validate correct usage of access rights to information resources The corporate system administrator has installed the CA RCM server and client modules and has downloaded the corporate security data generating a set of CA RCM configuration files Gary wants to use CA RCM to review the access rights of all users Chapter 4 Showcasing the CA RCM Portal 37 Running a Campaign A Case Study Defining a New User Campaign Following the instructions for Adding Campaigns see page 219 Gary defines the following campaign a Role amp Compliance Manager DOMAIN Hill_Gary Log Out Home Ticket Queue Dashboards Self Service y Entity Browser Reports Administration v Administration gt Add Campaign Add Campaign Campaign Name initial User Audit Owner DOMAIN Hill_Gary Date Created 03 06 2009 s Description First User Audit Campaign a B e Due Date fiovo6 2009 S e Universe Current Universe z e Configuration rmodel_w_emails z Audit Card model_w_emailsAudit3 lt Privileges to Certify V Direct S Dual Campaign Type UserCertification z F Indirect Use links All Only from audit card Only not in audit card Permissions IZ Automatically provision campaign permissions V Don t wait for ticket proce
5. Approval Process Root Ticket View Entity The purpose of the Approval Process is to review the rejected links recorded during the original campaign run This task is performed by the various entity managers An important aid to this is the ability to view the link s entity cards during the approval process View Entity opens the entity s card in a separate browser window The Approval Process tickets that provide this option Rejected Link Parent and Approver tickets provide two action buttons one for each side of the link Therefore if the rejected link being reviewed is a user role link the advanced function buttons will be View User and View Role Click View User View Resource View Role to see the entity s card in a separate browser window More information The Entity Card see page 22 Approval Process Root Ticket The Approval Root ticket is the root ticket that appears in the Ticket Queue belonging to the manager administrator who started the Approval Process When expanded you can see a set of sub trees one for each rejected link that has to be reviewed The number of sub trees for any Approval Process Root ticket is listed in the Ticket Queue s Children column Each sub tree consists of a Rejected Link Parent ticket and two Approver tickets one for each of the entities that make up the rejected link that is being reviewed Note Under some circumstances only a single ticket is located below a Rejected Link Pa
6. Chapter 9 Approval Process Tickets This chapter is designed for managers who can run post campaign Approval Processes and for entity managers who may receive Approver tickets as part of the approval process Note As the post campaign Approval Process is always started by the current campaign owner the owner of the Approval Process tree s root ticket will be designated in this chapter as the campaign owner even if the current owner of the ticket is actually someone who received the ticket during the Approval Process as a result of an escalation or delegation operation Following a campaign your next task is to review all the rejections that were generated in the course of the campaign As you know the campaign itself is a straightforward review of the current links present within the campaign s selected universe and configuration from a specific entity s point of view As such during a campaign you can approve or reject a link but the final decision regarding rejected links is postponed The Approval Process sends every rejected link to the managers of the involved entities both sides of the link allowing them the final say as to whether to reject the link or not This means that during the approval process Tickets will be sent to both the user manager and the role manager of each rejected user role link Tickets will be sent to both the user manager and resource manager for each rejected user resource link Ticket
7. Critical Severity Set the severity level The available options are Minimal Medium Serious Urgent Critical To create a new Import Connector 1 2 3 4 5 In the Connector pane click Create New Enter the name of the new Import Connector Provide a clear and concise Description of the import connector Select the Universe from the drop down list Enter the name and location of the Settings XML File You have to provide the full path and file name You can locate the file using your systems file browser and copy the name and path from the Address bar and paste it in the text box Enter the name and path of the Mapping XML File You have to provide the full path and file name You can locate the file using your systems file browser and copy the name and path from the Address bar and paste it in the text box Chapter 15 Using Administration Functions 237 Setting Connectors 7 Optional Provide the name and path of the Enrichment Settings file 8 Enter the Remote system login password for accessing the endpoint 9 Provide an upper estimate in seconds for the Max duration time 10 Select the appropriate converter s Connector Java Class 11 Select the default Workflow process name 12 Select the default import Ticket Type 13 Select the Priority 14 Select the Severity When the new import connector is created it appears in the Connector Settings Import table More information Tickets and t
8. Optional Click Add to add additional constraints Repeat step 2 to step 4 as necessary Click OK S Oe ae dS The constructed rule appears in the Rule text box in the Request New Role Definition screen Chapter 11 Running Self Service Tasks 167 Defining a New Role Definitions for Role Name New Role Name 168 Portal User Guide Now that you have requested a new role you can start assigning users and resources to the newly constructed role Roles can be linked to users resources and to other roles in a hierarchal relationship as either a parent role or a child role The Definitions for Role Name New Role Name screen provides you with a fast and easy way to select which links your new role will have When you have completed your selections you can test those selections for violations If you are satisfied with the results click Submit located below the entity tables to generate a request for a new role definition The request can be checked by you and if you have no corrections to make click Submit below the request table and generate the approval process tickets necessary to confirm the role definitions that you have created Note The users marked with a green dot next to their name in the Users table are users that are accountable to you RACI This screen is divided into three sections m Resources m Users m Role Hierarchy which can expand into two sections Parent Roles Children Roles Role hiera
9. The Violations screen opens in a separate browser window Click to close the Violations window Click Submit The Requests screen opens More information Approval Process Tickets see page 103 Customizing a Data Table see page 19 Setting the Number of Records Per Page see page 20 Filtering a Data Table see page 20 Test Compliance see page 135 Suggesting Entities see page 137 Introducing the Requests Table see page 171 Chapter 11 Running Self Service Tasks 163 Defining a New Role Defining a New Role Request New Role 164 Portal User Guide The term roles as used by the CA RCM is flexible and versatile allowing it on one hand to answer the need to define roles that comprise a class of access privileges and on the other hand answer the need to define roles that represent organizational structures within a business context For example a role can represent access to a specific type of software or a role can represent a hierarchal business structure component such as Manager Privileges Using the CA RCM to build and maintain a corporate role model requires the flexibility to approach this issue from two points of view The first is by planning the corporate roles and defining them accordingly based on the organizational structure and other human resources related attributes The second is by mining existing corporate security and privileges information and structuring
10. Chapter 2 Using The CA RCM Portal Interface 21 User Interface The Entity Card 22 Portal User Guide You will come across entity lists in table format while using the CA RCM Portal In most of these tables one or more column s have active links allowing you to view further information concerning a specific entity user role or resource For example when running the Self Service option Manage my Team s Role Assignments you can view a Users table The content in the column showing the Person ID user s ID is highlighted When you click on any specific Person ID the specific user s card opens in a separate browser window The entity s card contains all the relevant information present within the selected Universe and includes lists of links in table format to the other entities For example in a User card you have a Roles table and a Resources table You can also access the cards belonging to linked entities by clicking on the relevant highlighted content from within a specific entity card These following options are available for all entity cards Customize Allows you to customize this table Filter Open a filter screen which you can use to filter the table contents Records per page Select the number of records that will appear in the table Highlighted content in the entity card By clicking on specific content in the active column usually this is the first column the one that contains the user name reso
11. Important Remember that when selecting multiple users all role related choices apply equally to all the users If at any point you alter the selected users click Get Roles again To link roles to selected users 1 In the Manage My Team s Roles screen scroll down to the Other Roles table Optional Click Find Roles to access the Select Role filter screen 2 3 Optional Click Suggest Roles to see the CA RCM Portal s recommendations 4 Select one or more roles to link to the chosen users 5 Optional Click Test Compliance to review your selections and check for possible violations The Violations screen opens in a separate browser window 6 Click X to close the Violations window 7 Click Submit The Requests screen opens More information Approval Process Tickets see page 103 Filtering a Data Table see page 20 Setting the Number of Records Per Page see page 20 Customizing a Data Table see page 19 Test Compliance see page 135 Suggesting Entities see page 137 Introducing the Requests Table see page 171 146 Portal User Guide Manage My Role Assignments Manage My Role Assignments As a user you may find it necessary to request an update to your roles because of corporate changes personnel changes or following an audit process The Manage My Role Assignment screen allows you to manage your roles by generating a request to add new roles or by deleting existing roles The rol
12. Manage My Team s Resources 156 Portal User Guide In the case of multiple user selection you can m Click the Remove check box next to a resource thereby severing the link between the users and the selected resource m Click the Add check box next to a resource to which only some of the selected users were enrolled thereby linking all the chosen users to the selected resource The Currently Enrolled Resources table provides the following options Add A column of check boxes one per resource Select one or more The check boxes next to resources that are already linked to all selected users will be disabled Remove A column of check boxes one per resource Check one or more to remove the link between the selected users and the selected resources Enrollment This column appears only when selecting multiple users Shows numerically of users enrolled total of users selected for example 2 3 means that two of the three selected users are enrolled to this resource This column also provides the value as a percentage For example 1 3 33 Resource Name Click any highlighted resource name listed in this column to open its Resource Card Depending on the type of action you wish to take you may find that after selecting the appropriate check boxes in this section you have completed the task In this case you can ignore the Other Resources and submit your requests by clicking Submit at the bottom of the Manage My Team
13. This section allows you to enroll in additional roles of your choice The actual enrollment will take place following a review process In addition to managing the roles that you are currently linked to you can also request that the system provide you with a list of recommended roles for yourself This list of roles will be displayed in the section Other Roles The Other Roles section provides the following options Add A column of check boxes one per role Select one or more Role Name Click any highlighted role name listed in this column to open its Role Card Customize Allows you to determine the columns that will appear in the Other Roles table Records per page Select the number of records that will appear in the Other Roles table per page Find Roles Opens the Select Role filter screen to assist you in locating specific roles Test Compliance Checks whether the selections made in the Other Roles table comply with existing policies and BPRs Business Practice Rules Suggest Roles Provides a list of possible roles based on the CA RCM pattern recognition technology Manage My Role Assignments This table presents you with several options R You can manually select one or more roles to which you wish to enroll R You can use the Find Roles filter option to find specific roles and then make a selection from the filtered list of roles m You can click Suggest Roles and use the information provided by this feature to fi
14. User Campaign CMA Main entity table Users Link tables Roles and Resources Role Campaign CMA Main entity table Roles Link tables Users Resources Child Roles and Parent Roles Resource Campaign CMA Main entity table Resources Link tables Users and Roles Note Only the ticket owner can approve or reject a link The campaign owner can reassign a specific link within a Campaign Approver ticket to another approver Chapter 8 Campaign Approver Tickets 95 Auditing Links 96 Portal User Guide Three columns in entity table contain check boxes with icons in the column header Sometimes a fourth icon appears in a row The icons associated with the entity tables are as follows Icon Description Expands the nested links tree showing the entities linked to the original entity For example in a user certification campaign Approver ticket each user is linked to roles and resources Clicking on the will reveal the linked Roles and Resources in separate tables Additional information A The Approve checkbox column Click this checkbox to approve a link x The Reject checkbox column Click this checkbox to reject a link gt The Reassign checkbox column Click this checkbox to reassign a link Collapses the link tree Click to expand the entity tree and see all the entity tables for the entities linked to this entity Click E to collapse the entity tree The main Entity Table columns are predetermined They d
15. aproo1 apr002 apr003 apr004 apr005 apr006 apr007 arp001 arp002 arp003 Description input is shorter than the minimum of minimum characters input is longer than the maximum of maximum characters input is not exactly exact characters long input is not between minimum and maximum input is less than the minimum of minimum input is larger than the maximum of maximum input does not match pattern pattern input is not a valid email address the credit card number is invalid input is not a valid url inputO from labelO and input1 from label1 must be equal labelO and label1 must be equal user has 0 roles user has 0 resources role has 0 users role has 0 children role has 0 resources resource has 0 users resource has 0 roles please select at least one option for byfield field please select a configuration please select a campaign Field byfield required errcode auditcard required errcode sort required errcode campaignfilteroption required errcode campaign sendreminder error errcode campaign text campagin errors found errcode campaign error nouniversesavilable errcode campaign error missingcampaigndescription err code campaign error missingenddate errcode campaign error duedatemustbeinthefuture errc ode campaign error configurationmustbeselected err code
16. campaign error racinotavailablefor errcode campaign error campaignalreadyexists errcode campaign error noaccess errcode settings strings ie errors missingname errcode settings strings ie errors missingdescription err code settings strings ie errors namealreadyexist errc ode settings strings ie errors missinguniverse errco de settings strings ie errors missingsettings errcod e settings strings ie errors missingmapping errco de settings strings ie errors missingenrichment err code Code arp004 arp005 arp006 arp007 cmp001 cmp002 cmp003 cmp004 cmp005 cmp006 cmp007 cmp008 cmp009 cmp010 cst001 cst002 cst003 cst004 cst005 cst006 cst007 Error Messages Description please select the by field parameter please select audit card please select sorting method please choose filtering type send reminders was aborted mail event is not active update mailing parameter tms configuration mail events in eurekify properties errors found no universes available missing campaign description missing end date due date must be in the future configuration must be selected raci not available for 0 campaign 0 already exists user 0 has no access to campaign 1 missing name field missing description field duplicate name name already in use missing universe field was unable to find the settings xml file 0 was unable to find the mappings xml f
17. 1 failed request to delete role 1 from user Chapter 17 Troubleshooting 269 Error Messages Field on title errcode changeapproval child add user resource info titl e rejected errcode changeapproval child add user resource info titl e failed errcode changeapproval child add user resource info description rejected errcode changeapproval child add user resource info description failed errcode changeapproval child remove user resource info title rejected errcode changeapproval child remove user resource info title failed errcode changeapproval child remove user resource info description rejected errcode changeapproval child remove user resource info description failed errcode changeapproval child remove user resource notification title errcode changeapproval child remove user resource notification description errcode changeapproval child add role role info title reje cted errcode changeapproval child add role role info title fail ed errcode changeapproval child add role role info descripti on rejected errcode changeapproval child add role role info descripti on failed errcode changeapproval child add role role notification t 270 Portal User Guide Code tkt005 tkt006 tkt007 tkt008 tkt009 tkt010 tktO11 tkt012 tkt013 tkt014 tktO15 tkt016 tkt017 tkt018 tkt019 Description 0 is already in process request to add resource 1 to us
18. Clean up Cleans up the job s temp files prior to terminating the job More information The Ticket Properties Form see page 65 Delegating an Info Ticket see page 72 Escalating an Info Ticket see page 73 242 Portal User Guide Job Scheduling Job Scheduling The Job Scheduling function enables you to set up automatic and repeated import export instances As each connector is assigned to a universe the data will be imported into uploaded from the CA RCM configuration files designated by the universe An appropriate ticket is sent to the administrator s Ticket Queue when the job is completed The screen is divided into two sections Job Scheduling Enter the relevant data in the fields in this section to create a new import export event Jobs A table listing all the recorded jobs and their description Scheduling a New Job To schedule a new import export event job you have to provide the following information Job Name Provide a concise and meaningful name Connector Choose one from the drop down list The type of job depends on the type of connector import export The target CA RCM configuration files depend on the connector s universe Start Date Provide the date on which the job will begin HH The hour of the day 1 24 when the job will commence MM The minute 1 60 when the job will commence Repeat Hours When the job will be repeated The time period is specified in hours Add Job Click t
19. Important Do not click the column label unless you want to reassign all the links to one single user If the reassignment process generates a new ticket i e the target user did not have an Approver ticket as part of the current campaign it is called a Campaign Reassigned Approver ticket and the reassignment details will be posted above the Approver Progress bar in the target Approver s new ticket Chapter 8 Campaign Approver Tickets 99 Auditing Links To reassign a user link 1 In the Ticket Properties Form click next to the user you wish to audit The associated Roles and Resources tables appear Select the check box in the reassign column next to the user s role s and or resource s you want to reassign Note If you select more than one role resource they will all be reassigned to the same Approver Click Save and Reassign The Find Reassign Users screen opens in a separate browser window Optional Click Select to filter the table Select a user from the list Click OK The selected links have been reassigned and the relative progress made is reported on the Approver Progress bar You see the icon gt next to the reassigned link in the entity table Note Replace user in the above procedure with either resource or role for instructions on how to reassign Role links or Resource links More information Filtering a Data Table see page 20 CA RCM Properties see page 277
20. Service Added Columns Suggest Users The Enrolled column In a Provisioning task screen click a highlighted link in the Details column and further information about the users and how they match the specific role resource appears in a separate browser window Click in the upper right hand corner to close the window The Enrolled column which appears in Role Definition task screens provides the number of selected users resources linked to this resource user Chapter 11 Running Self Service Tasks 139 Manage My Team s Role Assignments Manage My Team s Role Assignments 140 Portal User Guide For the purposes of the CA RCM Portal your team is essentially the users that you were assigned to manage As a team manager you may find it necessary to update role assignments because of corporate changes personnel changes or following an audit process The Manage My Team s Roles MMT Role screen allows you to manage your team s roles by generating a request to enroll your team in one or more roles or by generating a request to enroll a specific user in one or more roles or by severing the link between selected users and their current roles The role management utility allows you to manually select a specific target role but it also provides you with a list of suggested roles and their pattern based behavior thus giving you the information necessary to make an informed choice The screen is divided into four sections General Pr
21. The menu bar provides three functions Search Customize m Refresh Users that were linked to the CA RCM Admin Role have an additional option m User View Admin View The tickets are displayed in table format The table is fully customizable and you can use the Customize function to select the columns fields that will appear in the tables and their order The default structure of the Ticket Queue table contains the following columns Field Description gt Marks an overdue ticket Ticket ID Each ticket has a distinct ticket ID number Title The ticket title State The ticket s state Status The ticket s status Children The meaning of this number depends on the ticket type For campaign owner tickets this provides the number of Approvers assigned to a specific campaign For Approver tickets this provides the number of entities listed in the ticket whose links need to be reviewed Type Provides the ticket type Received Provides the date and time when the ticket was received Owner The owner of the specific ticket The functionality of the ticket changes according to who is viewing the Chapter 6 Tickets and the Ticket Queue 61 Ticket Tables Field Previous Owner Description ticket Only the owner will have access to all the functions available for the specific ticket type During campaigns or approval processes tickets may be delegated escalated to other managers If a ticket was sent to
22. Add Attachment Add an attachment or URL to the ticket View Transaction Log The transaction log provides a history of the ticket related actions executed since the creation of the ticket View Parent Opens the current ticket s parent s ticket View Initiators View of list of the users who launched this ticket More information Add Comment see page 68 Add Attachment see page 69 View Transaction Log see page 69 View Parent see page 111 View Initiators see page 111 Chapter 7 Running Campaign owner Tickets Campaigns utilize CA RCM auditing tools to run a certification and attestation process A campaign generates tickets for the designated approvers in the enterprise so that they can certify that the granted privileges comply with the business and regulatory needs and are not over allocated Campaigns are used not only in the cleansing phase but for periodic certification as required by law and various regulatory bodies Two types of tickets are generated for a campaign Campaign owner tickets Campaign Approver tickets When a campaign is first created a campaign ticket is generated This is the campaign owner ticket This ticket appears in the campaign owner s Ticket Queue The campaign owner ticket is structured as a tree where the top level that is the root ticket is the owner s ticket and the branches leaves are the approvers tickets The Children column when visible in the campaign s
23. Adding Comments to Links The Approver ticket s Entity Link table provides you with the option to add comments next to specific links You can add comments next to the main entity collapsed table or next to a specific link in the expanded entity table To add a comment to a link x Go to the record where you want to add the comment Click IF in the selected row in the Comment column A free style text box opens Enter the free style text of your choice Click the column label Comment at the top of the Entity Table The comment is added to the Entity Table 100 Portal User Guide General CMA Ticket Functions More information Add Comment see page 68 General CMA Ticket Functions Hide Selected The Campaign Manager Approver ticket provides the following functions Close Closes the ticket Save Saves the changes made to the ticket Save and Reassign Provides the option to reassign a link and save the change Hide Selected Hides the entities whose links have already been reviewed When active the Show all button appears Show All Reveals all the hidden links More information Reassigning a Link see page 98 Hide Selected see page 101 This feature hides the entities that have already been examined This function will only hide those entities whose entire list of links has been reviewed As any manager can have many entities that need to be reviewed this option makes it easier to see which ent
24. Approver we gs wi Campaign S User Certification Cooper Amos Initial User Pending 03 06 2009 Cooper Amos 255 Audit New Action 19 Manager 14 46 12 DOMAIN Cooper_Amaos Approver 275 User Certification Herman Barbara Initial User New Pending 18 Campaign 03 06 2009 Herman Barbara Audit Action A 9 14 46 12 DOMAIN Herman_Barbara pprover A Campaign tB abt lt Pe P Pending 03 06 2009 Katz Nancy 294 B User Certification Katz Nancy Initial User Audit New Action Manager 14 46 12 DOMAIN Katz_Nancy Approver Campaign ain v a Pending 03 06 2009 Levi Jay 299 B User Certification Levi Jay Initial User Audit New Action 7 Manager 14 46 12 DOMAIN Levi_Jay Approver 307 User Certification Allen Sherman Initial User New Pending 2 Campaign 03 06 2009 Allen Sherman Audit Action A 9 14 46 12 DOMAIN Sherman_Allen pprover 310 User Certification Schwarts Barry Initial User N Pending 5 campaign 03 06 2009 Schwarts Barry Audit md Action anager 14 46 12 DOMAIN Schwarts_Barry Approver P 9 ae Campaign f User Certification Purple Mary Initial User Pending 03 06 2009 Purple Mary 316 Audit New Action 10 rae 14 46 12 DOMAIN Purple_Mary The RACI Responsible Accountable Consulted Informed information for the selected universe is used to set up the campaign s reviewer tree Chapter 4 Showcasing the CA RCM Portal 39 Running a Campaign A Case Study Reassigning Links to Another Approver Reviewing the campai
25. Chapter 13 Entity Browser 207 Specific Entity browser To obtain a specific list of entities 1 Click Entity Browser on the menu bar to open the search screen 2 Select a Universe from the drop down list 3 Select a Configuration from the drop down list The Loading bar is visible until the search results appear More information Entity Card and Data Table Tabs see page 21 Setting the Number of Records Per Page see page 20 Customizing a Data Table see page 19 Filtering a Data Table see page 20 Specific Entity browser 208 Portal User Guide Once you have selected the configuration from which to obtain the entity data the Entity Browser presents the information under three tabs m User browser m Role Browser m Resource Browser The active browser is highlighted and the table contents can be manipulated Each specific entity browser table can be manipulated independently of the two other entity browser tables For example you can set the number of Records per page for the User browser to 50 and this will not change the number of records per page viewed in the Role browser More information Users Browser see page 209 Roles Browser see page 209 Resource Browser see page 209 Data Table Features see page 19 Users Browser Roles Browser Resource Browser Specific Entity browser The Entity Browser opens by default in the Users tab The Entity Browser s Users Browser shows u
26. Close Closes the ticket Save Saves the changes made to the ticket Delegate Transfers the ticket tree to another manager Escalate Transfers the ticket tree to another manager Select Accountable Provides the new role s accountable After an accountable is selected the Continue button is enabled Continue This button is disabled until an Accountable is selected Click to continue to stage 2 of the Add New Role Approval Process More information Delegate see page 108 Escalate see page 106 Select Accountable Function see page 188 Chapter 12 Role Definition Tickets 189 Add New Role Ticket Tree Select Accountable Ticket Advanced Functions 190 Portal User Guide The Select Accountable Task ticket for the Self Service Request Add New Role task provides the following Advanced functionality Add Comment Manually add a comment to the ticket Add Attachment Add an attachment or URL to the ticket View Transaction Log The transaction log provides a history of the ticket related actions executed since the creation of the ticket View Parent Opens the current ticket s parent s ticket View Initiators View of list of the users who launched this ticket View Role Opens the Role s card As in this case the review is limited to the role you cannot access the users cards View Violations View the list of violations More information Add Comment see page 68 Add Attachment see page 69 View
27. Permissions 263 Permissions Portal Structure XML The Portal structure the menus and sub menus is governed by an XML file portal structure xml A copy of the full xml document can be seen in Appendix C Portal Structure XML These instructions determine the CA RCM Portal s menu structure More information Portal Structure XML see page 283 264 Portal User Guide Chapter 17 Troubleshooting This chapter provides a list of the CA RCM Portal Error Messages This section contains the following topics Error Messages see page 265 Duplicating a Configuration see page 275 Error Messages CA RCM contains a system of messages that is intended to provide an alert when an activity cannot be completed as defined or if further information is needed to complete the activity The following table displays typical messages and the type of action to perform Field Code Description settings raci create missingmanagers errcode admoo1 It is recommended that all universe manager fields be filled before creating raci so that accountable links can be automatically added settings raci create alreadyexist errcode adm002 raci configurations already exist for 0 settings raci create fail errcode adm003 failed to create raci configurations for 0 required errcode appooi field label is required iconverter errcode app002 input is not a valid type numbervalidator range errcode app003 input is not betw
28. The CA RCM Resource ID is the rank of the resource in the resources database file with the first number being O The third set of lines in this section identifies roles if existing one line per role in the following format Role lt CA RCM Role ID gt lt Role Name gt lt Description gt lt Organization gt lt Owner gt CA RCM provides automatic serial numbering of roles If a configuration is created from an EUA and roles are being imported the Role Engineer can choose a specific numbering scheme as long as the numbers are unique and the Role Name is unique This section consists of the following types of line formats User Resource Permission User Res lt CA RCM Sage User ID gt lt CA RCM Sage Resource ID gt User Role Permission User Role lt CA RCM Sage User ID gt lt CA RCM Sage Role ID gt Role Resource Permission Role Res lt CA RCM Sage Role ID gt lt CA RCM Sage Resource ID gt Role Hierarchy Permission Role Role lt CA RCM Sage Role ID of parent role gt lt CA RCM Sage Role ID of child role gt Appendix C CA RCM Configuration Data Formats 295 Glossary Approved Audit Card An Audit Card where all the listed violations have been approved It can be used during an audit to prevent repeated notices of violations that have already received approval Audit Card A file with the extension aud It is generated by the DNA It contains a list of violations or out of pattern situations Each entr
29. There are three possibilities User A campaign in which the approvers certify the entitlements of the user under their management The certification is with regard to the user s roles and resources Improper entitlements can be rejected Role A campaign in which the approvers certify the connection of the roles under their management The certification is with regard to the role s linked users and resources The certification also examines role to role hierarchal links Improper entitlements can be rejected Resource A campaign in which the approvers certify the connection of the resources under their management The certification is with regard to the resource s linked users and roles Improper entitlements can be rejected Privileges to Certify Select one or more from the following possibilities Direct Certify only direct links between entities Dual Certify dual links see Glossary for further information Indirect Certify indirect links for example hierarchal links see Glossary for further information Indirect links cannot be rejected during a campaign 222 Portal User Guide Adding Campaigns Only use links from audit card Optional Select to enable this option Sets the campaign to display only users and their links who have violations listed in the Audit Card Only use links not in audit card Optional Select to enable this option Sets the campaign to display only users and their links which do n
30. Ticket Description Approval Root ticket This ticket is identical to other Approval Process Approval Root tickets For more information see Self Service Approval Root Ticket see page 177 2 Self Service Main Request Parent An Add Role parent ticket sent to the Self Service Ticket task manager For more information see Role Definition Main Request Parent Ticket see page 182 Chapter 12 Role Definition Tickets 185 Add New Role Ticket Tree Select Accountable A Task ticket sent to the Self Service task manager For more information see Select Accountable Ticket Add New Role see page 187 After the Self Service task manager has selected a person who will be accountable for this role stage 1 stage 2 begins and a new ticket is generated Stage 2 Ticket Approval Root ticket 2 Self Service Main Request Parent Ticket Select Accountable Approver Ticket Description Same ticket Same ticket This Task ticket has been completed and is currently archived The Role Approver ticket This is an Add Role approver ticket It is sent to the Role manager It contains all the requests to add a link between the new role and other entities For more information see Role Approver Ticket Add Role see page 192 Note If the role manager rejects the request submitted in the Role Approver ticket the Approval Process ends and the relevant emails and info tickets are generated After the Role man
31. Ticket Management Granting privileges approval processes and certification campaigns are tracked via tickets Tickets are issued when a campaign is generated and also during the approval processes associated with the campaign The user s Ticket Queue acts as a ticket inbox where the various tickets including campaign tickets notification tickets related to approval processes whether campaign related or following self service requests or other tickets generated by the system can be viewed and managed 14 Portal User Guide Typical Processes Running Campaigns Campaigns utilize CA RCM s basic auditing tools to run an enterprise certification and attestation process by designated approvers The purpose of the campaign is to certify that granted privileges comply with the business and regulatory needs and that they are not over allocated This process is supported by the CA RCM Audit Card facility which allows the presentation of out of pattern and non compliance information to the approver The campaign administrator can apply pattern recognition tools and policy enforcement rules to analyze a configuration and run a comprehensive audit The output of an audit is the Audit Card which contains a list of all suspicious records and the type of suspicion involved currently about 50 different types Part of the cleansing process and an important step before starting the role engineering process is for business managers Approvers
32. V3 2 Software Converters ITIM46 ITIMConvert sage v32 connecters IBMImportJarName importFromITIMClient jar sage v32 connecters IBMExportJarName exportTolTIMClient jar sage v32 connecters IBMJavaExecutable c javai 4 java exe sage v32 connecters CAConnectorHomeDir C Program Files CA RCM CA RCM Sage Client Tools V3 2 Software Converters CA CAConvert sage v32 connecters CAlmportJarName importFromCA jar sage v32 connecters CAExportJarName exportToCA jar debug log gui std sage batch debugMode log sage sageBaseUn http localhost 8080 eurekify tms sessionTimeoutAlert 1200000 tms test user tms debug false tms defaultDueDateDelay 10 tms configuration realpath tms findUsersPage rowsPerPage 30 tms findUsersPage containsPrefix tms ticketQueue rowsPerPage 20 tms ticketQueue maxChildren 20 tms ticketQueue maxTitleLength 100 tms distinctMaxValues 100 tms attachment uploadSize 5000 tms attachment uploadFolder c Temp tms userColumns UserName Organization Organization Type Email Location Title tms page customizeFields fields overDue id title state status childrenCount typeName creationDate owner previou seOwner tms configuration xml tickettypes info Ticket errTicket consultTicket demoTicket bugTicket tms Test Ticket campaig n certificationTicket tms configuration xml commands approvalCommands tmsCommands tms configuration xml properties tmsProperties approvalProperties tms variables testvar1 Zodiac testvar2 Alph tm
33. descriptive This information will appear in the Description field of the ensuing Self Service Approval Root ticket Business Process General information descriptive This information will appear in the Description field of the ensuing Self Service Approval Root ticket Description Provide a concise and meaningful description of the changes you intend to make to your roles Submit Click to submit your request for changes To enter the data in the Manage My Roles General section 1 Select a Universe from the drop down list The Currently Enrolled Roles table and the Other Roles table will show roles belonging to the selected Universe s configuration 2 Enter the Business Area for the current action Enter the Business Process associated with the current action 4 Enter a Description Note If the actions you want to take do not involve your currently enrolled roles you can skip the Currently Enrolled Roles table and skip to the Other Roles table If you do not wish to manage the currently enrolled roles add roles to the selected users More information Currently Enrolled Roles Table Manage My Role Screen see page 149 Other Roles Table Manage My Role Screen see page 150 148 Portal User Guide Manage My Role Assignments Currently Enrolled Roles Table Manage My Role Screen This section lets you manage your current roles enrollment When you selected the Universe the CA RCM Portal provided
34. m role role hierarchy Step 1 Creating a Universe Step 1 Creating a Universe A universe is a virtual location that encompasses the data collected from the enterprise security and or identity management system s This data is stored in the CA RCM configuration files A universe consists of a specific pair of master model configurations enabling tracking of differences between the real world configuration downloaded from the system master and the desired configuration generated following a campaign model To create a Universe you need the following information Master configuration file name and path Model configuration file name and path Approved Audit Card optional Audit Settings file name and path recommended Names of the fields in the configuration files that contain the following information login email user manager role manager and resource manager Note You can provide names of configuration files that do not yet exist In this case you will not have the field names and you will have to create the master model configuration files later and then update the Universe with the correct field names More information Setting a Universe see page 228 Chapter 3 Getting Started 33 Step 2 Creating Import Connectors Step 2 Creating Import Connectors After you have defined the universe that you intend to audit you need to import the user and user privileges data from various end p
35. or roles and their links to other entities These reports let managers review in detail the privileges assigned to users or resources under their responsibility Privileges Quality Management graphical presentations of the most common significant pattern based analytical metrics of the configuration similar to those used during the audit phase of role management These reports give a quick visual indication of how well the current role hierarchy matches usage patterns and what proportion of users have suspect patterns of access Role Management reports used to analyze the role hierarchy and perform before after and what if comparisons of different configurations Policy Management reports used to verify use of business policy rules BPRs Campaigns reports used to track the progress of certification campaigns and summarize changes made during a campaign Parameters and Filters for Report Generation Parameters and Filters for Report Generation To generate a report you must specify the configuration file or universe on which to base the report You may have to specify other parameters for some reports You can also specify parameters that filter the report contents This allows you to limit the report to specific data sets based on user account attributes geographic location network structure or organization business unit Additional parameters let you control the sorting of records in some reports or set statistical
36. tag gt lt tag id CommonPropertiesSettings gt lt type gt internal lt type gt lt label gt Common Properties Settings lt label gt lt data gt com eurekify web properties CommonPropertiesPage lt data gt lt checkPermission gt true lt checkPermission gt lt tag gt 290 Portal User Guide lt tag id AuditPropertiesSettings gt lt type gt internal lt type gt lt label gt Audit Properties Settings lt label gt lt data gt com eurekify web properties AuditPropertiesPage lt data gt lt checkPermission gt true lt checkPermission gt lt tag gt lt tag gt lt tag id SageMaster gt lt type gt internal lt type gt lt label gt Eurekfiy Configuration Settings lt label gt lt checkPermission gt false lt checkPermission gt lt tag id UpdateSagemaster gt lt type gt internal lt type gt lt label gt Update Eurekfiy configuration with universe users lt label gt lt data gt com eurekify web sageMaster UpdateSageMasterPage lt data gt lt checkPermission gt true lt checkPermission gt lt tag gt lt tag gt lt tag id Checkup gt lt type gt internal lt type gt lt label gt System Checkup lt label gt lt checkPermission gt false lt checkPermission gt lt tag id MailCheckup gt lt type gt internal lt type gt lt label gt SMTP Checkup lt label gt lt data gt com eurekify web checkup CheckupPage lt data gt lt checkPermission gt true lt checkPermission gt lt tag gt
37. Campaign Management Functions e e e K e K Ke KeK Running the Campaign e ce ene nnee n eee e eee t ete eee e teenies View Campaign Progress i 0csiessiescdsavidavhswsheowdeeeddawd saw a E E E ESE Send REMInder ss ora swede wea A ace EEE ee wd a ee a E RRR SS Campaign Ticket Advanced Functions R ritsari cece EE EEE EEEE ASSA 6 Portal User Guide 49 50 51 52 53 55 56 58 59 60 61 62 65 65 67 67 70 70 71 72 73 74 VIEW CNG T TTT 90 Campaign Approver Tickets oreore ranean ZE R T EA R ERE RE RE R ha 91 Chapter 8 Campaign Approver Tickets 93 CMA Ticket Properties Form 0 2 ccc ccc cc cee Ra Raga RRR 94 FAVBTe La Leyelg GI a S ET 95 Presenting the Entity Links Table e cn cece eee net nre reroror 95 APPrOvVinNg a LINK ces ese acter scree ws ee teas eases Sea eee a a RSE RN SR Rees as aa ee 97 R jecting a K Kasse sis sped sib deb aa shed Snob shed bh obo shed lt b cb d ished aE oded bu dud E Subd biabed 98 REaSSIGMING a LINK ss cect aes des areca ten ae tes tes tows See ae tee ae Ses ae eek ws dei we eee 98 Adding Comments to LINKS 0 ccc nen enn cnet eet e teen eee ene eees 100 General CMA Ticket FUNCTIONS lt 2 494 40 26940444058404e40aS4504 59449454449 SNARES TES REA R 101 Hide Sele Cte a ar Ta E cele nn ie aa nw Si nace Ea Wee wa be eae ne eee 101 Advanced CMA Ticket FUNCIONS 2 04042404 s0edeeeeneedeesd deat ESTINTI ATERI GES 102 View Initiators is44 24
38. Chapter 2 Using The CA RCM Portal Interface 19 User Interface Setting the Number of Records Per Page Filtering a Data Table 20 Portal User Guide Most Entity tables allow you to determine the number of records per page that you can view The Records per page option appears at the bottom of the data table This option allows you to select from a pre defined list the number of records that will appear on every page The default number of records per page for most data tables is 10 Click the Records per page drop down to specify the number of records displayed per page Entity information presented in table format can be filtered When relevant a Filter option appears at the bottom of the specific data table or the filter statements will be part of the header of the screen displaying the entity table You can filter the table contents using a combination of criteria The filter allows only And statements The filter is limited to three statements m Two are exact statements Is contains Selected Field s contains Field Dependent content where the content of the drop down list depends on the field you select One filter is an include statement Selected Field Includes Free text Note Sometimes the third filter statement option is the same as the first two To filter a data table 1 Click Filter A Filter lt Entity gt screen opens in a separate browser window Find Approver for reassignment Where
39. Checkup The Checkup Options screen opens To check the TMS email system Enter an email address in the Send Mail TMS box To check the App email system Enter an email address in the Send Mail App Click Send The Executing bar appears Check the email box to see if the email arrived If an email does not arrive this indicates a problem that needs to be corrected Chapter 16 About Security amp Permissions Security In a world where corporate security has immense ramifications especially when you consider the potential harm that could result from loss inaccuracy when unauthorized personnel attempt to use various features alteration by unauthorized users or misuse of data and resources It is important that the software operate at a level of security that is consistent with the prevention of such potential harm The CA RCM Portal is accessible to both senior administrators and regular users The different types of users have different needs and system usage The CA RCM Portal has a comprehensive Role based security and permissions structure aimed at ease of use on one hand and maintaining appropriate security on the other hand This chapter discusses the CA RCM Portal s security issues and solutions both on the general level and on the user level This section contains the following topics Security see page 257 Permissions see page 260 Software security is intended to prevent both unintentional and maliciou
40. Configuration Settings see page 252 RACI Operations see page 253 Editing a Universe see page 232 Step 5 Creating a Campaign A campaign is an audit process which entails reviewing links between users roles and resources Managers in charge of various entities are notified that a campaign has begun The tasks assigned during the campaign are presented to the campaign owner and approvers as tickets The tickets include the data they have to review and approve or reject as the case may be More information Running a Campaign A Case Study see page 37 Adding Campaigns see page 219 Chapter 3 Getting Started 35 Step 6 Exporting Entity Data Step 6 Exporting Entity Data 36 Portal User Guide 1 The differences between the original real world configuration that was downloaded from the system end points Master and the updated and corrected configuration that has gone through an auditing process Model are uploaded to the original endpoints thus updating the corporate and platform user and user privileges information so that they are now in compliance with corporate policies and various regulations More information Creating a New Export Connector see page 238 Scheduling a New Job see page 243 Chapter 4 Showcasing the CA RCM Portal Enterprise information security auditing has become increasingly relevant following new US and world wide legislation mandating corporate and
41. Configuration reports m Privileges quality management reports Role management reports m Policy management reports Campaign Reports Administration Menu Menu Bar The Administration menu provides access to the following options Add a campaign Job scheduling Accessing the TxLog page Load the cache Clear the cache Create RACI Synchronize RACI TMS administration Settings Determine the settings for the Universe Connectors and other basic properties Connector Settings Universe Settings Properties Settings Common Properties Settings Audit Properties Settings Determine the CA RCM configuration settings System Checkup More information Using Administration Functions see page 219 Chapter 2 Using The CA RCM Portal Interface 29 User Interface for Non Administrators User Interface for Non Administrators 30 Portal User Guide The CA RCM Portal s flexibility becomes self evident when examining the access it allows users with limited or no administrative rights When such a user accesses the CA RCM Portal the user can run any process and view any data for which he she has been granted access permission Available menu bar options will change according to the user s privileges For example if you are a user without administrative privileges in charge of one or more resources then when opening the CA RCM Portal you have a menu bar without the Administration option and the Self Service menu is l
42. Dashboard see page 131 Configuration Dashboard The configuration dashboard is a portal page that provides a graphical overview of the entities users resources and roles in a specified configuration and the connections between them A graphic at the top of the page summarizes the users resources and roles in the specified configuration ttn iil amp 69 97 83 217 Chapter 10 How to Use Dashboards 129 Audit Card Dashboard In the configuration shown there are 69 users 97 roles and 83 resources There are 345 user role connections and the role hierarchy contains 23 role role connections A series of bar charts summarize the connections between users roles and resources The following types of links are described Direct Connection Only an explicit direct link connects two entities There are no implicit links between them due to parent child inheritance in the role hierarchy Indirect Connection Two entities are connected only through a role or through parent child inheritance of links in the role hierarchy There is no direct link between them Dual Connection Two entities are linked both directly through an explicit link and indirectly through the role hierarchy Audit Card Dashboard 130 Portal User Guide The audit card dashboard is a portal page that provides a graphical overview of the analytical alerts recorded in a specified audit card By reviewing these violations the Rol
43. Home 26 Portal User Guide Resource cards also include separate lists under discrete tabs of the following linked information in table format Roles Provides a list of roles that are linked to this resource Users Provides a list of all the users linked to this resource RACI Provides the name of the user who is held accountable for this role This is the user who will be listed as the Approver when this role is being audited or when a change has been requested for this role The menu bar provides access to CA RCM Portal s functions The menu bar is functionally organized and includes the following main items Home m Ticket Queue m Dashboards Self Service m Entity Browser m Reports Administration Some of the menu bar items contain submenus with additional options Where relevant the name of the active window is indicated below the menu bar in italics Click Home to return to the CA RCM Portal s home page More information Presenting the Home Page see page 49 Menu Bar Ticket Queue Menu The Ticket Queue allows you to filter your tickets based on various criteria Show the active ticket list This includes tickets whose Status is Open New or Done Show the New Tickets list Show the Overdue Tickets list Overdue tickets are flagged d Show the Approver Tickets list This enables administrators to view all the Approver tickets associated with their own campaigns Show the Campaign Tickets
44. Organization J contains Silicon Valley Branch and Where Choose Field z contains and Where Choose Field contains Select OK Cancel User Interface 2 Select the fields and their values from the drop down lists Enter text in the Includes box if necessary Note The Autocomplete feature is active for the lt Field Dependent Content gt drop down list You can also start typing a value and the list will automatically scroll down to it 3 Click OK The current table will now be filtered according to the selections you made Entity Card and Data Table Tabs The CA RCM Portal presents data in a very concise and easy to use manner To facilitate this the information is sometimes broken up into several parallel tables and each table is located under a separate tab For example the Entity Browser shows the search results in three tables Users Roles and Resources and each one is located under a separate tab The active tab s label is bold while the other tabs are gray Tabs can also be found in Entity Cards Click a tab label to bring that data table to the forefront active For example if you click the RACI tab in a Role Card the RACI table becomes active Sorting a Data Table by Column The CA RCM Portal data tables can be sorted When you click a column label the table is sorted based on the selected column Each type of data column has its own default presentation
45. Process Info Tickets When specific Approver ticket s owner completes an approval process that is the designated Approvers approved or rejected a request to sever a link between two entities all the users connected to the process are informed of the decision The CA RCM Portal sends a ticket to inform the concerned parties that a change has taken place regarding a specific link The users who will receive this ticket are The Approvers entity managers who approved or rejected the link The Campaign Manager When the reviewed link involves a user then the user is informed of the change All the info tickets for a specific event provide the same information and functionality independent of who receives them Chapter 9 Approval Process Tickets 125 Approval Process Info Tickets The ticket is marked by the icon L After it is opened the icon changes to v The ticket type is the same as the original Approver ticket Delete Link Entity1 Entity2 But the functionality is limited In this section you will find information specific to the family of info tickets lt Ticket Title gt Delete Link Entity1 Entity2 For example Delete Link User Resource Title Request to remove Entity1 to Entity2 association Entity1 Entity1 name Entity2 Entity2 name For example Request to delete role Organization System Management Characteristic Role 100 0 Min 40 from user Angel Ben 67283470 Approved an
46. Request was submitted on Universe Universe from Self Service Task For example Request to add user to role association role Corporate Security user 89213720 Request was submitted on Universe Portal from Add Role The More Details gt gt lt lt Less Details option provides additional information Use this ticket s functionality when you wish to transfer the specific sub tree to the management of another user or to cancel this specific review You can use the options in the ticket s Advanced section to access additional information concerning the current ticket and the Approver ticket associated with it in the sub tree More information The Ticket Properties Form see page 65 Chapter 12 Role Definition Tickets 195 Add New Role Ticket Tree New Role Parent Ticket General Functions 196 Portal User Guide The Self Service Request Update Role Parent ticket provides the following General functionality Close Closes the ticket Save Saves the changes made to the ticket Delegate Transfers the ticket tree to another manager Escalate Transfers the ticket tree to another manager Cancel Process Allows you to manually stop the Approval Process at any stage More information Escalate see page 106 Delegate see page 108 Cancel Process see page 115 Add New Role Ticket Tree New Role Parent Ticket Advanced Functions The Request New Role Parent ticket provides the following Advanced functionality Add
47. Sample Properties File 2 0 0 nee ene n een nerean anrr rennan oreen 277 tims delegate Milter lt i i tsi0 tsoesveude ER RN EEEE KERER RKE RRR eats 281 TINS CSCalaTC nll TO 281 tms campaign campaign type reassign ter cence teen een eens 282 Appendix B Portal Structure XML 283 Sample Portal Structure XML 2 cc0bvaedeeviewsdvaedeeviesaeeasbeeviesadeseseevieseavasoaeds 284 10 Portal User Guide Appendix C CA RCM Configuration Data Formats 293 Users Database Elle A 66 i4646 sash orro r r 45424 SS ASAE TIRE AGRE DESH EELS GREE OS EERE 293 R source Databas TTT 294 Configuration File 2 anaana anaana nen ene ne enn eee ete ene annerer rnnr 294 EntitieS e R RER E R R RE 295 2 lele eae nee Re etna 295 Glossary 297 Index 301 Contents 11 Chapter 1 Introduction CA RCM software provides solutions for the design implementation ongoing management and auditing of role based privileges as well as solutions for the full enterprise compliance life cycle This manual provides an overview and step by step instructions on how to use the CA RCM Portal The CA RCM Portal is a web based interface for CA RCM The CA RCM Portal is designed to provide the user with access to the various Role Management RM and Compliance Management CM features offered by the CA RCM system CA RCM targets one of the most sensitive areas in information security and computer infrastructure management identity and access mana
48. Sometime an issue exists for historical reasons that causes a message to appear At the bottom of the message you are asked if you want to auto repair the issues in this message Always click Yes 11 Click Yes to auto fix the issues listed in this error message The Please Wait bar appears When the job is completed the new universe appears in the Universes list After you have created a new universe you need to perform the following actions m Update CA RCM users database m Create RACI m Sync RACI More information Running a Connector see page 240 CA RCM Configuration Settings see page 252 Create RACI see page 253 Synchronize RACI see page 254 To edit an existing Universe 1 Click Edit next to the Universe that you want to edit You cannot change the name of a universe The contents of the other fields can be edited Note We recommend that when editing a universe s configuration file names make sure that the configurations were not assigned to another universe 2 Click Save Note Sometime an issue exists for historical reasons that causes a message to appear At the bottom of the message you are asked if you want to auto repair the issues in this message Always click Yes 3 Click Yes to auto fix the issues listed in this error message The Please Wait bar appears When the job is completed the new universe appears in the Universes list Setting Connectors Deleting a Universe To del
49. Tickets Approver tickets are generated by campaigns They contain the list of links that need to be audited as part of the campaign Chapter 9 Post campaign Approval Process Tickets These tickets provide a final review of any link that was rejected during the campaign Chapter 11 Self Service Provisioning Tickets These tickets provide a final review of Self Service requests m Severing an existing link a Adding a new link Chapter 12 Role definition tickets These tickets provide a final review of role definition requests Defining a new role m Updating the definition of an existing role This section contains the following topics Ticket Life Cycle see page 55 Ticket Tables see page 60 Administrator View User View see page 65 The Ticket Properties Form see page 65 Info tickets see page 70 Ticket Life Cycle Ticket Life Cycle The ticket s purpose and functionality governs its life cycle A ticket life cycle can be very simple or extremely complex You can gain information on a specific ticket s current situation by checking the fields State and Status either in the Ticket Queue table see page 60 or in the Ticket Properties Form window see page 65 Tickets are generated by the system and sent to their designated owner state New Status Pending Action Once they are opened even if no action has been taken the ticket state changes to Open Depending on the ticket type other ty
50. View the list of violations View Entity Opens the entity s card Two buttons are provided one for each side of the link under review View Consult Results This button appears only when the Consult service has been activated More information Add Comment see page 68 Add Attachment see page 69 View Transaction Log see page 69 View Initiators see page 111 View Parent see page 111 View Entity see page 113 View Violations see page 191 View Consult Results see page 125 Chapter 13 Entity Browser The Entity Browser enables you to locate any entity associated with any available Universe and configuration Entities are m Users m Roles m Resources This section contains the following topics Main Window see page 207 Specific Entity browser see page 208 Main Window The Entity Browser s main window provides you with a search option The search screen provides with two fields to aid in the search Universe Provide the name of the Universe that you wish to search You can select a specific Universe limiting your choice of configuration or you can select All Configuration Select a configuration from the drop down list After making your selection the Entity Browser main window displays the search results The search results are presented using three tabs m Users m Roles m Resources The standard operations available for all data tables are available here as well
51. actually approve or reject the link listed in the Approver ticket This feature is particularly useful when you are facing a deadline When you click Consult the Find Consult Users screen opens in a separate browser window Chapter 9 Approval Process Tickets 12 Approval Process Approver Tickets 122 Portal User Guide The Find Consult Users screen is divided into two sections The filter Located in the window s header The filter lets you narrow down the list of proposed approvers The proposed users This table presents a pre filtered list of users who can receive the request to provide a consultation This list can be filtered to aid in finding a specific user You can select more than one user to consult with After selecting the first user to consult with the Consult button toggles to become the Consult More button The View Consult Results is added to the ticket s Advanced functions Consulting another user generates a ticket of the same type as the source Approver ticket The approver who made the consultation request can see a copy of the consultant tickets listed as leaves below the original Approver ticket in the Ticket Queue The consult ticket that is generated is sent to each consultant s Ticket Queue The ticket itself is identical to the original Approver ticket Delete Link Entity1 Entity2 except it has a new Ticket ID and the General functions are limited The options Approve and Reject have the following
52. another manager Cancel Process Allows you to manually stop the Approval Process at any stage More information Delegate see page 108 Escalate see page 106 Cancel Process see page 115 Update Role Parent Ticket Advanced Functions The Request Parent ticket provides the following Advanced functionality Add Comment Manually add a comment to the ticket Add Attachment Add an attachment or URL to the ticket View Transaction Log The transaction log provides a history of the ticket related actions executed since the creation of the ticket Chapter 12 Role Definition Tickets 203 Update Role Ticket Tree View Parent Opens the current ticket s parent s ticket View Initiators View of list of the users who launched this ticket View Children Opens a table which provides you with information concerning all the nodes leaves that are located below the current ticket For the Request Parent ticket this means that you can view information concerning the link s Approver tickets View Role Opens the Role s card In this case the review is limited to the role and you cannot access the users cards More information Add Comment see page 68 View Transaction Log see page 69 Add Attachment see page 69 View Parent see page 111 View Initiators see page 111 View Children see page 112 View Entity see page 113 Self Service Request Update Role Approver Ticket 204 Portal User Guide When a Self S
53. assigned to a campaign as approvers depends on the nature of the campaign For a user certification campaign user managers will be assigned as approvers For a role certification campaign role managers will be assigned as approvers For a resource certification campaign resource managers will be assigned as approvers Each approver is in charge of reviewing the links between the entity they are managing and the other entity types For example in a user certification campaign user managers will be charged with reviewing their team s links to roles and resources You can open any of the Approver tickets view the contents and reassign any of the listed entity links You cannot add comments attachments view the initiators or view the transaction log from within a Ticket Properties Form that you do not own see Owner field in the upper part of the screen More information Campaign Approver Tickets see page 93 Auditing Links see page 95 Chapter 7 Running Campaign owner Tickets 91 Chapter 8 Campaign Approver Tickets This chapter is intended for users who receive Campaign Manager Approver CMA tickets When a new campaign is generated CA RCM generates Campaign Manager Approver CMA Approver tickets tickets Entity managers are assigned to a campaign as approvers based on the campaign type For example for a user certification campaign user managers will be assigned as approvers Users can become approv
54. browser and copy the name and path from the Address bar and paste it in the text box 7 Enter the Remote system login password for accessing the endpoint 8 Provide an upper estimate in seconds for the Max duration time 9 Select the appropriate Connector Java Class 10 Select the default Workflow process name 11 Select the default import Ticket Type 12 Select the Priority 13 Select the Severity When the new export connector is created it appears in the Connector Settings Exports table Running a Connector The CA RCM Portal provides two methods for importing exporting data from the source servers Manual Select a connector and click Run This will start the download upload process immediately Automatic Create a job through the Job Scheduler The import export will run as programmed by you You will receive an email notifying you of the success or failure of the import export job An import job can run from a few moments to a few hours You can monitor the situation via the Import Ticket generated by the process 240 Portal User Guide Setting Connectors The Details section provides you with the import Connectors data The Import ticket provides the following functionality Close Closes the ticket Save Saves any changes made to the ticket Delegate Transfers the ticket to another manager Escalate Transfers the ticket to another manager Cancel Process Provides the option to manually terminate an
55. e 69 74 89 110 116 119 124 127 180 183 190 194 197 199 203 206 B BPR 191 C Campaign Ticket s 27 38 53 60 68 69 78 85 89 90 93 283 Campaign Ticket lt 27 Campaign Ticket lt 38 Campaign Ticket lt 53 Campaign Ticket lt 60 Campaign Ticket lt 68 Campaign Ticket lt 69 Campaign Ticket lt 78 Campaign Ticket lt 85 Campaign Ticket lt 89 Campaign Ticket lt 90 Campaign Ticket lt 93 Campaign Ticket lt 283 Comment e 47 68 72 73 74 89 95 102 106 108 110 116 119 124 127 180 183 190 194 197 199 203 206 Connector s 29 34 56 230 233 235 238 240 243 283 Consult s 56 105 110 121 124 125 173 193 194 198 199 205 206 Converter e 235 238 Customize s 62 D Delegate s 20 55 71 72 80 81 105 108 115 118 121 127 179 182 189 193 196 198 203 205 240 242 260 Direct Link s 226 DM client tool s 233 235 238 DNA client tool s 17 34 35 219 228 233 235 238 247 252 253 260 275 Due Date s 65 78 219 Email e 38 277 Entity Browser e 14 26 28 207 208 209 283 Escalate e 55 71 73 80 82 105 106 115 118 121 127 179 182 189 193 196 198 203 205 240 242 260 Index 301 Eurekify cfg e 219 252 260 261 Export Connector e 36 233 235 238 F Filter e 20 62 63 79 98 245 247 250 260 261 262 G Gfilter e 261 H Home Page s 16 18 26 49 51 52 235 238 283 Import Con
56. email notifications to managers who must approve changes Following the Approval Process a user may find that roles or resources that were once available are no longer accessible If the user needs those resources to perform his her tasks they can ask their manager to reassign the relevant roles or resources More information Approval Process Tickets see page 103 Running Self Service Tasks see page 133 Chapter 5 Presenting the Home Page The CA RCM Portal s home page displays your currently active tickets and provides easy access to your most frequently used reports and business processes a Role amp Compliance Manager DOMAIN Hill_Gary Log Out Home Ticket Queue y Dashboards Self Service y Entity Browser Reports y Administration v Home My Tickets Plo te Sd State Status chien Type Received owner Previous Owner gt mA Initial User Audit User Certification Open 03 06 2009 Hill Gary 10 Campaign 14 46 11 DOMAINWHIIl_Gary n Progress My Reports My Business Processes Copyright C 2009 CA All Rights Reserved R12 0 0004 09 05 20 Bwe TD Rta intranet This section contains the following topics The Tickets Pane see page 50 The Reports Bar see page 51 The Business Processes Bar see page 52 Chapter 5 Presenting the Home Page 49 The Tickets Pane The Tickets Pane 50 Portal User Guide This panel provides you with a table containing a list of
57. enterprise auditing The computer security audit is a systematic measurable technical assessment of how the confidentiality availability and integrity of an organization s information is assured CA RCM is capable of performing such security audits and it can also assist you in upgrading your information security The CA RCM Portal provides the Campaign facility as a tool towards assessing your corporate compliance with BPRs Best Practice Rules and the relevant legislation It is recommended that you run campaigns regularly on a quarterly or annual basis though critical information systems dealing with sensitive information or large monetary transactions should probably be audited as often as once a month Running a Campaign Campaigns review the system s permissions thereby assuring that only users with the appropriate provisioning can access the corporate resources and that users who should not have access to various resources are indeed barred from them The CA RCM Portal campaign provides you with two basic options either to approve the corporate permissions sent to you for review or to reject them and notify the system that specific access permissions should be removed The campaign does not check if users are lacking permissions that should have been granted to them Additional case studies can be found at http ca com support This section contains the following topics Running a Campaign A Case Study see page 37
58. first line Ticket ID Each ticket has a distinct ticket ID number Owner The owner of the specific ticket The functionality of the ticket changes according to who is viewing the ticket Only the owner will have access to all the functions available for the specific ticket type Previous During campaigns or approval processes tickets may be Chapter 6 Tickets and the Ticket Queue 65 The Ticket Properties Form Field Owner Status Due Date Priority Severity State Modified Date Date Created Title Description Description delegated escalated to other managers If a ticket was sent to the owner from another user that user s name not the current owner appears in this field Provides the ticket status Each ticket has a due date by which the action s ascribed to the ticket have to be performed Shows the current priority level The available options are m Low Normal m Rush Critical Shows the current severity level The available options are a Minimal Medium m Serious m Urgent m Critical Shows the current ticket s state The possibilities are m New m Open m Hidden m Done m Archived m Canceled Shows the date and time when the content of the ticket was last modified Shows the date and time when the ticket was first created The ticket s title A description of the ticket 66 Portal User Guide More information Ticket Status see page 59 The Ticket Pr
59. gt lt tag id DashBoard gt lt type gt external lt type gt lt label gt Dashboards lt label gt lt data gt Sample Portal Structure XML lt http localhost 8080 group eurekify configuration usertoken USER_TOKEN gt group eurekify configuration usertoken USER_TOKEN lt data gt lt checkPermission gt true lt checkPermission gt lt tag gt lt tag id SelfService gt lt type gt mark lt type gt lt label gt Self Service lt label gt lt checkPermission gt true lt checkPermission gt lt tag id manageTeamRoles gt lt type gt internal lt type gt lt label gt Manage My Team s Role Assignments lt label gt lt data gt com eurekify web selfservice Roles TeamServicePage lt data gt lt checkPermission gt true lt checkPermission gt lt tag gt lt tag id manageSelfRoles gt lt type gt internal lt type gt lt label gt Manage My Roles Assignments lt label gt lt data gt com eurekify web selfservice RolesSelfServicePage lt data gt lt checkPermission gt true lt checkPermission gt lt tag gt lt tag id manageTeamResources gt lt type gt internal lt type gt lt label gt Manage My Team s Resources Assignments lt label gt lt data gt com eurekify web selfservice ResourcesTeamServicePage lt data gt lt checkPermission gt true lt checkPermission gt lt tag gt lt tag id manageSelfResources gt lt type gt internal lt type gt lt label gt Manage My Resources
60. how many users you have selected for the current action In the case of single user selection click Get Roles to view the list of roles linked to your selected user In this case the only option available to you in this section is to select the Remove check box next to a role thereby severing the link between the user and the selected role If you choose more than one user the Currently Enrolled Roles table will present an additional column Enrollment Chapter 11 Running Self Service Tasks 143 Manage My Team s Role Assignments 144 Portal User Guide In the case of multiple user selection you can m Select the Remove check box next to a role thereby severing the link between the users and the selected role m Select the Add check box next to a role to which only some of the selected users were enrolled thereby linking all the chosen users to the selected role The Currently Enrolled Roles table provides the following options Add A column of check boxes one per role Select one or more The check boxes next to roles that are already linked to all selected users will be disabled Remove A column of check boxes one per role Check one or more to remove the link between the selected users and the selected roles Enrollment This column appears only when selecting multiple users Numerically displays of users enrolled total of users selected for example 2 3 means that two of the three selected users are enro
61. import process Acknowledge The button is disabled until the process is completed Click to complete and archive the ticket To run a connector 1 In the Connector screen select the connector you want to run import or export and click Run next to it A confirmation message appears 2 Click Yes to run the specified connector An Import Ticket is generated and it will appear in your Ticket Queue 3 Click Acknowledge when the process is completed More information Job Scheduling see page 243 The Ticket Properties Form see page 65 Delegating an Info Ticket see page 72 Escalating an Info Ticket see page 73 Chapter 15 Using Administration Functions 241 Setting Connectors Import Error Tickets When an import operation fails for some reason the CA RCM Portal generates an Error Ticket The Error ticket provides the following functionality Close Closes the ticket Save Saves any changes made to the ticket Delegate Transfers the ticket to another manager Escalate Transfers the ticket to another manager Acknowledge The button is disabled until the process is completed Click to complete and archive the ticket Handle This button ensures that even if multiple users received this error ticket only one will handle it After one user clicks this button the functional buttons for this ticket will be disabled in the other users ticket Terminate job Manually terminates the currently running job
62. label gt lt data gt com eurekify web reports parameters universeconfigurationreports ConfigurationPropertiesParametersPage lt data gt lt checkPermission gt true lt checkPermission gt lt tag gt lt tag id ConfigurationUsersAttributes gt lt type gt report lt type gt lt label gt Configuration Users Attributes lt label gt lt data gt com eurekify web reports parameters configurationattributes users ConfigurationUsersAttributesParametersPage lt data gt lt checkPermission gt true lt checkPermission gt lt tag gt lt tag id ConfigurationRolesAttributes gt lt type gt report lt type gt lt label gt Configuration Roles Attributes lt label gt lt data gt com eurekify web reports parameters configurationattributes roles ConfigurationRolesAttributesParametersPage lt data gt lt checkPermission gt true lt checkPermission gt lt tag gt lt tag id ConfigurationResourcesAttributes gt lt type gt report lt type gt lt label gt Configuration Resources Attributes lt label gt lt data gt com eurekify web reports parameters configurationattributes resources ConfigurationResourcesAttributesParamet ersPage lt data gt lt checkPermission gt true lt checkPermission gt lt tag gt lt tag id ConfigurationUsersFull gt lt type gt report lt type gt lt label gt Configuration Users Full lt label gt lt data gt com eurekify web reports parameters configurationattributes users ConfigurationUsersFullParameters
63. list This option depends on the user s permissions Show the Archived Tickets list More information Tickets and the Ticket Queue see page 53 Dashboards Menu The dashboard automatically shows users useful information as they go about their tasks Self Service Menu The Self Service menu provides access to a series of provisioning operations Self Service supports quick and easy user management by allowing the administrators managers on the fly access to role and resource assignment requests for themselves and their team members The Self Service menu provides the following functions Manage my team s role assignments Manage my role assignments Manage my team s resources assignments Manage my resource assignments Request a new role definition Place a request to alter a role definition More information Running Self Service Tasks see page 133 Chapter 2 Using The CA RCM Portal Interface 27 Menu Bar Entity Browser Reports Menu 28 Portal User Guide The Entity Browser opens the CA RCM Portal s Entity Browser Page Here you can view information concerning Users Roles or Resources for a selected Universe under a selected configuration The information is presented in three tables where only one entity is visible at a time m Users table Roles table m Resources table More information Entity Browser see page 207 The Reports menu provides access to the following families of reports
64. lt tag gt lt tag gt lt portal gt Sample Portal Structure XML Appendix B Portal Structure XML 291 Appendix C CA RCM Configuration Data Formats CA RCM uses three separate but related files in text based comma separated format to represent a configuration These files are m Users database file m Resources database file Configuration file The users and resources database files contain the basic features of users and resources The configuration file contains the dynamic parts of a configuration that is the roles and relationships connections This section contains the following topics Users Database File see page 293 Resource Database File See page 294 Configuration File see page 294 Users Database File Each user is represented in this file by one line which includes comma separated values for the following fields in this order m PersonID the key m User name Organization name Organization type Additional fields optional m Up to 6 additional fields per user Example 234A745 Tony O Smith Sales US West Coast Sales San Francisco 234A111 5 373B234 Mark W Johnson San Jose Wireless Research R amp D San Jose 123B546 1 Appendix C CA RCM Configuration Data Formats 293 Resource Database File Resource Database File Each resource is represented in this file by one line which includes comma separated values for the following fields in this order m Resource Name 1 m
65. meaning Approve Approve the request to delete the specified link Reject Reject the request to delete the specified link If you click View Parent you will see the ticket from which the consultation request originated all functions disabled When you have selected to either approve or reject the link the consultation ticket is archived You can check this ticket s Transaction Log to view what decision was made in this case Approval Process Approver Tickets Approve Reject To consult on a ticket 1 Click Consult in the ticket s Ticket Properties Form The Find Consult Users screen opens in a separate browser window 2 Select one or more names from the list You can use the filter option to reduce the number of records listed in the table 3 Click OK The Executing bar appears A new ticket is generated for each consultant listed The new ticket s will now appear in the consultant s Ticket Queue 4 Click View Consult Results to view the results of the consultation More information Filtering a Data Table see page 20 As an approver it is your task to approve or reject the request to delete a link between two entities When you choose to approve such a request click Approve and a Confirmation pop up window opens Click Yes and the Executing bar appears When done the approver ticket s status is Approved and the ticket is archived The user whose privileges were altered by this decision receives a
66. of the CA RCM is its ability to take advantage of RACI presentation techniques When a request for a new role is generated the first thing that the CA RCM Portal does is to generate a Task ticket that aids the Self Service manager in swiftly setting the new role s Accountable Approver The Select Accountable Task ticket follows standard CA RCM Portal ticket guidelines In this section you will find information specific to the Select Accountable Task ticket lt Ticket Title gt Task Title Select Accountable to Role Role Name For example Select Accountable to Role Corporate Security Description Instructions To continue please choose an accountable user to Corporate Security role GENTKT039 The More Details gt gt lt lt Less Details option provides far more information than in other parent tickets In this case you can see here a full list of the ID numbers for all the users that you or the Self Service manager requested to enroll in this role Chapter 12 Role Definition Tickets 187 Add New Role Ticket Tree This section covers the following topics Select Accountable Function Select Accountable Ticket General Functions Select Accountable Ticket Advanced Functions m View Violations More information The Ticket Properties Form see page 65 Select Accountable Function see page 188 Select Accountable Ticket General Functions see page 189 Select Accountable Ticket Advanced Functions see page 19
67. on how to approve Role links or Resource links Chapter 8 Campaign Approver Tickets 97 Auditing Links Rejecting a Link Reassigning a Link 98 Portal User Guide When a link is rejected during a campaign the rejection does not become final until it is reviewed and confirmed during the Approval Process by the link s entity managers For example when a link between a user and a role that has been rejected both the user s manager and the role s manager have to confirm that this link should be rejected Only then is the decision final Users whose links are rejected will be informed of the rejection Note You can reject all the links listed in a specific link table at once by clicking the column label for that link table To reject a user link 1 In the Ticket Properties Form click next to the user you want to audit The associated Roles and Resources tables appear 2 Click the check box in the column next to the user s role s and or resource s that you want to reject 3 Click Save 4 The selected links have been rejected and the relative progress made is reported on the Approver Progress bar The system default accepts the rejection as final only after the Approval Process Note Replace user in the above procedure with either resource or role for instructions on how to reject Role links or Resource links The CA RCM Portal allows managers to choose to reassign a link listed in their CMA
68. presents the list of attached files and or links and any available comments concerning the campaign The Advanced section of the Campaign Ticket Properties Form shows the attached file URL and a comments table Next to the attachment you can see an X Click X to delete the attachment The Comments table provides the following information Received Provides the date when the comment was generated Owner The name of the user who generated the comment Note The content of the comment Next to each comment you can see an X Click X to delete the comment General Campaign Ticket Functions 80 Portal User Guide The Campaign section of the Ticket Properties Form contains all the campaign ticket and campaign data This section also provides the following functions Close Closes the Ticket Properties Form browser window Save Saves any changes made to the campaign ticket Delegate Allows you to delegate the campaign to a more junior manager Once this is done the campaign ticket will be relocated to your Ticket Queue archive Escalate Allows you to transfer the campaign to a more senior manager Once this is done the campaign ticket will be relocated to your Ticket Queue archive General Campaign Ticket Functions Delegating a Campaign This function allows you to delegate the campaign to another administrator Once you have selected the new campaign administrator the campaign s ticket is archived and will no longer appear
69. procedures will be broken up by section m The fields in the General section The Currently Enrolled Resources table options and functionality m The Other Resources table options and functionality To manage my resources click Mange My Resource Assignments on the Self Service menu The Manage My Resources screen appears More information Customizing a Data Table see page 19 General Section Manage My Resources Screen see page 160 Currently Enrolled Resources Table Manage My Resources Screen see page 161 Other Resources Table Manage My Resources Screen see page 161 Chapter 11 Running Self Service Tasks 159 Manage My Resources General Section Manage My Resources Screen The General section of the Managing My Resources screen contains the following fields Universe Select the Universe you wish to work with The users table and the available resources depend on the universe Business Area General information descriptive This information will appear in the Description field of the ensuing Self Service Approval Root ticket Business Process General information descriptive This information will appear in the Description field of the ensuing Self Service Approval Root ticket Description Provide a concise and meaningful description of the changes you intend to make to your resources Submit Click to submit your request for changes To enter the data in the Manage My Resources Gene
70. roles in a bottom up approach to match the enterprise privileges requirements The CA RCM Portal allows you to define new roles on the fly When the need arises to define a new role whether following an audit or in the course of an enterprise s life cycle you can do so directly and quickly The procedure comprises two screens Request New Role Definition Definitions For Role Name New Role Name More information Request New Role Definition Screen see page 164 Definitions for Role Name New Role Name see page 168 Definition Screen The first step in defining a new role is to define its characteristics and general definitions For example for a new role called Security Officer you have to provide the role name corporate definitions and rules that will govern this role The Request New Role Definition screen is divided into two sections m Task definitions Role definitions Defining a New Role The Task Definitions area includes the following fields Universe Select the Universe you wish to work with The new role will be associated with this universe s configuration The users table and the available resources provided in the Definitions for Role Name New Role screen depend on the universe Business Area General information descriptive This information appears in the Description field of the ensuing Self Service Approval Root ticket Business Process General information descriptive Th
71. s Resources screen To make selections in the Currently Enrolled Resources table in the Currently Enrolled Resources table click the relevant check boxes in the Add and or Remove columns At this point you can choose to End the process at this point m Add additional resources to the selected users If you do not want to add new resources submit your requests Manage My Team s Resources Other Resources Table MMT Resources Screen This section allows you to enroll your selected user s to additional resources of your choice The actual enrollment will take place following a review process Note When you click Get Resources in the Users section a list of resources that are not linked to the currently selected user s appears in the Other Resources table In addition to managing the resources currently linked to the members of your team you can also request that the system provide a list of recommended resources for your selected users This list of resources will be displayed in the section Other Resources The Other Resources section provides the following options Add A column of check boxes one per role Select one or more to link the selected users to additional resources Res Name 1 Click any highlighted resource name listed in this column to open its Resource Card Customize Allows you to determine the columns that will appear in the Other Resources table Records per page Select the number of records
72. see Approval Process Tickets see Name Approval Process Approver ticket Consult ticket Self Service Approval Process Root ticket Self Service Request Parent ticket Self Service Approver Ticket Self Service Consult ticket Task Notification Ticket Type s Delete Link Entity1 Entity2 Delete Link Entity1 Entity2 Approval Root Link Entity1 Entity2 Delete Link Entity1 Entity2 Update Role Link Entity1 Entity2 Delete Link Entity1 Entity2 Update Role Link Entity1 Entity2 Delete Link Entity1 Entity2 Update Role Task Notification Ticket Life Cycle Description page 103 A ticket generated after a campaign is stopped or completed The rejected links are sent for re evaluation to the managers of the linked entities For example a link between a role and resource will generate tickets to both the role manager and the resource manager The Approver Ticket can be escalated delegated to another approver by the ticket owner For more information see Approval Process Tickets see page 103 A ticket generated when an Approver wishes to consult with another user regarding the specific rejected link For more information see Approval Process Tickets see page 103 The Self Service request root ticket A ticket generated when a self service process requires approval from entity managers For more information see Running Self Service Tasks see page 133
73. selfservice validate missingaccountablefor errco de selfservice validate racierrorfor errcode settings headers editimportexportpage error err code settings headers edituniversepage error errcode changeapproval child remove user role info title rejected errcode changeapproval child remove user role info title failed errcode changeapproval child remove user role notificati Code prt009 prt010 prt011 prt012 sgm001 sgm002 slsOO1 sls002 sls003 sls004 sls005 sls006 sls007 sls008 sls009 sls010 sls011 ste001 ste002 tkt001 tkt002 tkt003 Error Messages Description incorrect password for batch user failed to authorize user 0 the user does not exist in 1 configuration an error has occurred for more information please view the log file to relogin please click here error conflicts in the master configuration login field found 0 duplicate logins please review could not load bpr file 0 proceeding without no bpr file defined proceeding without no universes available error starting approval process description field is required no user is selected no requests made missing raci configurations error getting raci configurations missing accountable for 0 raci error for 0 error fetching connector object 0 error fetching connector object request to delete role 1 from user 1 rejected request to delete role 0 from user
74. stopped An email notification is generated and sent to all the campaign s Approvers Campaign Management Functions Start Approval Processes Archive The approval process is the procedure whereby links which were rejected during a campaign can be re examined and a final decision can be reached as to whether to confirm the rejection or to approve the link The purpose of a campaign is to audit and certify entity links Once a campaign is over either because all the approvers have audited all the entity links in their Campaign Approver tickets or because the campaign was manually stopped it is necessary to review all the rejected links once more as the final step in the certification process To start the approval process 1 Click Start Approval Processes in the Campaign Management section of the campaign s owner ticket A confirmation prompt appears 2 Click Yes to confirm The Executing bar appears More information Approval Process Tickets see page 103 This feature allows you to completely shut down a campaign by transferring it to your archived tickets While a campaign that has been manually stopped can be restarted an archived campaign cannot be rerun By archiving a campaign while it is running you also close down the ability to run approval processes on any links that have already been processed and rejected during the time the campaign was active Archiving a campaign after it has been completed but be
75. that will appear in the Other Resources table Find Resources Opens the Select Resource filter screen to assist you in locating specific resources Test Compliance Checks whether the selections made in the Other Resource table comply with existing policies and BPRs Business Practice Rules Suggest Resources Provides a list of possible resources based on the CA RCM pattern recognition technology This table presents you with several options You can manually select one or more resources to which you wish to enroll m You can use the Find Resources filter option to find specific resources and then make a selection from the filtered list of resources R You can click Suggest Resources and use the information provided by this feature to find resources to which you should enroll After making your selection s you can test the compliance of your selections with the existing BPRs and policies You can decide to make the request despite any violations or you can amend your selections Manage My Resources To link to additional resources 1 In the Manage My Resources screen scroll down to the Other Resources table Optional Click Find Resources to access the Select Resource filter screen Optional Click Suggest Resources to see the CA RCM Portal s recommendations Select one or more resources to link to the chosen users Optional Click Test Compliance to review your selections and check for possible violations
76. the organization s main authorization authorities such as for example Active Directory the best way to update CA RCM configuration is from this source which actually is one or more of the end points already imported to CA RCM and residing as a configuration universe within its database To check the CA RCM configuration for new users when creating a new Universe 1 On the Administration menu click CA RCM Configuration Settings 2 Click Update CA RCM configuration with universe users The Update Master with Universe Users screen opens Select a Universe from the drop down list 4 Click Select An appropriate notice appears when the process is completed For example 5 If the system identified records that need to be updated or fixed check the system suggestions and act as necessary Note We recommend that you use the CA RCM DNA module to fix the records RACI Operations RACI Operations Create RACI The RACI model is a tool that can be used for identifying roles and responsibilities during an organizational audit thereby making the audit process easier and smoother The model describes what should be done by whom during audits and when corporate changes take place RACI is an abbreviation for R Responsible who owns the problem project A Accountable to whom R is accountable who must sign off Approver on work before it is accepted C Consulted who is to be consulted who has information and or the capab
77. the owner from another user that user s name not the current owner appears in this field As the Ticket Queue table can be customized the columns that appear in the Ticket Queue table may be different than those presented here More information Administrator View User View see page 65 Customizing a Data Table see page 19 The Tickets Pane see page 50 Main Screen Operations 62 Portal User Guide The Ticket Queue menu bar provides five functions m Search Customize m User View Admin View m Refresh Clear Filter appears only when a Search filter has been activated This section covers the following topics m Search Clear Filter m Refresh More information Customizing a Data Table see page 19 Administrator View User View see page 65 Ticket Tables Searching the Ticket Queue Table Besides the basic filtering done by the Ticket QUeue menu options you can search for a ticket that matches a specific query The search is performed on the tickets in the current table The query can include one or more filter statements Each rule consists of the following fields Field Description Column This drop down box provides a list of possible columns name You can select any column that appears in the drop down list even if the column is not currently visible in the Ticket Queue table Filter The following filtering functions are available functions Equal m Gre
78. the universe Description Provide a description of this universe its use the type of configuration used etc Master configuration name The Universe s master configuration The file name has to have the extension cfg If the configuration was uploaded to the database the name will appear in the autocomplete list Model configuration name The Universe s model configuration If the configuration was uploaded to the database the name will appear in the autocomplete list Approved Audit Card The list of approved violations for the Universe if it exists Configuration Login field The field in the selected configuration file which provides the users login ID located in the users database file Setting a Universe Configuration email field The field in the selected configuration file which provides the users email address located in the users database file Configuration user manager field The field in the selected configuration file which provides the user manager s ID user approver Configuration role manager field The field in the selected configuration file which provides the role manager s ID role approver Configuration resource manager field The field in the selected configuration file which provides the resource manager s ID the resource approver Audit Settings file Parameters and settings which define the audit and pattern based checks that will be performed on the master configur
79. thresholds for charts and graphs The following parameters are used to generate reports Not all parameters are used for every report Configuration Specifies the configuration file upon which the report will be based The drop down lists all configuration files in the CA RCM database Use the following parameters to filter the report based on user role or resource attributes by Field Specifies a data field in the configuration file that is used to filter and sort records The drop down shows existing data fields in the configuration file specified by the Configuration parameter Only relevant data fields are shown for example only user attributes are shown for reports organized by user account From To Specifies the range of records to include in the report based on the data field specified in the by Field parameter The drop downs show existing field values drawn from the specified configuration file Pattern Defines a pattern matching string that selects records from the specified configuration file to include in the report The string is applied as a filter to the data field specified in the by Field parameter The pattern must follow the usage defined for the java utils regex Pattern class in the Java version supported by this release Use the following parameters when working with analytical statistical reports based on the selected configuration s audit card Audit Card Specifies the audit card from which analy
80. ticket and email notifying him of the change In the case of a role resource or role role hierarchy link the designated role resource managers are informed More information Approval Process Info Tickets See page 125 As an approver it is your task to approve or reject the request to delete a link between two entities When you choose to reject such a request click Reject and a Confirmation pop up window opens Click Yes and the Executing bar appears When done the approver ticket s status is Rejected and the ticket is archived The user whose privileges were altered by this decision receives a ticket and email notifying him of the change In the case of a role resource or role role hierarchy link the designated role resource managers are informed More information Approval Process Info Tickets See page 125 Chapter 9 Approval Process Tickets 123 Approval Process Approver Tickets Approver Tickets Advanced Functions 124 Portal User Guide The Approver ticket provides the following Advanced functionality Add Comment Manually add a comment to the ticket Add Attachment Add an attachment or URL to the ticket View Transaction Log The transaction log provides a history of the ticket related actions executed since the creation of the ticket View Parent Opens the current ticket s parent s ticket View Initiators View of list of the users who launched this ticket View Violations This is disabled for A
81. time indicates that there is a problem The export process will end when the specified time is over Connector Java Class Select the Java Class that matches the converter you will be using to import the data from the system s endpoints Sbt classes enable the connection between the CA RCM Portal which was written in Java and the CA RCM DNA which is not Workflow process name Select the default export process You can use the bundled Workpoint BPM engine to generate additional workflow processes Ticket Type Tickets are work items that can be viewed in the Ticket Queue Select the default export ticket type Priority Set the priority level The available options are m Low Normal m Rush Critical Severity Set the severity level The available options are a Minimal Medium m Serious m Urgent Critical Chapter 15 Using Administration Functions 239 Setting Connectors To create a new export connector 1 In the Connector pane click Create New 2 Enter the name of the new Export Connector 3 Provide a clear and concise Description of the export connector 4 Select the Universe from the drop down list 5 Enter the name and location of the Settings XML File You can locate the file using your systems file browser and copy the name and path from the Address bar and paste it in the text box 6 Enter the name and path of the Mapping XML File You can locate the file using your systems file
82. to an Approval Process based on the link type For example for a Delete Link User Role process the user s manager and the role s manager will be assigned as approvers Users can become approvers for other users only if the Approver s name appears in the manager column of the Universe s Model configuration files for the specific user Users can become approvers for Roles and or Resources only if they are listed in the configuration s RACI representation under Accountable that is a specific user becomes accountable for a specific entity Therefore if you are listed as an entity manager you will receive Approver tickets when an administrator runs an Approval Process involving your assigned entity The campaign owner has overall control of the approval process They can transfer responsibility of the process to another manager or cancel the process when necessary This can be done for the complete ticket tree or for a single sub tree General Approval Process Ticket Functions As an approver you are tasked with making the decision whether to approve the rejection or not To aid you in the decision making process you have the ability to consult with other managers Important As several complex procedures are documented in this chapter it is important to remember that every ticket has a unique ticket ID number that can be used to track the ticket and to differentiate between tickets of the same type that deal with the same issue but have diff
83. to review the access rights A manager can be in charge of a team of users one or more roles or one or more resources In a business with over 1000 users the help of the managers is required to speed up the cleansing process Depending on the campaign definitions the business managers may be required to review the access rights of their employees and or resources under their jurisdiction and report the change requests to the CA RCM Administrator Campaigns are used not only in the enterprise cleansing phase but also for periodic certification as required by regulation Self Service Managers can use the CA RCM Portal to manage their team s role definitions and access to corporate resources Users can also manage their own personal privileges with regard to system roles and resources Entity Browser This browser aids the administrator business manager who is using the CA RCM Portal in viewing entities i e users roles resources associated with a specific Universe under a selected configuration The information is displayed in table format The tables contain basic information for each entity Running reports Provides access to a variety of reports Dashboards Automatically shows users useful statistical information as they go about their tasks Administration Administrators can create a universe generate import export connectors and define their scheduling They can also perform other functions available only to senior admi
84. tree in which the original ticket the Status is set to Escalated is the root ticket and the new ticket is the next node To escalate a ticket select a user from the list of appropriate users The Find Escalate Users screen is divided into two sections The filter Located in the window s header The filter lets you narrow down the list of proposed approvers The proposed users This table presents a pre filtered list of users who can receive the escalated approval task s This list can be filtered to aid in finding a specific user The names listed in the proposed users list are governed by several default property filters of the type tms escalate filter Chapter 6 Tickets and the Ticket Queue 73 Info tickets To escalate a ticket 1 Click Escalate in the ticket s Ticket Properties Form The Find Escalate Users screen opens 2 Select a name from the list You can use the filter option to reduce the number of records listed in the table 3 Click OK The Executing bar appears The original ticket is archived and its status is set to Escalated A new ticket is generated The ticket appears in the target user s Ticket Queue More information Add Comment see page 68 Filtering a Data Table see page 20 CA RCM Properties see page 277 Advanced Info Ticket Functionality 74 Portal User Guide Info tickets have standard advanced functionality including Add Comment Manually add a comment to the ticket
85. user The general syntax is lt Menu Name gt lt sub menu gt For example Self Service allows users linked to this resource permission to see and use all the available Self Service menu items Adding Exclude after the square brackets excludes a specific menu or menu item from the user s menu options Permissions Doc_Access Type Resources Filter Type Resources DocAccess deals with permission to access documents configuration audit card universe and so on The general syntax is lt Document type gt For example AUDITCARD allows users linked to this resource permission to access this type of file Adding the modifier Read R or Read Write RW sets the level of access to the files that the user is permitted to access The value entered in the column Resnamez2 influences the level of permissions asterisk indicates full permission for all such files or a specific entity can be listed here for example a configuration name a universe name There are 3 types of filter resources m Filter_User m Filter_Role Filter_Resource The following columns provide important information when the resource s type is Filter Res Name 1 The resource name Res Name 2 The Universe name Res Name 3 Filter number Description A description of the filter Type The resource s type Filter1 A Gfilter For example gt type role A type user sageUser PersonID Chapter 16 A
86. you choose to delegate an Approval Process root ticket the whole tree will now be visible in the new owner s Ticket Queue To delegate a ticket you have to select a user from the list of appropriate users The Find Delegate Users window is divided into two sections The filter Located in the window s header The filter lets you narrow down the list of proposed approvers The proposed users This table presents a pre filtered list of users who can receive the delegated approval task s This list can be filtered to aid in finding a specific user The names listed in the proposed approvers list are governed by several default property filters of the type tms delegate filter General Approval Process Ticket Functions To delegate a ticket 1 Click Delegate in the ticket s Ticket Properties Form The Find Delegate Users screen opens 2 Select a name from the list You can use the filter option to reduce the number of records listed in the table 3 Click OK The Executing bar appears The original ticket is archived and its status is set to Delegated A new ticket is generated The ticket appears in the target user s Ticket Queue More information Add Comment see page 68 Filtering a Data Table see page 20 CA RCM Properties see page 277 More Details Less Details The More Details gt gt and lt lt Less Details buttons located below the general function buttons toggle between showing additional data and hidi
87. your tickets The tickets displayed in this pane are campaign owner tickets for the campaigns you have created campaign Approver tickets when you are an approver for a specific campaign Approver tickets for entities you were assigned to manage and info tickets Some of the tickets have hierarchal tree structures that you can navigate The type of data fields displayed in this pane is determined by customizing the Ticket Queue Each column can be used to sort the ticket table Highlighted content displayed in the panel enables you to link to additional data You can navigate the tickets by clicking on H Clicking an active link in the Title column opens the Ticket Properties Form in a separate browser window Clicking on the link in the Owner column will open the listed ticket owner s User Card in a separate browser window The following table presents the icons used in the Ticket pane and their description Icon Description New ticket folder Ee Ticket folder This is a task ticket that has children tickets The ticket tree headed by this folder could have been generated when this ticket was first generated or later in the process New info ticket Info ticket New task ticket Task This icon appears next to every ticket that refers to an action Overdue ticket Appears when a ticket refers to a process that includes errors Click to expand the ticket tree o0 eB Y ol a e Click to collapse the ticket tree More inf
88. 0 View Violations see page 191 Select Accountable Function 188 Portal User Guide This purpose of the Select Accountable Task ticket is to select the role s manager the user who will act as the Approver whenever a request is made that is connected to this role At first the Role Accountable field is empty located under More Details gt gt The Continue button is disabled until a user is selected When you click Select Accountable the Choose Accountable for New Role screen opens in a separate browser window The Choose Accountable for New Role screen is divided into two sections The filter Located in the window s header The filter lets you narrow down the list of proposed approvers The proposed users This table presents a pre filtered list of users who can become Approvers This list can be filtered to aid in finding a specific user After selecting a user as the role s Approver the Continue button is enabled The new role manager is listed under the More Details section of the Select Accountable Task ticket Click Continue to go to the next stage of the Add New Role Approval Process More information Filtering a Data Table see page 20 Select Accountable Ticket General Functions see page 189 Add New Role Ticket Tree Select Accountable Ticket General Functions The Select Accountable Task ticket for the Self Service Request Add New Role task provides the following General functionality
89. 044s00540esde4a4eesGee5 deeded Goetdeud toasdasddesadead ESEESE 102 Chapter 9 Approval Process Tickets 103 General Approval Process Ticket Functions 0 ccc ccc cet eee e een ence eee nees 105 ESCalate i 44 06h a A sobs Ss eGS SAE ESA SE OSE GRE SASES REESE EBHE EE R A N R RR R A Ta 106 Delegate 0 cram dansaade aad eva saa R ea aera erates 108 More Details Less Details 2 0 RRR RRR RRR RRR RRR 109 Advanced Approval Process Ticket FUNCtIONS 0 ananos eeann nnne rnrn eet eee e eens 110 MIGWINIEIACOLS ws Re seen EREEREER ste eneen eta E ene ae eee en een eee 111 VIEW Parent 43 6 Z E RE loess oes SOSSS S 111 View CHITGRO RT scene vette uct ect cece cet tel ce ardent Gol be a deed ehcp cde ihe ee hues il ued lah 112 View Entity 2 0 0 nn ene ene ene n eee tenet eee ene annn 113 Approval Process Root Ticket 4c iecsi gash eeveowd Gawd dav dsed Gawd seve EANA EER 113 Approval Root Ticket General Functions 0 c ccc cece cece eee n eee eee enns 115 Approval Root Ticket Advanced Functions 0 cc cece cece cece eee ene nee rrr 116 Rejected Link Parent Ticket 0 cece ce ne eee e ene e tne e eee e eee e eee eeeaee 117 Rejected Link Parent Ticket General Functions 00 ccc cece cece cece teen eens 118 Rejected Link Parent Ticket Advanced Functions 0 ccc cece cece teen eee e ees 119 Approval Process Approver Tickets 120 Approver Tickets General Function
90. 1 nnn ene ene tet e teen ete ete etn eens 232 Deleting a UNINErS i sai0asdacudasadoin danse EEEIEE EAEE AEE EE EAT EEEE IAEE EERE EEA 233 Setting eeii ess 233 The Connector Settings Panel Tables 0 ccc cc ccc eee eee teen eens 235 Creating a New Import Connector 2 5 R S R A R N RRR R ee ee te ee eee eee eee ees 235 Creating a New Export Connector 0 een ete nee e eens 238 Running a esa es 2 026 Mo att aw Seas Soca E aw Sa ae Sew Sx are das Seas Se aw Sea Sa ee ay 240 Import Error TicketS 0 20 ence ene ene cnet net e tenet eet eeeneee 242 JOB SCHECUIING 2s tn4teowk cond canbe tant sawd dew hoax saw heed dont sawd EEAO AEEA RENEE EAA 243 Scheduling a New Job 1 ene ne een enn eee etn ete t net n teen nee 243 The Jobs Table vs lt cscci stated pied abet Ghai Ghee te aka eet EeGl se BEER HERA RRR LRA ae Res 244 Contents 9 The Transaction LOG ce en enn eee errno oorner eroro ete teens 245 Cache Manipulation ar bcc perk ie eh ot Bo PEE BORO E BEE EEE EB BT thal tae ts loc 246 LO ad Cane fies tecwa sre seen nie eae E E a ests meerte so ats mee ee eare ee ine a yee elas meee eS 247 e Tee 247 Properties Settings aan R 0 R R R R Ta R ae TRR R RE R R RR ae RR oe EE R RRR 247 Accessing the Common Properties Settings Page ccc cece tect ee teen eens 249 Creating a New Property Key 0 ccc cc eee teen ene e tenn ene e eee nenne 249 EGIEING a Property HCY ccc ccc te ett atc te te a tc t
91. 182 Portal User Guide The More Details gt gt and lt lt Less Details buttons located below the general function buttons toggle between showing additional data and hiding the same data The type of data available is the same whether the ticket is an Add Role main parent ticket or an Update Role main parent ticket The content of the fields depends on the original Role Definition task being processed The Role Fields table refers to the role s rules This table will have content only when a new role included a rule or when a rule is added changed during an update role process Role Definition Main Request Parent Ticket As the first step in any role definition approval process is to allow the role manager to approve the links added to the role the Role Links table provides a list of the entities that were listed as Add requests in the Requests table Requests to remove links are processes separately This table provides lists for each possible entity m Users to add m Resources to add m Parent roles to add Children roles to add If any of the options are empty it will not appear in the table This section is informational only Note You cannot access any of the entity cards for the entities listed here Main Parent Ticket Advanced Functions Role Definition The Role Definition Main Parent ticket provides the following Advanced functionality Add Comment Manually add a comment to the ticket Add Attachment Add an attachment
92. 30 232 233 235 238 246 252 253 254 261 275 283
93. 4844 S448 498844484594 498 848844 84449848484 22 Men Ba is ostama ia aai ma aa EEE OE Saar aaa de anaes RA EE Saas AE EE E oars RE AE E REE EE A A EEA 26 HoMe casa gece aE E T E E E a E T E T E E E E E 26 Ticket QUeUe TT 27 Dashboards M6nu stv coven cues ee oi euey A es Gee es Eee eevee eek ey 27 Self Service MAU sos eee RE tows A A AEE SE RER RER ERE KR R PETA A BETA RSE EE DEBE 27 Entity Browse P seere epee tose lec een een ence eos alee ee oe eines als eee ree ae eee els ee eee eens 28 Reports Tl HU 28 Administration Menu lt 3 os cs8cdwewedtw ese EE EEE EEEE EEEE E EEEE E E EEEE E EEE EE EEN 29 User Interface for Non Administrators esseere rere sssr rnrn nrn r rnrn renn 30 Chapter 3 Getting Started 31 Introducing Entities and LINKS unnan a anann e nannan rreren nner ranner e errre 32 Step 1 Creating a UNIVE rS Ess N NR 6 ER aa R E E R R R R tae E E EE E E R E E dee EE E E 33 Step 2 Creating Import Connectors srann een nnn rreraren 34 Step 3 Importing Entity Data lt 555 5 X 5 5 5 X N R Z R 44545454454 4464 0445455458 044454444 540554 54440545 34 Step 4 Generating Master Model Configurations 0 ccc ccc cece ence ene eas 35 Step 5 Creating a Campaign 02 s sese edeeseododes awe dose aiabddd cadens tase sees desea R R 35 Step 6 Exporting Entity Datat i c0 cscescerdeeeidavisavd RRR ERRER RRR ERRER deeded 36 Chapter 4 Showcasing the CA RCM Portal 37 Running a Campaign A Case
94. Assignments lt label gt lt data gt com eurekify web selfservice ResourcesSelfServicePage lt data gt lt checkPermission gt true lt checkPermission gt lt tag gt lt tag id requestNewRole gt lt type gt internal lt type gt lt label gt Request a New Role Definition lt label gt lt data gt com eurekify web rolerequests RoleDefinitionPage lt data gt lt checkPermission gt true lt checkPermission gt lt tag gt lt tag id requestUpdateRole gt lt type gt internal lt type gt lt label gt Request Changes to a Role Definition lt label gt Appendix B Portal Structure XML 285 Sample Portal Structure XML lt data gt com eurekify web rolerequests UpdateRolePage lt data gt lt checkPermission gt true lt checkPermission gt lt tag gt lt tag gt lt tag id EntityBrowser gt lt type gt internal lt type gt lt label gt Entity Browser lt label gt lt data gt com eurekify web entitybrowser EurekifyBrowserPage lt data gt lt checkPermission gt true lt checkPermission gt lt tag gt lt tag id Reports gt lt type gt mark lt type gt lt label gt Reports lt label gt lt checkPermission gt true lt checkPermission gt lt tag id ConfigReports gt lt type gt internal lt type gt lt label gt Configuration Reports lt label gt lt checkPermission gt true lt checkPermission gt lt tag id ConfigurationProperties gt lt type gt report lt type gt lt label gt Configuration Properties lt
95. CA Role amp Compliance Manager Portal User Guide r12 0 This documentation and any related computer software help programs hereinafter referred to as the Documentation is for the end user s informational purposes only and is subject to change or withdrawal by CA at any time This Documentation may not be copied transferred reproduced disclosed modified or duplicated in whole or in part without the prior written consent of CA This Documentation is confidential and proprietary information of CA and protected by the copyright laws of the United States and international treaties Notwithstanding the foregoing licensed users may print a reasonable number of copies of the documentation for their own internal use and may make one copy of the related software as reasonably required for back up and disaster recovery purposes provided that all CA copyright notices and legends are affixed to each reproduced copy Only authorized employees consultants or agents of the user who are bound by the provisions of the license for the product are permitted to have access to such copies The right to print copies of the documentation and to make a copy of the related software is limited to the period during which the applicable license for the Product remains in full force and effect Should the license terminate for any reason it shall be the user s responsibility to certify in writing to CA that all copies and partial copies of the Documentat
96. Comment Manually add a comment to the ticket Add Attachment Add an attachment or URL to the ticket View Transaction Log The transaction log provides a history of the ticket related actions executed since the creation of the ticket View Parent Opens the current ticket s parent s ticket View Initiators View of list of the users who launched this ticket View Children Opens a table which provides you with information concerning the leaf that is located below the current ticket For the Request Parent ticket this means that you can view information concerning the link s Approver ticket View Role Opens the Role s card View Entity The Add New Role Approver tickets review links between the new role and other entities This button will provide you with the entity card associated with the entity to be linked to the new role More information Add Comment see page 68 Add Attachment see page 69 View Transaction Log see page 69 View Initiators see page 111 View Parent see page 111 View Entity see page 113 View Children see page 112 Chapter 12 Role Definition Tickets 197 Add New Role Ticket Tree Self Service Request New Role Approver Ticket During the third stage of an Add New Role Approval Process after the role manager has approved the suggested links to the new role a new set of Approver tickets is generated These tickets are standard Link Entity Role Approver tickets one for each link r
97. Mills Robert DOMAIN Mills_Robert Due Date 1070672009 00 00 00 Status Pending Action Title User Certification Allen Sherman Initial User Audit Reassigned From Allen Sherman To set all the entities in this ticket press one of vV N T 1 2 of 2 iy X b Progress Violations Person ID User Name Organization Organization Type Comment IS P P FP Emm 9 11 56 99883110 Bean Frank Purchasing Corporate Oo IS Roles 4 4 X D gt Name Violations Relation Type Description R P FP apmpur Direct Sage Role IT 67565330 History 4 R P FP ADMGNRL 2 Direct Sage Role IT 67565330 History Oo PR P BASIC Roe Direct New Role Org Enterprise 82922230 History Role R P FP S Direct S Purchasing 82922230 History oO Resources 7 PPP Ho os 93 86023090 Sterling Kent Human Corporate o Resources Approver Progress M ahar Save and Reassign Hide Selected Save Close Following the instructions found in Campaign Approver Tickets see page 93 Robert approves or rejects the various links More information Campaign Approver Tickets see page 93 Chapter 4 Showcasing the CA RCM Portal 45 Running a Campaign A Case Study Checking the Campaign s Progress As a campaign owner Gary monitors the progress of the approvers and makes sure that they are aware of the campaign s deadline To check on the campaign s progress Gary clicks the View Ca
98. Only alerts related to the specified BPR are included in the report The drop down shows all BPR files in the CA RCM database Use the following parameters with the Role Modeling Methodologies Comparison report Master Configuration Specifies the configuration used as a reference in comparing several configurations The drop down shows all configuration files in the database Master Configuration Label Defines a text label for the reference configuration Configuration n Specifies a configuration that is compared to the master configuration The drop down shows all configuration files in the database Parameters and Filters for Report Generation Label Defines a text label for the corresponding configuration Use the following parameters when working with campaign related reports Campaign Specifies the campaign the report will reference The drop down lists all campaigns defined in the portal All Approvers All participants who must approve privileges for users or resources they manage are included in the report Select by Field Specifies a user attribute field used to select participants The drop down shows all user attributes defined in the campaign s affiliated configuration file Select an attribute and existing values in the configuration file are listed Click a value to use it as a filter Only participants with that attribute value are included in the report Use the following parameters with the Life Cycle Rep
99. Page lt data gt 286 Portal User Guide Sample Portal Structure XML lt checkPermission gt true lt checkPermission gt lt tag gt lt tag id ConfigurationRolesFull gt lt type gt report lt type gt lt label gt Configuration Roles Full lt label gt lt data gt com eurekify web reports parameters configurationattributes roles ConfigurationRolesFullParametersPage lt data gt lt checkPermission gt true lt checkPermission gt lt tag gt lt tag id ConfigurationResourcesFull gt lt type gt report lt type gt lt label gt Configuration Resources Full lt label gt lt data gt com eurekify web reports parameters configurationattributes resources ConfigurationResourcesFullParametersPa ge lt data gt lt checkPermission gt true lt checkPermission gt lt tag gt lt tag gt lt tag id PrivilegesQualityManagement gt lt type gt internal lt type gt lt label gt Privileges Quality Management lt label gt lt checkPermission gt true lt checkPermission gt lt tag id OverlappingRolesByUsers gt lt type gt report lt type gt lt label gt Overlapping Roles By Users lt label gt lt data gt com eurekify web reports parameters overlappingroles OverlappingRolesByUsersParametersPage lt data gt lt checkPermission gt true lt checkPermission gt lt tag gt lt tag id OverlappingRolesByResources gt lt type gt report lt type gt lt label gt Overlapping Roles By Resources lt label gt lt data gt com eurekify web r
100. Resource Name 2 m Resource Name 3 Additional fields optional Up to 6 additional fields Example System Administrator Unix 348 Unix AIX ControlSA ESS Marketing Managers NT 720 NT Windows PR Planning Configuration File Each line in this file represents one entity and or one relationship Reference to Static Users and Resource Databases This section comprises the first two lines in the file and it provides a reference to the users and resource database files These lines have the following formats UsersDB lt Users Database File Name gt ResDB lt Resource Database File Name gt Multiple configurations may share the same users and resource database files even if only a small number of users and or resources actually participate in each configuration 294 Portal User Guide Configuration File Entities Relationships This section describes the entities that participate in this configuration The first set of lines identifies the users one line per user in the following format User lt CA RCM UserlD gt lt SA User ID gt The CA RCM User ID is used to describe the rank of the user in the users database file with the first number being O thus the fourth user in the database will have a CA RCM User ID of 3 The second set of lines identifies resources one line per resource in the following format Res lt CA RCM Resource ID gt lt User Group Name gt lt Resource Name gt lt Resource Type gt
101. Role The role manager approver ticket generated when a request is made to add a new role to the configuration Chapter 12 Role Definition Tickets 175 Introducing the Requests Table 176 Portal User Guide Update Role The role manager approver ticket generated when a request to update role definitions is made or in the special case of multi user requests to enroll users in a role where the number of users exceeds the system s threshold Entity managers are assigned to an Approval Process as approvers based on the link type For example for a Delete Link User Role process the user s manager and the role s manager will be assigned as approvers Users can become approvers for other users only if the Approver s name appears in the manager column of the Universe s Model configuration files for the specific user Users can become approvers for Roles and or Resources only if they are listed in the configuration s RACI presentation under Accountable this means that a specific user becomes accountable for a specific entity Therefore if you are listed as an entity manager you will receive Approver tickets when an administrator runs an Approval Process involving your assigned entity Self Service managers have overall control of the approval process They can transfer responsibility of the process to another manager or cancel the process when necessary As the Role manager for the role that is under review you are tasked with reviewing t
102. Sherman Initial User Audit Open New New New New New New New New New New In Progress a0 Pending 1 Action Pending 3 Action Pending Action a Pending Action 18 Pending 4 Action Pending 7 Action Completed 2 Pending 5 Action Pending Action a0 Pending 2 Action Campaign Campaign Manager Approver Campaign Manager Approver Campaign Manager Approver Campaign Manager Approver Campaign Manager Approver Campaign Manager Approver Campaign Manager Approver Campaign Manager Approver Campaign Manager Approver Campaign Reassigned Approver 03 06 2009 14 46 11 03 06 2009 14 46 12 03 06 2009 14 46 12 03 06 2009 14 46 12 03 06 2009 14 46 12 03 06 2009 14 46 12 03 06 2009 14 46 12 03 06 2009 14 46 12 03 06 2009 14 46 12 03 06 2009 14 46 12 03 06 2009 15 53 44 Hill Gary DOMAIN Hill_Gary Hill Gary DOMAIMHill_Gary Goodman Bruce DOMAIN Goodman_Bruce Cooper Amos DOMAIN Cooper_Amos Herman Barbara DOMAIN Herman_Barbara Katz Nancy DOMAIN Katz_Nancy Levi Jay DOMAIN Levi_Jay Allen Sherman DOMAIN Sherman_Allen Schwarts Barry DOMAIN Schwarts_Barry Purple Mary DOMAIN Purple_Mary Allen Sherman DOMAIN Sherman _Allen 7 Mills Robert DOMAIN Mills_Robert More information Campaign Approver Tickets see page 93 Reassigning a Link see page 98 42 Portal User Guide Running a C
103. Study nc a T N N N warn RR wna N wana wan ae natn VR TRN 37 Defining a New User Campaign 0 ccc ccc cence cece nent been ene e eens 38 Reassigning Links to Another Approver 0 c cece cece cece eee eee ete eee eee eeneee 40 Starting the User Campaign e e e roserne rnor serren ooreen renro eee eens 43 Examining a User s INKS cc awd aus awaw ten ads ae ta aes ak ets ae es OW a a ERRES 44 Contents 5 Checking the Campaign s Progress ccc ccc ee eee ene e eee n ene t eee n eens Sending Reminders to ApproverS 0 ccc ccc ccc eee eee een eee ence eee e ee neees Starting the Approval ProceSS e Chapter 5 Presenting the Home Page The TH CK CES Pai Sia see sees eats ttc ea et ees ts a eae ete ea act ear oa artes Senn San at er ear rar eee eae The Reports Bar i24s 44sc446464 644 242485 65 28 GA ESSE EL ERE GAEDE ELISE SEE REE ELERE EARLE ROIS The BUSINESS PFOGESSES Bar sence eocs os ann eee er serge EEEE EE gee be E Bee ea Rae eve Boe te ee ee es Chapter 6 Tickets and the Ticket Queue Ticket Life Cycle N E RN E ae a N RN NN N a REE Ticket TY PCS sinrega K R KR RR RA RR E RER E R REA A R REA A R E N SRR E ES Tieke Stale e E E A E E E E E E EE EE E EE E EE Ticket Stats eee ea E E E E E Ticket TableS TTT Main Screen Layout 0 eee eee eee eee Gie E EGE EE R E gegen ie ese EG Main Screen Operations 4 004s40 46446adeee4eas4s4e4 aged RN RR seed sees sees igasasad Adminis
104. The Other Roles section provides the following options Add A column of check boxes one per role Select one or more to link the selected users to additional roles Role Name Click any highlighted role name listed in this column to open its Role Card Customize Allows you to determine the columns that will appear in the Other Roles table Records per page Select the number of records that will appear in the Other Roles table per page Find Roles Opens the Select Role filter screen to assist you in locating specific roles Test Compliance Checks whether the selections made in the Other Role table comply with existing policies and BPRs Business Practice Rules Suggest Roles Provides a list of possible roles based on the CA RCM pattern recognition technology Chapter 11 Running Self Service Tasks 145 Manage My Team s Role Assignments This table presents you with several options R You can manually select one or more roles that you wish to link to the selected users R You can use the Find Roles filter option to find specific roles and then make a selection from the filtered list of roles R You can click Suggest Roles and use the information provided by this feature to link roles to the selected users After making your selection s you can test the compliance of your selections with the existing BPRs and policies You can decide to make the request despite any listed violations or you can amend your selections
105. Transaction Log see page 69 View Parent see page 111 View Initiators see page 111 View Entity see page 113 View Violations see page 191 View Violations Add New Role Ticket Tree A violation is a breach of corporate security policies guidelines BPRs and or regulations The CA RCM identifies such infractions When seeking to decide whether to approve or reject a request to create a link between a role and other entities within a Role Definitions Approver Process Approver ticket you can use the View Violations utility to see whether there are any violations connected to the Self Service request you are examining When you click View Violations you open the View Violations window in a separate browser window Click Close to close the window You can use this utility to view a list of the violations connected with the link s under review The View Violations table has three columns Name The violation title Description Provides the details of the violation Score The score as listed when the BPR was first generated Click View Violations to view the View Violations screen in a separate browser window Click Close to close the browser window Chapter 12 Role Definition Tickets 191 Add New Role Ticket Tree Role Approver Ticket Add Role 192 Portal User Guide The second stage of the Add New Role Approver Process starts after you have selected an user as the role s accountable and clicked Continue A Ro
106. URL text box 3 To attach a file enter the file name or locate it using the Browse option 4 Click Save The Executing bar appears The URL file appears in the Ticket Properties Form under Attachments You can open the URL or file by clicking on the provided link The transaction log provides a history of the ticket related actions executed since the creation of the ticket The View Transaction Log table provides the following information Date The date when the transaction took places User Full user name Action The type of action taken Message A full description of the action taken Chapter 6 Tickets and the Ticket Queue 69 Info tickets Info tickets To view the campaign s transaction log 1 Click Advanced at the bottom of the Ticket Properties Form 2 Click View Transaction Log The View Transaction Log table opens in a separate browser window 3 Click Close to close the pop up Info tickets provide users with notification of changes made to the system s configuration files For example when a role definition is updated the role s manager is informed of the changes The info ticket type is the same type as the ticket that was its origin For example an info ticket sent following an approval by both a role manager and a user manager of a request to delete the link between the user and role will be of the type Delete Link User Role Receiving an Info Ticket 70 Portal User Guide The following lists who rece
107. ager has approved the enrollment of all the users in the Approver ticket stage 3 begins and a new set of tickets is generated Stage 3 Includes examples of possible Request sub trees for an Add Role ticket tree Ticket Approval Root ticket 2 Self Service Main Request Parent Ticket Select Accountable Approver Ticket 2 Self Service Request Parent ticket 186 Portal User Guide Description Same ticket Same ticket This Task ticket has been completed and is currently archived This Role Approver ticket has been completed and is now archived A Link User Role parent ticket Add New Role Ticket Tree Approver Ticket Only one ticket A Link User Role approver ticket 0 Self Service Request Parent A Link Role Resource parent ticket ticket Approver Ticket Only one A Link Role Resource approver ticket The number of Link User Entity sub trees depends on the number of role entity requests that were originally submitted If a request was made to enroll 10 users to a role then there will be 10 Link User Role subtrees generated during the third stage of the Add New Role Approval Process The Link Entity Role parent and approver tickets are standard tickets More information Introducing the Requests Table see page 171 Self Service Request New Role Parent Ticket see page 195 Self Service Request New Role Approver Ticket see page 198 Select Accountable Ticket Add New Role One of the advantages
108. al Processes this button is disabled as the procedure starts automatically when the tickets arrive in the approvers Ticket Queues Cancel Process Allows you to manually stop the Approval Process at any stage Acknowledge This function is disabled until the Approval Process has been completed This section provides instructions for the following functions Cancel Process m Acknowledge More information Delegate see page 108 Escalate see page 106 Cancel Process see page 115 Acknowledge see page 116 As the Approval Process owner you have the authority to cancel an Approval Process when necessary When you choose to cancel an Approval Process click Cancel Process and a Confirmation pop up window opens Click Yes to cancel the current Approval Process and the Executing bar appears When done the ticket and it s tree no longer exist Chapter 9 Approval Process Tickets 115 Approval Process Root Ticket Acknowledge When you first open the Approval Root ticket you will find that the Acknowledge button is disabled It will only be enabled when all the Approver tickets belonging to the ticket tree will be reviewed and each request either rejected or approved Click Acknowledge to finish the Approval Process The Executing bar appears When the process is complete the ticket is archived Approval Root Ticket Advanced Functions View Statistics The Approval Root ticket provides the following Advanced functi
109. ampaign A Case Study Starting the User Campaign After checking approver assignments Gary opens his campaign owner ticket a Ticket Properties Form Campaign Ticket Id 348 Owner Hill Gary OOMAINHill_Gary Due Date 10 06 2009 00 00 00 Status Pending Action Title linitial User Audit User Certification More Universe Current Universe Campaign Type USER Link Filter Direct Indirect Dual Auto Generate Permissions true Configuration modelw_emails Audit Card model_w_emailsAudit3 Entity Filter No Filter Start Campaign Stop Campaign Restart Campaign Archive Start Approval Processes iew Campaign Progress Escalation E mails To start the campaign Gary clicks Start Campaign Emails are sent to all approvers and tickets relating to this campaign are now visible to them when they log in to the CA RCM portal From TMS rcm com Sent Wed 6 3 2009 3 08 PM To Cooper Amos cc Subject User Certification Campaign Notification Initial User Audit Dear Amos Cooper DOMAIN Cooper Amos Due to security and compliance policies you are required to periodically certify the assigned roles and privileges of the people that report to you Your account DOMA TN Cooper Amos was granted Access to the CA Role amp Compliance Manager Portal in order to accomplish this task In order to start please open CA RCM Portal Please note This campaign due date is 10 06 2009 00 00 00 Thank yo
110. an take advantage of Audit Cards and utilize them during a certification campaign by providing the name of the Audit Card in the Add Campaign screen In this case the Audit Card provides a kind of overlay over the entities being certified enabling the display of the current violations The campaign entities are matched with the violations in the selected Audit Card and for each such entity or link that is found to have a violation associated with it the campaign presents the entity or related entity in case of link in red and the number of violations is displayed in red as well in the Approver ticket s entity link table in the Violations column For example if there is a pattern violation regarding a user e g the user is suspected as a collector or if there is a compliance violation for a user who is not allowed to have both roles A and B and yet it is found that the user is linked to both roles Such a finding will cause the user name to appear in red in the campaign s Approver ticket entity table You can click the violation number to display the relevant violations in a separate browser window You can also apply the Audit Card to a campaign as a kind of filter which will place restrictions over which entity links are displayed in the Approver tickets and which are not In this case in addition to selecting an Audit Card in the relevant field in the Add Campaign screen you will also have to select one of the available op
111. ared by the Eurekify Sage DNA system to the original master configuration files The differences are then uploaded to the production computer RACI A RACI diagram or RACI matrix is used to describe the roles and responsibilities of various teams or users It is especially useful in clarifying roles and responsibilities in cross functional departmental projects and processes Within the Eurekify Portal this is the source of the Approvers mentioned in this manual They are listed in the Accountable configuration file The RACI diagram divides tasks into four participatory responsibility types which are then assigned to different roles in the project or process 298 Portal User Guide Role to Role Link Ticket Universe Violations Workflow The following responsibility types make up the acronym RACI Responsible Those who do work to achieve the task There can be multiple resources responsible Accountable Also Approver The resource ultimately answerable for the correct and thorough completion of the task There must be only one A resource specified for each task Consulted Those whose opinions are sought Two way communication Informed Those who are kept up to date on progress One way communication Very often the role specified as accountable is also specified responsible Outside of this exception it is generally recommended that each role in the project or process for each task receive at most one of the partic
112. ata gt lt checkPermission gt true lt checkPermission gt lt tag gt i lt tag gt lt tag id PolicyManagement gt lt type gt internal lt type gt lt label gt Policy Management lt label gt lt checkPermission gt true lt checkPermission gt lt tag id PolicyVerificationReport gt lt type gt report lt type gt lt label gt Policy Verification Report lt label gt lt data gt com eurekify web reports parameters universeconfigurationreports PolicyVerificationParametersPage lt data gt 288 Portal User Guide lt checkPermission gt true lt checkPermission gt lt tag gt lt tag gt lt tag id Campaigns gt lt type gt internal lt type gt lt label gt Campaigns lt label gt lt checkPermission gt true lt checkPermission gt lt tag id FullCertificationReport gt lt type gt report lt type gt lt label gt Full Certification Report lt label gt Sample Portal Structure XML lt data gt com eurekify web reports parameters campaign FullCertificationParametersPage lt data gt lt checkPermission gt true lt checkPermission gt lt tag gt lt tag id CertificationProgressReport gt lt type gt report lt type gt lt label gt Certification Progress Report lt label gt lt data gt com eurekify web reports parameters campaign CertificationProgressParametersPage lt data gt lt checkPermission gt true lt checkPermission gt lt tag gt lt tag gt lt tag gt lt tag id Adminis
113. ater m Less m Between a In a Is null a Is not null Not equal m Like Item Based on the column name you can select an item from a drop down list or enter free text For example m Ifthe column name is Status you can select Pending Action from the drop down list m Ifthe column name is Owner you can enter free text Chapter 6 Tickets and the Ticket Queue 63 Ticket Tables Refresh 64 Portal User Guide The Search Ticket window provides two functions Add Condition Allows you to add an additional filter rule to the search criteria The dependency between the rules is that all the criteria must be met AND in order for a record to be located Delete Allows you to delete the filter rule located next to the button Note The search only checks the top most ticket in each ticket tree within the Ticket Queue To search the Ticket Queue s table 1 Click Search on the Ticket Queue s menu bar The Search Ticket screen opens in a separate browser window 2 Create a rule by making selections from the search fields Click Add Condition to add additional rules 3 Click OK when you are satisfied with the query you have generated 4 If there are tickets that match your filter statements they appear in the ticket table The Clear Filter button is added to the Ticket Queue s menu bar 5 Click Clear Filter to return to the original filtered by Ticket QUeue menu options ticket table The Refresh button lets you up
114. ation campaigns m Analyze role hierarchies and user resource assignments in detail R Share management level information on role based access control and compliance activities CA RCM provides a range of predefined report types which can be customized by specifying filter sorting and threshold parameters The following table describes the steps to generate a report in CA RCM Step Refer to 1 Select a report to run Report Types see page 212 2 Select data files specify Parameters and Filters for Report customization parameters and Generation see page 213 generate the report 3 View the report in your browser Display a Report s Index see page 216 and Change Report Parameters see page 216 4 Export the report to a file or print Export a Report to a File see it page 216 or Print a Report see page 217 This section contains the following topics Report Types see page 212 Parameters and Filters for Report Generation see page 213 Display a Report s Index see page 216 Change Report Parameters see page 216 Export a Report to a File see page 216 Print a Report see page 217 Chapter 14 How to Generate Reports 211 Report Types Report Types 212 Portal User Guide Reports are accessed from the CA RCM portal by choosing Reports from the main menu Reports are grouped into the following categories Configuration Reports detailed listings of users resources
115. ation each time it s imported Important Each Universe has a unique configuration associated with it Do not create more than one universe for any master model configuration To create a Universe 1 On the Administration menu click Settings The list of available options appears 2 Click Universe Settings The Universe list appears displaying existing universes 3 Click Create Universe The Create New Universe screen opens 4 Provide a unique Universe Name and Description 5 Provide a unique Master configuration name 6 Provide a unique Model configuration name Note We recommend that when generating a new Universe that you use the terms Master Model as part of the configuration file names For example Master_configWithRoles cfg and Model_configWithRoles cfg respectively 7 The remaining fields depend on the existence of the configuration provided Note If the configuration exists and it is located in the database the CA RCM Portal autocomplete feature will allow you to select content from a list of options for each field Chapter 15 Using Administration Functions 231 Setting a Universe Editing a Universe 232 Portal User Guide 8 Select the Configuration lt data gt login email user manager role manager and resource manager fields from the drop down lists 9 Optional Select an Audit settings file from the drop down list 10 Click Save The universe is created and will appear in the Universe List Note
116. automatically creates the A configuration based on the Owner or Manager fields of the Universe Chapter 15 Using Administration Functions 253 RACI Operations Synchronize RACI 254 Portal User Guide To create the RACI configurations 1 On the Administration menu click Create RACI The Create RACI configurations screen opens 2 Select a Universe from the drop down 3 Click Create RACI An appropriate notice appears when the process is completed Note If the RACI configuration files become corrupted you can access them through the CA RCM DNA module On the File menu click Review Database This allows you to view delete the files More information CA RCM Configuration Settings see page 252 Once the Universe s RACI configuration is created it needs to be maintained in order to account for additional entities which are added to the universe and therefore should also be reflected in the Universes RACI Note RACI synchronization does not affect the links already present in the RACI configurations It just adds new entity data or deletes entities that no longer exist This means that if an existing entity s manager was changed the Synchronize RACI utility will not update this information To synchronize the RACI configurations 1 On the Administration menu click Sync RACI The Sync RACI Configurations screen opens 2 Select a Universe from the drop down 3 Click Sync RACI An appropriate notice appears when the pr
117. bout Security amp Permissions 261 Permissions Gfilters Filter Format 262 Portal User Guide More information Gfilters see page 262 This section explains the syntax of the filter used in the Filter type resources The filtering is based on LDAP filtering of Sage entities The Sage LDAP filter is designed implicitly define a set of Sage entities users roles or resources The filter is based on the standard LDAP filter format with some minor adjustments The filter format relies on the LDAP pre fix filter The filter is constructed from an expression which in turn may be constructed from sub expressions Each expression should by surrounded by round brackets and should represent a set of Sage entities The simplest form of expression is a pair of a Sage entity field name and a regular expression representing desired values with an equality sign between them For example Location Cayman or PersonID 86 Another simple form of expression is Location gt Cayman which will bring users whose Location field lexicographically follows Cayman Thus an expressions such as amp UserName gt A UserName lt B brings users whose Organization field is IN THE RANGE of A B inclusive Another type of simple expression is available for retrieval of relations It starts with the sign followed by brackets with a pair of relation type user role resource and the related entity name separated by an equals sig
118. campaign s Ticket Properties Form The General section of the Campaign Ticket Properties Form contains the following fields Universe The name of the universe on which the campaign is being run Campaign Type There are three possibilities User A campaign in which the approvers certify the entitlements of the user under their management The certification is in regard to the user s roles and resources Improper entitlements can be rejected Role A campaign in which the approvers certify the connection of the roles under their management The certification is in regard to the role s linked users and resources The certification also examines role to role hierarchal links Improper entitlements can be rejected Resource A campaign in which the approvers certify the connection of the resources under their management The certification is in regard to the resource s linked users and roles Improper entitlements can be rejected Auto Generate Permissions True or False When true the campaign overrides the system permissions and automatically provisions the campaign permissions Audit Card The name of the Audit Card Entity Filter The entity filter More information Adding Campaigns see page 219 Chapter 7 Running Campaign owner Tickets 79 General Campaign Ticket Functions Advanced Campaign The Advanced section appears below the campaign ticket s General section and above the Campaign Management section It
119. can see a filter that you can use to select which transactions you want to view lt Column gt Select the column that will determine which transactions will be viewed in the Transaction Log table You can filter the table contents based on the following options m Source The subsystem where the transaction originated m Owner Owner or ticket ID a SDatal a SData2 m SData3 lt text box gt Enter any data that may appear in the selected column to further filter the transactions The text is case sensitive OK Updates the data presented in the transaction log table If no filter was supplied all the existing transactions are listed Delete All Deletes all the transactions saved by the CA RCM system Records per page Select the number of records that will appear in the table The following table provides some information on possible sources of transaction logs com eurekify utils TXLogClientImpl Refers to completed Approval Processes CA RCMScheduler Refers to transactions involving the Job Scheduler SageDal Refers to transactions concerning the configuration files TMS Acronym Ticket Management System Chapter 15 Using Administration Functions 245 Cache Manipulation To view transactions in the Transaction Log table 1 On the Administration menu click TxLog Page The Transaction Log screen opens 2 Optional Filter the data you want to view in the Transaction Log table Select a field from the Column d
120. cc cece eee ete eee e ene eneee 145 Manage My Role Assignments 0 0 c ccc cece cee teen ence eee tee t een eee e eee 147 General Section Manage My Roles Screen 0 cc cece tne nee e tee e eee neee 148 Currently Enrolled Roles Table Manage My Role Screen 0 cece cece cece eee eens 149 Other Roles Table Manage My Role Screen 0 ccc ccc cece ete eee e eee e eens 150 Manage My Team s Resources e ce ene n ene errero rrer e error renren 152 General Section MMT Resources Screen 2 ccc eee ene e een tect errero o 153 Users Table MMT Resources Screen 0 ccc cc cee teen error nen eee e teenies 154 Currently Enrolled Resources Table Manage My Roles Screen 2 cece ee eee eens 155 Other Resources Table MMT Resources Screen 0 ccc ccc cece cnet eee eens 157 Manage My ReSOUICES csscacccartataaeas eee caw EEEE E EE eewdaee cane caw eas 159 General Section Manage My Resources Screen 0 ccc cece ete cent een eeeee 160 Currently Enrolled Resources Table Manage My Resources Screen 0 cece eee 161 Other Resources Table Manage My Resources Screen 0 ccc cc cece teen e eee 161 Defining a NeW Role cessos 2246 voei eh sSa hed r Posies iesadadeadsadsd tie iaasdsieiaedaes 164 Request New Role Definition Screen e e cece eee net e eee teens 164 Definitions for Role Name New Role Name 0 c cee nenun rnnr runerne 168 Updating Role DEfi
121. ck Find Resources to access the Select Resource filter screen 3 Optional Click Suggest Resources to see the CA RCM Portal s recommendations 4 Select one or more resources to link to the chosen users 5 Optional Click Test Compliance to review your selections and check for possible violations The Violations screen opens in a separate browser window Click X to close the Violations window 6 Click Submit The Requests screen opens More information Approval Process Tickets see page 103 Customizing a Data Table see page 19 Setting the Number of Records Per Page see page 20 Filtering a Data Table see page 20 Suggesting Entities see page 137 Test Compliance see page 135 Manage My Resources Manage My Resources As a user you may find it necessary to request an update to your resources because of corporate changes resource changes or following an audit process The Manage My Resources screen allows you to manage your resources by generating a request to add new resources or by deleting existing resources The screen is divided into three sections General Provides descriptive information concerning the current action Currently Enrolled Resources The current resources linked to the selected users Other Resources A list of available resources The Other Resources section displays a customizable table As the Manage My Resources screen allows many options and great flexibility the
122. cket and the Role Approver tickets are listed Stage 3 All the Request Parent tickets for each requested link are listed Note that the new role s manager is the listed owner of these tickets Notice the ticket Type for information on what ticket you are currently viewing Add New Role Ticket Tree During an Update Role approval process you can see Stage 1 The Role Approver ticket is listed Stage 2 All the Request Parent tickets for each requested link are listed Note that the new role s manager is the listed owner of these tickets Notice the ticket Type for information on what ticket you are currently viewing Click Close Children to close the table Add New Role Ticket Tree This process is started by the manager who made the Self Service request the Self Service Manager When an instruction to begin an Approval Process is given the CA RCM generates a hierarchal Approver Process ticket tree The Self Service Request a New Role Definition Add New Role task tickets are generated in stages 1 Select Accountable A Task ticket sent to the Self Service task manager 2 Role Approver An Add Role ticket sent to the Role manager 3 Link Approval Process sub trees One Link Entity Role parent and one Link Entity Role approver ticket for each request made during the original Self Service task The parent ticket is always assigned to the Role manager The Add New role ticket tree is constructed as follows Stage 1
123. ckets Delegating an Info Ticket 72 Portal User Guide This function lets you transfer the info ticket to another manager thus sharing important information Once you have transferred the selected ticket to the new ticket owner the original ticket is archived and will no longer appear in your list of active tickets Only the current ticket owner can delegate a ticket When a ticket is delegated a new ticket is generated with the new owner listed in the Owner field and the manager who delegated the ticket s is listed in the Previous Owner field A comment is generated stating that the ticket has been Delegated to current owner This comment appears in both the old ticket and in the new ticket When viewed in the original ticket owner s Archive screen Ticket Queue Archived tickets the old ticket and the new ticket create a hierarchal tree in which the original ticket the Status is set to Delegated is the root ticket and the new ticket is the next node To delegate a ticket select a user from the list of appropriate users The Find Delegate Users screen is divided into two sections The filter Located in the window s header The filter lets you narrow down the list of proposed approvers The proposed users This table presents a pre filtered list of users who can receive the delegated approval task s This list can be filtered to aid in finding a specific user The names listed in the proposed users list are governed by sev
124. d The campaign ticket appears in the target user s Ticket Queue Chapter 7 Running Campaign owner Tickets 81 General Campaign Ticket Functions More information Filtering a Data Table see page 20 CA RCM Properties see page 277 Escalating a Campaign 82 Portal User Guide This function provides you with the option to transfer the campaign management to a more senior manager Once you have selected the new campaign administrator the campaign s ticket is archived and will no longer appear in your list of active tickets When a campaign is escalated a new root ticket is generated with the new owner listed in the Owner field and the administrator who escalated the campaign is listed in the Previous Owner field A comment is generated stating that the campaign has been Escalated to current owner This comment appears in both the old root ticket and in the new root ticket The new root appears as the top level in the new owner s campaign ticket and as the second level in the previous owner s archived campaign ticket To escalate a campaign you have to select a user from the list of appropriate users The Find Escalate Users screen is divided into two sections The filter Located in the window s header The filter lets you narrow down the list of proposed approvers The proposed users This table presents a pre filtered list of users who can receive the escalated approval task s This list can be filtered t
125. d Completed Successfully Description A description of the ticket It includes the details of the request Request was submitted on Universe Universe name from Campaign Title For example The request to delete role Organization System Management Characteristic Role 100 0 Min 40 from user Angel Ben 67283470 was approved and completed successfully Request was submitted on Universe Portal from Link of Team to Role s Use this ticket s functionality when you wish to transfer the specific info ticket to the management or attention of another user You can use the options in the ticket s Advanced section to access additional information concerning the current ticket More information The Ticket Properties Form see page 65 126 Portal User Guide Approval Process Info Tickets General Approval Process Info Ticket Functions The Rejected Link Parent ticket provides the following General functionality Close Closes the info ticket Save Saves the changes made to the ticket Delegate Transfers the info ticket to another manager Escalate Transfers the info ticket to another manager Acknowledge Click after reading the information provided by the info ticket The info ticket is archived Click Acknowledge to end the process The info ticket is archived More information Delegate see page 108 Escalate see page 106 Advanced Approval Process Info Ticket Functions The Approval Process info tickets provide
126. date the contents of the current ticket table It is especially useful following the performance of actions that change the ticket s state and or status Click Refresh to update the ticket list displayed on screen Administrator View User View Administrator View User View The Admin View User View button allows you to toggle between two views of the Ticket Queue User View The standard Ticket Queue features available to all users dependent on their permissions Admin View Allows you to view all the campaign tickets in the system even those that were created by other managers The Admin View option is only available to the super administrator The buttons will only appear for users that are linked to the role defined in eurekify properties as the system administrator role The default out of the box option is sage admin role CA RCM Admin Role More information About Security amp Permissions see page 257 CA RCM Properties see page 277 The Ticket Properties Form When you click on a ticket listed in the ticket queue the Ticket Properties Form for that ticket opens in a separate browser window The content of this screen depends on the type of ticket you are viewing The screen presents you with both data and functionality The top part of the screen is always the same and contains the ticket information Field Description lt Ticket Title gt The type of ticket you are viewing appears in the screen s
127. digits and the percentage 33 listed next to it More information Tickets and the Ticket Queue see page 53 The Ticket Properties Form see page 65 Auditing Links see page 95 General CMA Ticket Functions see page 101 Advanced CMA Ticket Functions see page 102 Auditing Links Auditing Links The CA RCM Portal generates Campaign Manager Approver tickets Approver tickets CMA tickets as part of a campaign These tickets contain links that have to be examined The Approver is responsible for approving rejecting or reassigning links between entities This section describes actions available for Approver tickets Presenting the Entity Links Table Approving a link Rejecting a link Reassigning a link Adding comments to a specific link Presenting the Entity Links Table Campaign Manager Approver tickets CMA Approver tickets present all the links for each entity listed in the ticket based on the campaign definitions Every Approver ticket presents the links in an entity link table When you first open the CMA s Ticket Properties Form you will find that the hierarchal entities tree is collapsed The visible entity is the target of the campaign For example in a user campaign you will see a table of users When you expand the tree for each entity listed in the table you will see entity tables for the linked entities The following table describes the entity tables found in each Approver Ticket type
128. e 265 The following lists the various possible ticket states New Indicates a new ticket that hasn t yet been opened by the user Open Indicates that the ticket has been opened Hidden Indicates a ticket that is not visible to its assigned user Done Indicates that the action referred to by the ticket has been completed Archived Indicates that the ticket has been archived Canceled Indicates that the ticket was canceled Ticket Status Ticket Life Cycle The following lists the various possible ticket statuses Active Indicates that the ticket is active Completed Indicates that the links listed in the ticket have been audited Delegated Indicates that the ticket was delegated by a more junior manager Done Indicates that the ticket s job has been completed Escalated Indicates that the ticket was reassigned to a more senior manager In Progress Indicates that the ticket is being processed None Indicates that there is an error related to this ticket so it cannot be processed Pending Action Indicates that the ticket is waiting for a user to take action Reassigned Indicates that a link approval has been sent to another entity manager Rejected Indicates that a link has been rejected Chapter 6 Tickets and the Ticket Queue 59 Ticket Tables Ticket Tables 60 Portal User Guide The Ticket Queue enables you to display and interact with tickets that are displayed in table format You can view your own
129. e Engineer can determine the current role configuration s goodness of fit and decide which direction to take to refine the configuration Note The alert criteria reported in the audit card dashboard reflect the pattern analysis settings used to generated the selected audit card For detailed information about these pattern analysis options refer to the Sage DNA User Guide Compliance Dashboard Compliance Dashboard The compliance dashboard is a portal page that provides a graphical summary of possible violations of Business Policy Rules BPRs Typically several audit cards affiliated with the same configuration file are selected for display on the dashboard Use these graphs to compare the impact of different BPR rulesets and to identify business policies that generate significant violations in the role configuration To populate the dashboard scroll to the bottom of the page select an audit card from the CA RCM database and click Add to include the audit card s BPR alerts in the dashboard s graphs Note The compliance dashboard accepts only audit cards that contain alerts related to Business Policy Rules BPRs Only BPR related alerts are graphed pattern based alerts in the audit card are ignored Chapter 10 How to Use Dashboards 131 Chapter 11 Running Self Service Tasks The CA RCM Portal s Self Service feature provides local managers with the ability to do their own provisioning and or provision their team members o
130. e cath al ea the lan ch that 250 CA RCM Configuration SettingS cc nec ororen reroror rrer ene eens 252 RACI Operations sc26 lt 5c54 5040004 S0aeenes eas coee base eee ooaeeads eae eee ONE E EEE TEE aad 253 Create RACE anes anne ee i iC ree ee 253 Synchronize RAC snese ass an Sa N oe do aa aw da MA a Sa ae aw av a ew ee A a aa awe as 254 TMS AGIMIRISERALION g ccs sos s eee e een aorta een eras Sova wate sees eat ee sn eee een eae eee acne eee 255 System Checkup rororo 564 544664845954 558655 504 94 S9SG SASS EG GES GEGEN BGS BSS BASSE ASSESS REESE 255 Chapter 16 About Security amp Permissions 257 SECUN lt 0 400040005 EE SA E E EE te E es Oe ee eee ee teed oe ees oe eee ee EE EEE 257 Tumming SS CURIE OM 61 ce 8 ares Seed eee tee ace ce ore ae eee nara tna een 258 Authentication Settings 0 eee nee nee e eee eee tne eet e eee e eae 259 EM CY UN ON s era K es ct rete ett et et ate hd ET E R 259 PSU IU SS IONS vss cocectscats es aceite sesauate E tasra tates catara A E R totes A E A catia tauseateleus R 260 CA RCM Configuration Structure i 0i0icc0eeee0esdeee sea saevaeeveoeeoaeyeaeeeeawsoaean 260 GME eae cee E E 262 Portal Structure XML a aa A msarisan RAR RR RR RAR RR AA L 264 Chapter 17 Troubleshooting 265 Error MeSSaG amp s ssscscxA sudraseosmnoueianenaratowavanetawaaoueeanta ow atowaudaswanaaawdaaa as 265 Duplicating a Configuration 0 0 cece enn errno tee e ne tee ene ene enee 275 Appendix A CA RCM Properties 277
131. e management utility allows you to select a specific target role but it also provides you with suggested roles and the information necessary to make an informed choice The screen is divided into three sections General Provides descriptive information concerning the current action Currently Enrolled Roles The current roles linked to the selected users Other Roles A list of available roles The Other Roles section displays a customizable table As the Manage My Roles screen allows many options and great flexibility the procedures will be broken up by section The fields in the General section m The Currently Enrolled Roles table options and functionality The Other Roles table options and functionality To manage my role assignments click Mange My Role Assignments on the Self Service menu The Manage My Roles screen appears More information Customizing a Data Table see page 19 General Section Manage My Roles Screen see page 148 Currently Enrolled Roles Table Manage My Role Screen see page 149 Other Roles Table Manage My Role Screen see page 150 Chapter 11 Running Self Service Tasks 147 Manage My Role Assignments General Section Manage My Roles Screen The General section of the Managing My Roles screen contains the following fields Universe Select the Universe you wish to work with The users table and the available roles depend on the universe Business Area General information
132. e same campaigns Other users who do not have administration rights can see only their own tickets where they are listed as the ticket Owner Specific ticket data and functionality can be accessed by clicking on a specific ticket and opening its Ticket Properties Form in a separate browser window The data functions and options available to the user from within a Ticket Properties Form depends on the ticket type Tickets in general encompass two types of functions m Link related actions Ticket related actions Link related actions can be found in the Campaign Approver tickets Ticket related actions depend on the ticket type Ticket functionality includes general functions such as Close or Save that are generic for all ticket types and specialty functions that are available for specific types of tickets such as the View Campaign Progress option which is unique to campaign owner tickets or Acknowledge which is found in info tickets Chapter 6 Tickets and the Ticket Queue 53 The Business Processes Bar 54 Portal User Guide The complexity and extensive functionality available through the CA RCM Portal tickets is described in six separate chapters Chapter 6 Provides information concerning general ticket data and functionality shared by all types of tickets Chapter 7 Campaign Tickets Provides information concerning data and functionality available in campaign related tickets Chapter 8 Campaign Approver
133. earning the CA RCM Portal or because you need to generate a master model configuration set that can be used as the base line for a Universe you will create later in the CA RCM Portal This set of configurations can be based on an existing configuration which you would like to keep as is The new configuration pair can also be based on a partial configuration that you wish to investigate A CA RCM configuration consists of a configuration file cfg a user database file udb and a resource database file rdb The configuration file contains references to the user and resource database files Therefore you cannot use the operating system s copy paste rename functions in order to duplicate a configuration You need to actually change the content of the configuration file during the process You can use the Trim Configuration process provided by the CA RCM DNA module to duplicate a configuration This allows you to generate a configuration in which the new duplicate users and resource database files are referenced from within the new configuration file Note Refer to the DNA User Guide for details of the Trim Configuration function Important We recommend that when generating duplicate files for use with a Universe that you use the terms Master Model as part of the configuration file names Chapter 17 Troubleshooting 275 Appendix A CA RCM Properties This section contains the following topics Sample Properties File see pa
134. eate a campaign the status is Pending Action After you manually start the campaign the status changes to In Progress As the campaign owner you can open any ticket that appears in your campaign tree You can therefore open Approver tickets and reassign the processes links entities listed within When you click on the campaign ticket title the top level of the campaign tree the Ticket Properties Form opens in a separate browser window Campaign Ticket data and general functions Provides the ticket and campaign information This section also provides several high level functions such as Close Save Campaign Management provides the campaign management functionality Advanced provides additional functionality such as the ability to add comments or attachments view the transaction log or view the campaign children This section contains the following topics Campaign Ticket Data see page 77 General Campaign Ticket Functions see page 80 Campaign Management Functions see page 84 Campaign Ticket Advanced Functions see page 89 Campaign Approver Tickets see page 91 Campaign Ticket Data Campaign Ticket Data In the Ticket Queue select a campaign ticket The campaign s Ticket Properties Form opens in a separate browser window The window presents the Campaign Ticket Data in four sections Ticket data In this section you can find the basic ticket data Functions Provides the general campaign ticket functio
135. eb CreateRaciPage lt data gt lt checkPermission gt true lt checkPermission gt lt tag gt lt tag id SyncRaciPage gt lt type gt internal lt type gt lt label gt Syne RACI lt label gt lt data gt com eurekify web SyncRaciPage lt data gt lt checkPermission gt true lt checkPermission gt lt tag gt lt tag id TmsAdmin gt lt type gt external lt type gt lt label gt TMS Administration lt label gt lt data gt SAGE_SERVICE_URL tms ui admin lt data gt lt checkPermission gt true lt checkPermission gt lt tag gt lt tag id Settings gt lt type gt internal lt type gt lt label gt Settings lt label gt lt checkPermission gt true lt checkPermission gt lt tag id ConnectorSettings gt lt type gt internal lt type gt lt label gt Connector Settings lt label gt lt data gt com eurekify web settings ConnectorsSettingsPage lt data gt lt checkPermission gt true lt checkPermission gt lt tag gt lt tag id UniversesSettings gt lt type gt internal lt type gt lt label gt Universe Settings lt label gt lt data gt com eurekify web settings UniversesSettingsPage lt data gt lt checkPermission gt true lt checkPermission gt lt tag gt lt tag id PropertiesSettings gt lt type gt internal lt type gt lt label gt Properties Settings lt label gt lt data gt com eurekify web properties PropertiesPage lt data gt lt checkPermission gt true lt checkPermission gt lt
136. ector More information The Connector Settings Panel Tables see page 235 Creating a New Import Connector see page 235 Creating a New Export Connector see page 238 Running a Connector see page 240 Import Error Tickets see page 242 234 Portal User Guide Setting Connectors The Connector Settings Panel Tables The Connector Settings panel provides two connector tables Import Connectors Table Export Connectors Table Each connector table displays a list of available connectors ID numbers description and provides the options to Edit Delete or Run a connector The Create New button located above each table allows you to generate a new import connector or a new export connector To access the connector tables 1 On the Administration menu click Settings The list of available options appears 2 Click Connector Settings The Connector Settings screen opens To edit an existing connector 1 Click Edit next to the connector that you want to edit You cannot change the name of a connector The contents of the other fields can be edited To delete a connector 1 Click Delete next to the connector that you want to edit A confirmation prompt appears 2 Click OK to delete the connector Creating a New Import Connector Connectors utilize the CA RCM converters to import data from the system s endpoints You will need to know which converter you intend to use and the name and location of the settings
137. ed errcode error addattachment noname errcode error filter errcode error filter resultempty errcode error command revokecmd errcode error command revokecmd msg2 errcode 272 Portal User Guide Code tkt034 tkt035 tkt036 tkt037 tkt038 tkt039 tkt094 tms001 tms001 tms002 tms003 tms004 tms005 tms006 tms007 tms008 tms009 tms010 Description request to delete resource 0 from role 1 failed the request to delete resource 1 from role 0 was rejected request was submitted on universe 2 from 3 the request to delete resource 1 from role 0 failed request was submitted on universe 2 from 3 request to delete resource 1 from role 0 is already in process the request to delete resource 1 from role 0 is already in process request was submitted on universe 2 from 3 to continue please choose an accountable user to 0 role the request to delete role 1 from user 0 is already in process request was submitted on universe 2 from 3 user password not found try wicket wicket as the user name password combination 0 failed the value 0 is not allowed in 1 the command id 0 was not found the command id 0 is not enabled fail to save attachment please fill the field name the filter 0 has a syntax error 1 the user does not exist fail to revoke ticket 0 missing job tickets 1 fail to revoke ticket 0 with job t
138. een minimum and maximum numbervalidator minimum errcode app004 input is smaller than the minimum of minimum numbervalidator maximum errcode app005 input is larger than the maximum of maximum numbervalidator positive errcode app006 input must be positive numbervalidator negative errcode app007 input must be negative stringvalidator range errcode app008 input is not between minimum and maximum characters long Chapter 17 Troubleshooting 265 Error Messages Field stringvalidator minimum errcode stringvalidator maximum errcode stringvalidator exact errcode datevalidator range errcode datevalidator minimum errcode datevalidator maximum errcode patternvalidator errcode emailaddressvalidator errcode creditcardvalidator errcode urlvalidator errcode equalinputvalidator errcode equalpasswordinputvalidator errcode user count roles alert description errcode user count resources alert description errcode role count users alert description errcode role count children alert description errcode role count resources alert description errcode resource count users alert description errcode resource count roles alert description errcode campaignchoicesvalidator errcode configurationname required errcode campaignname required errcode 266 Portal User Guide Code app009 app010 appO11 app012 app013 app014 app015 app016 app017 app018 app019 app020
139. een 207 Specific Entity DrOWSEM x xc ave te ein oe eee ev ek es Ae Se a ee ae wv a ae ee ee e 208 WY SERS BOWS SI meea e AEE E retain co sansa at oa a coten sm eataven atin EE E ET E E aS 209 Roles BrOWSECF 2445554954455 4545 A9SSS9AGSSSAE GAGS SEGRE IG ASSESS GAGASEPAG SEALE TAGASEGAS IAG 209 Resource BrOWSER sx haan a wake a a e nce aes a eo a a a Maer eee ae aoa a esos 209 Chapter 14 How to Generate Reports 211 PRE OIC DV CS gcse sce cscs ses ceded E cao wanna eos nce Sm EG vce Re etem E E e E E E E E E ES 212 Parameters and Filters for Report Generation 0 0 cece cece cnet eee een eee 213 Display ar Reports Index T 216 Change Report Parameters e ccc ccc cee eee eee nen eee eee n eee e teen eeneee 216 Export a Report to aFiles n i acccanaadansansea san E EEEE AEE EEEE EEK E AERO EE IEEE IEEE EEA ENEE aad 216 Printa Repo TTT 217 Chapter 15 Using Administration Functions 219 Adding Campaigns lt 09 seeriana A R R ARA E R A Riot 219 Privileges to Certify Options s lt K 6 6 sorisa ss ENEE EASTEN EAE RRR RRR ERER REEERE 226 Audit Ok Vita e nen eet aR ee Ne 226 Start Approval Process from DNA 0 ccc ccc nnne rnrn nnne eraran eee eee e teenies 228 Setting a UNIVGUSC a etree eet eee sed eee see RR ae eee mee eed wee eee oy 228 The Universe Settings Table ccc ence eee etn eee e teens 229 Creating a NeW URIVERS CSc cece etc eter tent areca EEE EEE EEEE ele etn ele te lee 230 Editing a Universe
140. elect the role s accountable the role managers approver ticket and the set of subtrees generated for each request listed in the original Requests table Update Role Parent ticket When a request is made to update a role definition this ticket is the main parent ticket Below it you will find the role managers approver ticket and the set of subtrees generated for each request listed in the original Requests table Request Parent Ticket This ticket is of the same type as the Approver tickets associated with it This ticket belongs to the Role manager This node is the parent of the actual approval process Approver tickets that are sent to the Approvers The number of sub trees of this type present in an approval process tree depends on the number of Self Service requests being processed Approver Tickets As role definition task tickets are generated in stages the CA RCM Portal generates on Role Approver ticket for the role manager and a set of sub trees one per request comprising a Request Parent ticket belonging to the Role manager and an Approver ticket that is sent to the user resource or role hierarchal manager The tickets generated belong to one of the following ticket types Link User Role Link Role Resource or Link Role Role Generated when adding a link to specific role Delete Link User Role Delete Link Role Resource or Delete Link Role Role Generated when making a request to sever a specific link to the role Add
141. ent set of tickets is generated The system threshold is set in the CA RCM properties file and is governed by the property filter Approvals configuration updateRole minimumLinks 4 The ticket tree in this case is constructed as follows Stage 1 Ticket Description 0 Approval Root ticket This ticket is identical to other Approval Process Approval Root tickets see page 113 2 Self Service Main Request Parent An Update Role parent ticket Ticket Approver Ticket The Role Approver ticket This is an Update Role approver ticket It is sent to the Role manager It contains all the requests to add a link between the new role and other entities For more information see Self Service Request Update Role Approver Ticket see page 204 After the Role manager has approved the enrollment of all the users in the Approver ticket stage 2 begins and a new set of tickets is generated Stage 2 Ticket Description 0 Approval Root ticket This ticket is identical to other Approval Process Approval Root tickets 2 Self Service Main Request Parent An Update Role parent ticket Ticket Approver Ticket Only one An Update Role approver ticket 200 Portal User Guide Update Role Ticket Tree The following sub trees are examples of possible Request sub trees for an Update Role ticket tree G G Ticket Description Approver Ticket This Role Approver ticket has been completed and is now archived Self Service Request Parent A Link U
142. enterprise endpoints You can also use the Import option on the CA RCM Data Management menu bar to import the entity data see Chapter 2 in the CA RCM Data Management Guide The output of the import process is a Sage configuration document cfg file which sets the stage for the role discovery process Step 4 Generating Master Model Configurations More information Running a Connector see page 240 Step 4 Generating Master Model Configurations When you created the Universe you provided the names of two configurations files one was the master configuration file and the other was the model configuration file The master configuration file contains the data imported from the system s endpoints The model configuration file is initially a copy of this data which will be processed and updated as the role modeling and audit processes proceed Use the instructions in Appendix A Duplicating a Configuration see page 275 to generate the master model configuration files using the CA RCM DNA module If necessary edit the Universe so that the listed master model configurations will match the ones you generated After creating editing a Universe you have to enter the users associated with the universe into the CA RCM permisions configuration so that the users will have access to the CA RCM Portal Typically this involves RACI synchronization to assign each user the rights they need on the portal More information CA RCM
143. epend on the campaign type However several columns appear in all types of Main Entity tables Progress Shows the progress made in examining the current entity Violations Records violations based on the Audit Card data Comment Allows you to assign a comment to a specific link Approving a Link Auditing Links The Link Entity table columns are also predetermined They depend on the entity being presented in the specific table However several columns appear in all Link Entity tables Violations Records violations based on the Audit Card data History Presents the history of the link between the main entity and the entity listed in the selected row Comment Allows you to assign a comment to a specific link Once a link is approved and the ticket is saved the audit process for this entity link is over Note You can approve all the links listed in a specific link table at once by clicking the column label Y for that link table To approve a user link 1 Inthe Ticket Properties Form click next to the user you wish to audit The associated Roles and Resources tables appear 2 Click the check box in the v column next to the user s role s and or resource s that you want to approve 3 Click Save The selected links are approved and the relative progress made is reported on the Approver Progress bar Note Replace user in the above procedure with either resource or role for instructions
144. eports parameters overlappingroles OverlappingRolesByResourcesParametersPage lt data gt lt checkPermission gt true lt checkPermission gt lt tag gt lt tag id SuspectedConnectionsUserRes gt lt type gt report lt type gt lt label gt Suspected Connections User Resource lt label gt lt data gt com eurekify web reports parameters suspectedconnections SuspectedConnectionsUserResParametersPage lt dat a gt lt checkPermission gt true lt checkPermission gt lt tag gt lt tag id SuspectedConnectionsUserRole gt lt type gt report lt type gt lt label gt Suspected Connections User Role lt label gt lt data gt com eurekify web reports parameters suspectedconnections SuspectedConnectionsUserRoleParametersPage lt dat a gt lt checkPermission gt true lt checkPermission gt lt tag gt lt tag id PrivilegesStatisticsReportForUsers gt lt type gt report lt type gt lt label gt Privileges Statistics For Users Report lt label gt Appendix B Portal Structure XML 287 Sample Portal Structure XML lt data gt com eurekify web reports parameters universeconfigurationreports PrivilegesStatisticsForUsersParametersPage lt data gt lt checkPermission gt true lt checkPermission gt lt tag gt lt tag id PrivilegesStatisticsReportForRoles gt lt type gt report lt type gt lt label gt Privileges Statistics For Roles Report lt label gt lt data gt com eurekify web reports parameters universeconfigurationreports Pri
145. equested during the Request New Role Definition task The New Role Approver ticket supplies you with all the data you need to make the decision whether to approve or reject the Role definition request The Approver ticket also provides you with the required functionality to assist you in the process More information Reject see page 123 Approve see page 123 New Role Approver Tickets General Functions see page 198 New Role Approver Tickets Advanced Functions see page 199 New Role Approver Tickets General Functions 198 Portal User Guide The Self Service provisioning Approver ticket provides the following General functionality Close Closes the ticket Save Saves the changes made to the ticket Delegate Transfers the ticket tree to another manager Escalate Transfers the ticket tree to another manager Consult Allows you to request a consult from one or more managers When you activate this service a View Consult Results button appears in the Advanced functions section of the Ticket Properties Form Approve Approve the Self Service request Reject Reject the Self Service request Add New Role Ticket Tree More information Delegate see page 108 Escalate see page 106 Consult see page 121 Approve see page 123 Reject see page 123 New Role Approver Tickets Advanced Functions The Approver ticket provides the following Advanced functionality Add Comment Manually add a comment to
146. er 1 rejected request to add resource 0 to user 1 failed the request to add resource 1 to user 0 was rejected request was submitted on universe 2 from 3 the request to add resource 1 to user 0 failed request was submitted on universe 2 from 3 request to delete resource 1 from user 0 rejected request to delete resource 1 from user 0 failed the request to delete resource 1 from user 0 was rejected request was submitted on universe 2 from 3 the request to delete resource 1 from user 0 failed request was submitted on universe 2 from 3 request to delete resource 1 from user 0 is already in process the request to delete resource 1 from user 0 is already in process request was submitted on universe 2 from 3 request to add role 0 to role 1 rejected request to add role 0 to role 1 failed the request to add role 0 to role 1 was rejected request was submitted on universe 2 from 3 the request to add role 0 to role 1 failed request was submitted on universe 2 from 3 request to add role 0 to role 1 is Field ile errcode changeapproval child add role role notification description errcode changeapproval child remove role role info title rejected errcode changeapproval child remove role role info title failed errcode changeapproval child remove role role info description rejected errc
147. er manager Consult Allows you to request a consult from one or more managers When you activate this service a View Consult Results button appears in the Advanced functions section of the Ticket Properties Form Approve Approve the Self Service request In this case this leads to the second stage of the Approval Process where the user review Approval Process sub trees are generated and the Approver tickets are sent to the user managers Reject Reject the Self Service request Note It is important to remember that when reviewing a Role Approver ticket you can either accept the request for ALL listed users enrolling all of them or you can reject the request for ALL users More information Escalate see page 106 Delegate see page 108 Approve see page 123 Consult see page 121 Reject see page 123 Chapter 12 Role Definition Tickets 193 Add New Role Ticket Tree Role Approver Tickets Advanced Functions 194 Portal User Guide The Role Approver ticket provides the following Advanced functionality Add Comment Manually add a comment to the ticket Add Attachment Add an attachment or URL to the ticket View Transaction Log The transaction log provides a history of the ticket related actions executed since the creation of the ticket View Parent Opens the current ticket s parent s ticket View Initiators View of list of the users who launched this ticket View Violations View the list of violations View R
148. eral default property filters of the type tms delegate filter To delegate a ticket 1 Click Delegate in the ticket s Ticket Properties Form The Find Delegate Users screen opens 2 Select a name from the list You can use the filter option to reduce the number of records listed in the table 3 Click OK The Executing bar appears The original ticket is archived and its status is set to Delegated A new ticket is generated The ticket appears in the target user s Ticket Queue Info tickets More information Add Comment see page 68 Filtering a Data Table see page 20 CA RCM Properties see page 277 Escalating an Info Ticket This function lets you transfer the info ticket to a more senior manager thus sharing important information Once you have transferred the selected ticket to the new ticket owner the original ticket is archived and will no longer appear in your list of active tickets Only the current ticket owner can escalate a ticket When a ticket is escalated a new ticket is generated with the new owner listed in the Owner field and the manager who escalated the ticket s is listed in the Previous Owner field A comment is generated stating that the ticket has been Escalated to current owner This comment appears in both the old ticket and in the new ticket When viewed in the original ticket owner s Archive screen Ticket Queue Archived tickets the old ticket and the new ticket create a hierarchal
149. erent functionality or purpose This section contains the following topics General Approval Process Ticket Functions see page 105 Advanced Approval Process Ticket Functions see page 110 Approval Process Root Ticket see page 113 Rejected Link Parent Ticket see page 117 Approval Process Approver Tickets See page 120 Approval Process Info Tickets See page 125 General Approval Process Ticket Functions The Ticket Properties Forms for the various Approval Process tickets share many of the same functions The following table provides a summary of all the General functions available for the various Approval Process tickets Ticket Type Functions Approval Root Close Save Delegate Escalate Start campaign owner ticket Process Cancel Process Acknowledge More Details Less Details Delete Link Close Save Delegate Escalate Cancel Entity1 Entity2 Process More Details Less Details Rejected Link Parent ticket Delete Link Close Save Delegate Escalate Consult Entity1 Entity2 Approver Approve Reject More Details Less Details ticket Chapter 9 Approval Process Tickets 105 General Approval Process Ticket Functions Escalate 106 Portal User Guide Besides the Ticket Properties Form General functions the following functions can be found in all of the tickets m Escalate Delegate m More Details Less Details The functions that are unique to the various tickets will be desc
150. ers resource and or role hierarchy entities Utilize the Find Entity filter and the Suggest Entity utility when necessary 2 Click Test Compliance to check your selections for violations 3 Click Submit to submit the new role definition request The Requests screen opens The Requests screen provides both the new role s attributes and links 4 Click Back to amend the data 5 Click Submit to forward the request to generate a new role More information Request New Role Definition Screen see page 164 Filtering a Data Table see page 20 Customizing a Data Table see page 19 Suggesting Entities see page 137 Setting the Number of Records Per Page see page 20 Test Compliance see page 135 Introducing the Requests Table see page 171 Chapter 11 Running Self Service Tasks 169 Updating Role Definitions Updating Role Definitions 170 Portal User Guide The CA RCM Portal allows you to update role attributes and links on the fly When the need arises to update an existing role whether following an audit or in the course of an enterprise s roles and privileges maintenance life cycle you can do so directly and quickly The procedure includes finding the role within a specific universe and then following the procedure described in Defining a New Role though in this case the fields have already been filled the attributes defined and the links listed and your goal is to edit these selections to match y
151. ers for other users only if the Approver s name appears in the manager column of the Universe s Model configuration files for the specific user Users can become approvers for Roles and or Resources only if they are listed in the configuration s RACI presentation under Accountable that is a specific user becomes accountable for a specific entity Therefore if you are listed as an entity manager you will receive Approver tickets when an administrator runs a campaign targeting your entity As an approver your job is to review the links between the entity you are managing and the corresponding entity types The information appears in the CMA ticket as trees of links where the campaign s entity type and the linked entities are presented in a nested arrangement This means that if you are a role manager and you received a CMA ticket as part of a Role campaign you will see lists of roles that can be expanded to show the nested entity links with Users Resources Child Roles and Parent Roles When viewing the CMA in the Ticket Queue you can see how many campaign type entities you have to review by checking the Children column A role manager with 10 listed in the Children column has to audit ten roles and their links to their users resources Child roles and Parent roles within the campaign s configuration files Note The default maximum number of entity trees per page is 10 The certification is complete when you have reviewed all the links l
152. ers the ticket tree to another manager Consult Allows you to request a consult from one or more managers When you activate this service a View Consult Results button appears in the Advanced functions section of the Ticket Properties Form Approve Approve the Self Service request In this case this leads to the second stage of the Approval Process where the user review Approval Process sub trees are generated and the Approver tickets are sent to the user managers Reject Reject the Self Service request Note It is important to remember that when reviewing an Update Role Approver ticket you can either accept the request for ALL listed users enrolling all of them or you can reject the request for ALL users Chapter 12 Role Definition Tickets 205 Update Role Ticket Tree More information Escalate see page 106 Delegate see page 108 Consult see page 121 Approve see page 123 Reject see page 123 Update Role Approver Tickets Advanced Functions 206 Portal User Guide The Approver ticket provides the following Advanced functionality Add Comment Manually add a comment to the ticket Add Attachment Add an attachment or URL to the ticket View Transaction Log The transaction log provides a history of the ticket related actions executed since the creation of the ticket View Parent Opens the current ticket s parent s ticket View Initiators View of list of the users who launched this ticket View Violations
153. ervice multi user request of the type Manage My Team s Roles is generated and the number of users exceeds the CA RCM Portal s threshold an Update Role Approver ticket is generated in the first stage of the Approval Process Once the role manager approves the enrollment of the users listed in the ticket in the role a new set of Approver tickets is generated This second set of sub trees consists of parent child pairs of tickets where the parent ticket is a standard Link User Role Parent ticket and the child ticket is a standard Link User Role Approver ticket The Update Role Approver ticket supplies you with all the data you need to make the decision whether to approve or reject the Self Service provisioning request The Approver ticket also provides you with the required functionality to assist you in the process Update Role Ticket Tree More information Self Service Request New Role Parent Ticket see page 195 Self Service Request New Role Approver Ticket see page 198 Approve see page 123 Reject see page 123 Update Role Approver Tickets General Functions see page 205 Update Role Approver Tickets Advanced Functions see page 206 Update Role Approver Tickets General Functions The Self Service provisioning Approver ticket provides the following General functionality Close Closes the ticket Save Saves the changes made to the ticket Delegate Transfers the ticket tree to another manager Escalate Transf
154. es resource updates or following an audit process The Manage My Team s Resources MMT Resources allows you to manage your team s resources By generating a request to add new resources for either a specific user or a for a group of users By severing the link between selected users and their current resources The resource management utility allows you to manually select a specific target resource but it also provides you with a list of suggested resources and their pattern based behavior thus giving you the information necessary to make an informed choice The screen is divided into four sections General Provides descriptive information concerning the current action Users Your team members Select one or more users for the current action Currently Enrolled Roles The current resources linked to the selected users Other Roles Recommended resources for the selected users The Users and Other Resources sections present customizable tables As the MMT Resources screen allows many options and great flexibility the task s procedures will be broken up by section The fields in the General section m The Users table options and functionality The Currently Enrolled Resources table options and functionality The Other Resources table options and functionality To manage my team s resource assignments click Mange My Team s Resource Assignments on the Self Service menu The Manage My Team s Resources screen opens Mana
155. es linked to the selected user s appear in the Currently Enrolled Resources table A list of resources that are not linked to the currently selected user s appears in the Other Resources table At this point you can choose to m Manage the current enrollment list m Add additional resources to the selected users Do both If you do not want to manage the currently enrolled resources add resources to the selected users More information Customizing a Data Table see page 19 Setting the Number of Records Per Page see page 20 Filtering a Data Table see page 20 Currently Enrolled Resources Table Manage My Roles Screen see page 155 Other Resources Table MMT Resources Screen see page 157 Currently Enrolled Resources Table Manage My Roles Screen This section allows you to manage the current resources enrollment for your selected users The options available to you depend on how many users you have selected for the current action In the case of single user selection click Get Resources and you will receive the list of resources linked to your chosen user In this case the only option available to you in this section is to click the Remove check box next to a resource thereby severing the link between the user and the selected resource If you choose more than one user the Currently Enrolled Resources table will present an additional column Enrollment Chapter 11 Running Self Service Tasks 155
156. esent all the information concerning the specific role that is available in the selected Universe s configuration files L BRLIMSYS Automation amp document management Configurtion Role Name Organization Type Owner Rule Description Reviewer Organization2 Organization3 Create Date Approval Date Expiration Date master_w_emails BRLIMSYS Production Org Role 93872110 Automation amp document management 77371120 Coorporate 16 01 2006 08 31 00 16 04 2006 12 39 00 Approval Status Pre Approved Users Resources Sub Roles Parent Roles RACI Person ID Name Organization Organization Type 94738470 97847110 98662230 German Tom Taskoni Bob Tortia Dan Customize Filter Fifth Ave Branch Silicon Valley Branch Stamford Branch Branches Branches Branches Users Provides a list of all the users linked to this role Resources The Role Card includes separate lists under discrete tabs of the following linked information in table format Provides a list of all the resources linked to this role Sub Roles User Interface Provides a list of sub roles This is a hierarchal link of the type role to role Users who are members of the parent role the current role are automatically members of the sub role listed in this table and therefore provisioned with all the sub role s privileges Parent Role Provides a list of paren
157. et Functions Delegate 108 Portal User Guide This function allows you to transfer the selected a ticket to another user Once you have transferred the selected ticket to the new ticket owner the original ticket is archived and will no longer appear in your list of active tickets Only the current ticket owner can delegate a ticket When a ticket is delegated a new ticket is generated with the new owner listed in the Owner field and the manager who delegated the ticket is listed in the Previous Owner field A comment is generated stating that the campaign has been Delegated to current owner This comment appears in both the old root ticket and in the new root ticket When viewed in the original ticket owner s Archive screen Ticket Queue Archived tickets the old ticket and the new ticket create a hierarchal tree in which the original ticket the Status is set to Delegated is the root ticket and the new ticket is the next node When the delegated ticket is viewed in the Approval Process owner s Ticket Queue when applicable the old ticket and the new ticket create a new sub tree within the original Approval Process tree in which the original ticket Status is set to Delegated is the parent ticket If the ticket that you chose to transfer is a parent ticket having other tickets located below it in the specific Approval Process ticket tree then the complete sub tree will now be listed in the new ticket owner s Ticket Queue If
158. ete a Universe 1 Click Delete next to the Universe you want to edit A confirmation message appears 2 Click Yes to delete the universe Setting Connectors Connectors are defined for specific converters which are service programs necessary for importing and exporting user and user privileges information entities and the links between them from corporate security systems into CA RCM Import Export processes can be performed either from the CA RCM Data Management DM client tool or through the CA RCM Portal User and user privileges information can be imported directly into CA RCM by using the Import option on the CA RCM Data Management DM menu bar see Chapter 2 in the CA RCM Data Management manual This option enables importing Active Directory CSV RACF or SQL files into CA RCM by creating a communications link to the downloading production server CA RCM Sage database files are simple text files However CA RCM converters ensure that imported files will adhere to CA RCM Sage file format rules The DM module provides a number of converters Each converter supports a specific type of data source There are three basic types of data sources Platform specific These converters enable the download upload of information stored in the native security systems on the most common operating systems for example UNIX or SAP Specialty security systems for example RACF This refers to security dedicated software systems located o
159. example you can download user information from a security related endpoint and you can then enrich the data by accessing additional data from a human resources database This data may include for example user addresses which were not available from the primary source of information For further information see Chapter 4 of the CA RCM Data Management User Guide Remote system login password The password is not saved within the system settings Provide it at this point Max duration time seconds Provide an estimate of how long the import process takes This is useful when you know how long it should take and therefore a longer import time indicates that there is a problem You do not have to know exactly how long it takes You can provide an estimate The import process will end when the time specified is over Connector Java Class Select the Java Class that matches the converter you will be using to import the data from the system s endpoints Sbt classes enable the connection between the CA RCM Portal which was written in Java and the CA RCM DNA which is not Workflow process name Select the default import process You can use the bundled Workpoint BPM engine to generate additional workflow processes Setting Connectors Ticket Type Tickets are work items that can be viewed in the Ticket Queue Select the default ticket type Priority Set the priority level The available options are m Low Normal m Rush
160. fore the Approval Processes have been run will prevent any possibility of running an approval process based on this campaign s rejected links To archive a campaign 1 Click Archive in the campaign s Ticket Properties Form to manually archive a campaign A confirmation prompt appears 2 Click Yes The campaign is archived and completely shut down Chapter 7 Running Campaign owner Tickets 87 Campaign Management Functions View Campaign Progress 88 Portal User Guide The progress of the campaign is measured by the number of links that need to be audited by the various campaign approvers and have already been approved or rejected The View Campaign Progress function opens a separate browser window where you can see a listing of all the campaign s approvers and view the progress they have made graphically numerically and in percentages The header of this window contains the following information Title Progress Provides the name of the campaign ticket Universe Provides the name of the universe on which the campaign is being run Configuration Provides the name of the configuration on which the campaign is being run The progress table contains the following columns Approver The Approver ID Name The Approver name Progress A graphical presentation of the amount of progress each Approver has made Completed Shows numerically of links have been audited total of links to be audited for example 0 40 means t
161. g Entity Data see page 36 Chapter 3 Getting Started 31 Introducing Entities and Links Introducing Entities and Links 32 Portal User Guide Throughout this guide we describe entities and links Entity refers to the users roles and resources that are the subject of the security review certification and attestation processes that are run using the CA RCM Portal A link is a connection between two or more entities The CA RCM Portal recognizes three categories of links Direct links An uninterrupted connection between two entities For example a user to resource link Indirect links A non direct connection between two or more entities For example A user is linked to a specific role and the role is linked to a specific resource The link between the user and the resource is an indirect link Dual links Refers to the case when both a direct link and an indirect link exist For example A user is linked directly to a specific resource and at the same time the user is linked to a role that is linked to the same resource Direct links and dual links are examined during the various review processes for example during campaigns or when assigning a role to a specific corporate team Indirect links are listed for the completeness of the information but are not subject to the review process The following is a list of possible direct links between entities user role m user resource m role resource
162. ge 277 tms delegate filter see page 281 tms escalate filter see page 281 tms campaign campaign type reassign filter see page 282 Sample Properties File An example of a CA RCM properties file eurekify portal name CA RCM Portal sleepDelay 2500 sage master configuration CA RCM sage admin login AD1 EAdmin sage admin password eurekify sage batch login AD1 EBatch sage batch password eurekify sage admin role CA RCM Admin Role sage batch role CA RCM Batch Role sage v32 homeDir C Program Files CA RCM CA RCM Sage Client Tools V3 2 Software sage v32 DMFile CA RCMSageDM V32 exe sage v32 DNAFile CA RCMSageDNA V32 exe sage v32 connecters workingDirectory C Program Files CA RCM CA RCM Sage Client Tools V3 2 Software workingDin sage v32 connecters oracleConnectorHomeDir C Program Files CA RCM CA RCM Sage Client Tools V3 2 Software Converters Oracle OlIMConvert sage v32 connecters oraclelmportJarName importFromOIM jar sage v32 connecters oracleExportUarName exportToOIM jar sage v32 connecters BMCConnectorHomeDir C Program Files CA RCM CA RCM Sage Client Tools V3 2 Software Converters BMC BMCConvert sage v32 connecters BMClmportUarName importFromBMC jar sage v32 connecters BMCExportJarName exportToBMC jar Appendix A CA RCM Properties 277 Sample Properties File 278 Portal User Guide sage v32 connecters IBMConnectorHomeDir C Program Files CA RCM CA RCM Sage Client Tools
163. ge My Team s Resources More information Customizing a Data Table see page 19 General Section MMT Resources Screen see page 153 Users Table MMT Resources Screen see page 154 Currently Enrolled Resources Table Manage My Roles Screen see page 155 Other Resources Table MMT Resources Screen see page 157 General Section MMT Resources Screen The General section of the Managing My Team s Resources screen contains the following fields Universe Select the Universe you wish to work with The users table and the available resources depend on the universe Business Area General information descriptive This information will appear in the Description field of the ensuing Self Service Approval Root ticket Business Process General information descriptive This information will appear in the Description field of the ensuing Self Service Approval Root ticket Description Provide a concise and meaningful description of the changes you intend to make to your team s resources Submit Click to submit your request for changes To enter the data in the MMT Resource General section 1 Select a Universe from the drop down list Enter the Business Area for the current action Enter the Business Process associated with the current action oe oy Enter a Description Chapter 11 Running Self Service Tasks 153 Manage My Team s Resources Users Table MMT Resources Screen 154 Portal Use
164. gement IAM of user applications and enterprise role management ERM The large number of systems and applications and the frequent changes at large enterprises has made the management of authorization of employee access to information applications and other resources a very complex task especially given increasing regulatory requirements CA RCM has developed an engine that aims to automatically align a procedure or person s access to his her job at the enterprise For in depth details concerning the CA RCM architecture and technology see the documents CA RCM Data Management User Manual and CA RCM DNA User Manual The CA RCM Portal provides access to identity and access management IAM data that streamlines compliance and regulatory reporting It also improves operational efficiency and provides corporate policy makers with increased clarity as to the enterprise risks The CA RCM Portal provides on the fly access to campaign management ticket management business processes and entity information These features helps customers clean up existing identity data and build a role model with the best available information This model serves as the foundation to automate the user provisioning process and enhances identity life cycle management This section contains the following topics About This Guide see page 13 Audience see page 14 Typical Processes see page 14 Opening the CA RCM Portal see page 16 About This Guide T
165. gn Approvers Gary finds that Allen Sherman is an approver but Allen is on vacation Gary decides to reassign the links in Allen s ticket to another approver G Ticket Properties Form Campaign Manager Approver Ticket Id o7 Owner Allen Sherman Due Date 070672009 00 00 00 Status Pending Action Title User Certification Allen Sherman Initial User Audit Priority Normal Modified Date 03706 2009 14 55 58 State New Severity Medium Date Created 03 06 2009 14 46 12 Previous Owner Description User Certification Allen Sherman Initial User Audit 9 To set all the entities in this ticket press one of vx 1 2 of 2 x v x progress Violations Person ID User Name Organization Organization Type Comment EEM CO 0 11 56 99883110 Bean Frank Purchasing Corporate EEM A Human C l o3 93 86023090 Sterling Kent a Corporate Approver Progress E 0 14 0 BS Save and Reassign Hide Selected Save Close 40 Portal User Guide Running a Campaign A Case Study Allen has two users listed in his ticket He selects the Reassign gt check box located next to both users and clicks Save and Reassign The Find Reassign Users screen opens A a Role amp Compliance Manager Find Approver for reassignment Where Organization z contains Silicon Valley Branch and Where Choose Field x contains and Where Choose Field z con
166. gt lt data gt SAGE_SERVICE_URL tms ui credential filter DEFAULT lt data gt lt checkPermission gt false lt checkPermission gt lt tag gt lt tag id NewTickets gt lt type gt external lt type gt lt label gt New Tickets lt label gt lt data gt SAGE_SERVICE_URL tms ui credential filter STATE_NEW lt data gt lt checkPermission gt false lt checkPermission gt lt tag gt lt tag id overDue gt lt type gt external lt type gt lt label gt Over Due lt label gt lt data gt SAGE_SERVICE_URL tms ui credential filter OVER_DUE lt data gt lt checkPermission gt false lt checkPermission gt lt tag gt lt tag id approverTickets gt lt type gt external lt type gt lt label gt Approver Tickets lt label gt lt data gt SAGE_SERVICE_URL tms ui credential filter APPROVER_TICKET lt data gt lt checkPermission gt false lt checkPermission gt lt tag gt lt tag id campaignTickets gt lt type gt external lt type gt lt label gt Campaign Tickets lt label gt lt data gt SAGE_SERVICE_URL tms ui credential filter CAMPAIGN_TICKETS lt data gt lt checkPermission gt false lt checkPermission gt lt tag gt lt tag id archivedTickets gt lt type gt external lt type gt lt label gt Archived Tickets lt label gt lt data gt SAGE_SERVICE_URL tms ui credential filter STATE_ARCHIVED lt data gt 284 Portal User Guide lt checkPermission gt false lt checkPermission gt lt tag gt lt tag
167. h the option of moving the campaign from the main ticket table to the archive Start Approval Processes As the campaign progresses not all the links are approved The rejected links have to be sent through a secondary approval process View Campaign Progress Opens a separate browser window where you can view the campaign progress for each individual approver Send Reminder Lets you send email reminders to approvers whose performance is not acceptable under the campaign s deadline More information Approval Process Tickets see page 103 Campaign Management Functions Running the Campaign Start Campaign This section examines the management functions Start Campaign Stop Campaign m Restart Campaign Start Approval Processes m Archive Once you have added a campaign to the system and the campaign ticket has been generated it resides in your Ticket Queue Until you as the campaign owner start the campaign none of the approvers assigned to this campaign will be able to view their Approver tickets and the approval process will not begin Starting the campaign creates the following changes Field Before Start Campaign State Campaign owner New Open Open ticket Status Campaign owner Pending Action In Progress ticket Approver tickets Hidden from Visible to approvers approvers Click Start Campaign in the campaign s Ticket Properties Form to get the campaign going All the campaign s Approve
168. han jo of work finished by p or less days before due date send email from email template ApproverDefault to approver z x 3 If less than fo of work finished by S or less days before due date send email from email template ApproverDefault to approver z Load Save Send Now Cancel Gary configures the completion thresholds and email texts that he wishes to send to approvers at various stages of the campaign Chapter 4 Showcasing the CA RCM Portal 47 Running a Campaign A Case Study Starting the Approval Process 48 Portal User Guide When all the approvers have approved or rejected the links assigned to them or when the campaign is manually ended Gary can start the Approval Process The Approval Process reviews the links rejected during the campaign While the initial campaign focused on one entity user role or resource in the Approval Process administrators responsible for each end of the link must review and approve the change For example if a user role link is rejected then the relevant user manager and the relevant role manager will receive tickets as part of the Approval Process Only if both managers agree to reject the link will the link be severed within the role hierachy s configuration files To start the Approval Process Gary clicks Start Approval Process in his campaign owner ticket The CA RCM Portal generates the Approval Process tickets and sends
169. hat none of the 40 links to be audited have been approved rejected or reassigned This table also provides the value as a percentage For example 1 3 33 When available you can control the number of records listed per page using the Records per page function at the bottom of the table Send Reminder Campaign Ticket Advanced Functions The Send Reminder feature allows the campaign owner to remind the campaign Approvers that they have to meet the campaign goals in a timely fashion The Send Reminder screen contains one field Send reminder when progress is with three options Equal to 0 m Less than 50 Less than 100 The send reminder process generates a comment that appears in your Campaign owner ticket in the Comments table To send reminders to campaign Approvers 1 Click Send Reminder in the Ticket Properties Form The Send Reminder screen opens as a separate browser window 2 Select the target for the email messages 3 Click Send Mail You can view the comment containing the mail summary that is attached to the campaign ticket Campaign Ticket Advanced Functions The Advanced button located at the bottom of the Ticket Properties Form provides you with the following functions Add Comment m Add Attachment m View Transaction Log m View Children Click Advanced to access the advanced campaign ticket functions More information Add Comment see page 68 Add Attachment see page 69 View Transaction Log
170. he Ticket Queue see page 53 Creating a New Export Connector 238 Portal User Guide Connectors utilize the CA RCM Sage converters to export data to the system s endpoints You will need to know which converter you intend to use and the name and location of the settings xml file and the mapping xml file for this converter For further information see the CA RCM Data Management User Guide Export client name Provide a name for the export connector Description Provide a description of the export connector its use timing etc Universe Provide the name of the universe to be associated with this connector The uploaded data will be based on the universe s master model configuration files Settings XML file Create this file in the DM module It is usually located in the directory lt CA RCM Sage Home Directory gt lt Converter Directory gt For further information see the CA RCM Data Management User Guide Mapping XML file Create this file in the DM module It is usually located in the directory lt CA RCM Sage Home Directory gt lt Converter Directory gt For further information see the CA RCM Data Management User Guide Setting Connectors Remote system login password The password is not saved within the system settings Provide it at this point Max duration time seconds Provide an estimate of how long the export process takes This is useful when you know how long it should take and therefore a longer export
171. he changes requested by the Self Service manager Approval Processes that include adding links between a role and other entities will generate a Role Approver ticket This ticket summarizes all the requests that are concerned with adding links between your role and other entities Only if you approve the requests will the CA RCM Portal generate the Entity Approver tickets for theses requests The reason for this is that the system approves only requests regarding links that have been approved by the managers of both of the linked entities Therefore if you do not approve the request to add links the system considers the request to be denied Role Definition Approval Root Ticket In the case of a Role Update request if the requests included only removing links or they encompassed both adding and removing links the tickets generated by the request to remove links will still be generated As an approver you are tasked with making the decision whether to approve the request to add sever a link or not To aid you in the decision making process you have the ability to consult with other managers Important As several complex procedures are documented in this chapter it is important to remember that every ticket has a unique ticket ID number that can be used to differentiate between tickets of the same type that deal with the same issue but have different functionality or purpose This section contains the following topics Role Definition App
172. he current user The equivalent in the CA RCM DNA In Out of Pattern Propose new roles for users by Human Resources Privileges Pattern A generalized form of Matching Rights The CA RCM looks at the current user s resources and compares them to the resources that other users have and based on a pre determined level of pattern matching suggests to add some of the roles that the other users have to the current user The equivalent in the CA RCM DNA In Out of Pattern Propose new roles for users by Privileges Matching Rule The CA RCM looks at the role s rule and finds the users that match the rule but are not linked to the role and suggests adding those users to the role The equivalent in the CA RCM DNA In Out of Pattern Identify users matching rule based roles For more information see the CA RCM DNA User Guide In Out of Pattern Entities When you request suggestions for more than one user the table lists the number of users that match out of the number of selected users matching selected Click Suggest Entity to activate this service as part of a provisioning task The table in which it is located changes and contains following columns Service Added Columns Suggest Roles Four pattern columns plus a Details column Suggest For Provisioning task screens Resources Two pattern columns plus a Details column m For Role Definition task screens The Enrolled column General Self Service Functions
173. his button to add the new job to the list of existing jobs Chapter 15 Using Administration Functions 243 Job Scheduling The Jobs Table 244 Portal User Guide To schedule a new job import export event 1 On the Administration menu click Job Scheduler The Job Scheduling screen opens Enter a Job Name in the text box Select a Connector from the drop down list Enter a Start Date You can select a date using the pop up calendar Set the exact hour and minute when the job should begin Enter the number of hours before the job is repeated Click Add BO heaps i S The new job is added to the Jobs table The Jobs table lists all the jobs that have been entered into the system The table contains the following fields Job Name The name of the job Description A description of what it does export import Job Class Lists the connector s Java Class Start Time Provides the date and time on which the job will begin Previous Execution When a job is repeated the previous date and time is listed here Next Execution The date and time when the job is scheduled to be repeated Delete Allows you to delete the job when you don t want it to run anymore The Transaction Log The Transaction Log The CA RCM Transaction Log TxLog provides detailed information concerning all the actions taken within the system The entries are listed by date When you first open the Transaction Log page the table is empty and you
174. his guide describes CA RCM Portal operation and options Chapter 1 Introduction 13 Audience Audience This guide is intended for Role Engineers system administrators and organizational managers who are in charge of granting and certifying entitlements Role Engineers are typically well trained professionals familiar with the target organization This manual assumes that the Role Engineer has had professional training on CA RCM client tools and is familiar with the CA RCM documentation that accompanied the client tools installation package System administrators should be familiar with the CA RCM software downloading and uploading of users and resources databases role discovery and audit operations This guide is also intended for general administrators and organizational managers who are in charge of various processes and therefore have to access the portal in the course of their daily activities Other users will have limited access to the CA RCM Portal s options Familiarity with the Microsoft operating system and applications and relevant peripheral and remote equipment is also assumed More information About Security amp Permissions see page 257 Typical Processes The CA RCM Portal provides access to both information and processes necessary for system wide role management compliance management certification campaigns and relevant security management oversight The following are the main CA RCM Portal processes
175. his report opens with current settings displayed Change any parameter settings you wish and click OK The same report is generated using the new settings Note The previous version of the report is overwritten To save the older version print or export it before you regenerate the report with new parameters Export a Report to a File 216 Portal User Guide You can save reports in several common formats This allows you to share them with others and include them in other documents To export a report to a file 1 Click on the left side of the window The Export Report dialog appears Select the document format output range and sizing options Click OK A prompt appears when the document is generated Do one of the following a Choose Save to save the file m Choose Open to view the file Print a Report Print a Report You can send reports to a printer to share or archive information or to simplify review of longer format reports To print a report 1 Click E on the left side of the report window The Print Report dialog appears 2 Choose an output format and print range and click OK A print preview appears in a new browser window 3 Configure printer settings and print Chapter 14 How to Generate Reports 217 Chapter 15 Using Administration Functions The administration menu provides a number of important processes that can be run only by administrators with the appropriate permissions T
176. his section contains the following topics Adding Campaigns see page 219 Start Approval Process from DNA see page 228 Setting a Universe see page 228 Setting Connectors see page 233 Job Scheduling see page 243 The Transaction Log see page 245 Cache Manipulation see page 246 Properties Settings see page 247 CA RCM Configuration Settings see page 252 RACI Operations see page 253 TMS Administration see page 255 System Checkup see page 255 Adding Campaigns Campaigns utilize CA RCM s basic auditing tools to run an enterprise wide certification and attestation process with the aid of designated approvers The purpose of the campaign is to certify that granted privileges comply with the business and regulatory needs and that they are not over allocated This process is supported by the CA RCM Audit Card facility which allows the presentation of out of pattern and non compliance information to the approver A campaign runs a general corporate auditing process to determine the measure of the corporate compliance with various regulatory requirements on one hand and with internal policies on the other The campaign parameters are set by the administrator running the campaign This administrator also known as the campaign owner determines the universe on which the auditing process will be run which policies will be examined and several other aspects of the campaign The campaign d
177. ickets 1 there are 2 activity tickets outside the ticket tree Field error command linkcommands errcode error command startjobcommand errcode error command startjobcommand checkjobticke texists errcode error workflow connection errcode error service createconsulttickets errcode error service createconsulttickets2 errcode error service createconsulttickets3 errcode error service validatevalue errcode error command saveticket optimisticlockexcepti on errcode error validate valuelength errcode error validate date errcode error batchtask errcode error batchtask startjob errcode error update ticket errcode error campaignnamenotfound errcode page recordnotfound message errcode page internalerror infol errcode page internalerror info2 errcode page expirederror infol errcode page expirederror info2 errcode error workpoint dbconnection errcode text dialogs runfailed errcode Code tms01i1 tms012 tms013 tms014 tms015 tms016 tms017 tms018 tms019 tms020 tms021 tms022 tms023 tms024 tms025 tms026 tms027 tms028 tms029 tms030 tms031 txd001 Error Messages Description fail to create commands 0 1 fail to start job for ticket 0 ticket has already reference for job 1 fail to commit activity checkjobticketexists in job 1 of ticket 0 check tms port in workpoint wftms web service fail to connect to workpoint url 0 info 1 no ticket parent fa
178. ign screen is divided into three sections Settings Provides the campaign s unique settings Permissions Provides the ability to override the currently allocated permissions for the purposes of the campaign only General Contains the Create the Campaign button and the option to continue working while the campaign ticket is generated in the background Adding Campaigns The Certification Campaign screen contains the following fields Settings This section of the screen sets the campaign details Campaign Name Provide a unique and meaningful name Owner This field is auto completed by the CA RCM Portal Description Provide a concise and meaningful description of the campaign Due Date The date by which all the campaign processes must be completed Universe Choose a universe from the list Selecting a universe determines the available configurations Configuration Choose a configuration from the list of configurations associated with the selected Universe Audit Card Optional Choose an audit card from the list The default is None If the configuration has an Audit Card with results of out of pattern and or compliance checks select it and CA RCM will apply it when generating the campaign tickets This will cause violations contained in the Audit Card to be displayed to the approvers in red Chapter 15 Using Administration Functions 221 Adding Campaigns Campaign Type Choose a campaign type from the list
179. il to find consulting users 0 fail to create consulting tickets 0 fail to update field 0 with value 1 in ticket type 2 the ticket was updated by another user please reopen ticket validation fail for value 0 cannot be longer then 1 fail to parse date 0 6 fail to run batch actionname action 0 of job 2 failed retry count 1 cannot update the ticket id campaign 0 not found 0 was not found in 1 an error has occurred for more information please view the log file null your session has expired please login again null workpoint database connection is closed failed to run 0 please watch log files Chapter 17 Troubleshooting 273 Error Messages Field text dialogs runfailed errcode settings strings universe masterequalmodel err code settings strings universes errors missingname errcode settings strings universes errors missingdescrip tion errcode settings strings universes errors namealreadyex ist errcode settings strings universes errors missingmaster errcode settings strings universes errors missingmodel errcode settings strings universes errors missingauditse ttingsfile errcode settings strings universes errors masterisnotrea donly errcode settings strings universes errors masterhaspare nt errcode settings strings universes errors masternotlogg ed errcode settings strings universes errors modelisnotrea do
180. ile 0 was unable to find the enrichment file 0 Chapter 17 Troubleshooting 267 Error Messages Field settings strings ie errors missingpassword errco de settings strings ie errors missingmaxduration er rcode settings strings ie errors errorparsingmaxdurati on errcode settings strings ie errors missingconnectorclient class errcode settings strings ie errors missingworkflowproces s errcode settings strings ie errors missingtickettype errc ode dashboard compliance error noname errcode dashboard compliance error multiname errcode dashboard compliance error nocard errcode dashboard compliance error multicard errcode dashboard compliance error nobpralerts errcod e entity emptylist errcode mail builder createticket sage errticket subject errcode mail builder createticket sage errticket body err code properties errormsg propertyalreadyexists errco de properties errormsg unencryptedpropertyalread y exists errcode properties errormsg contcreateemptyproperty e rrcode loginpage userauthentication failed errcode loginpage connecttoauthenticationservice failed errcode loginpage userauthentication failed sageadmin errcode 268 Portal User Guide Code cst008 cst009 cst010 cst011 cst012 cst013 dbc001 dbc002 dbc003 dbc004 dbc005 eml001 mal001 mal002 prp001 prp002 prp003 prt006 prt007 prt008 Description missing password field missing maxdura
181. ility necessary to aid in completing the work I Informed who must be notified of results but does not need to be consulted The CA RCM Portal uses RACI for various purposes Its main use is for the purpose of identifying entity managers Approvers It is important that every model configuration that you wish to audit be run through the RACI generator so that the Approvers will be listed correctly The RACI utility takes the data in the fields you identified when you defined the Universe as manager fields and tags them as the system s Accountables The user manager data is taken from the configuration file s user database udb While any user can be accountable for multiple entities each entity has only a single person accountable for it Note Run the RACI utility before running a campaign otherwise the system won t have users identified as entity Accountables and won t be able to send the Approver tickets to the correct entity managers If you didn t run RACI you will either receive an error message or all the entities will be listed with the campaign owner for approval Note Update the CA RCM user database before generating RACI for the universe Once a Universe is created it is necessary to create its RACI configurations The RACI configurations control the assignments of certification attestation or approval tasks to their respective Accountable person There are four RACI configurations one for each of R A C I CA RCM
182. ill use the updated data To load a specific configuration into the CA RCM Server s memory cache 1 On the Administration menu click Clear Cache The Clear Cache screen opens 2 Click Clear Caches to clear the CA RCM Server s memory cache Properties Settings The Properties Settings utility gives you access to the system property file CA RCM properties allowing you to create new property keys and access and edit the values of existing property keys For ease of use properties that are considered to be common properties such as of the type properties headers commonProperties are listed separately under the Settings sub menu as Common Properties Settings This utility functions in the same way as the general Properties Settings utility Chapter 15 Using Administration Functions 247 Properties Settings The Properties table contains the following columns Type The name of the associated property file Property Key The name of the property key Property Value The value assigned to the property key The CA RCM Properties page provides the following functions Create New Use to create new Property Keys Edit Use to edit existing Property Keys Apply Filter Use to filter the properties list Records per page Select the number of records that will appear in the table When creating a new key or editing a new one the data is not saved directly to the eurekify properties file Instead the updated property key value is saved t
183. imited to viewing your personal roles and resources and to handling the resources under your purview The Ticket Queue allows access to Approver tickets that were allocated to you as a resource manager Access to all other items via the menu bar would depend on your assigned permissions One of the advantages the CA RCM Portal gives its corporate users is that even individual users with very limited permissions can still see tickets that are relevant to them For example a non manager whose roles or resource access has been changed can view tickets informing him her of these changes in his her personal Ticket Queue The following shows an example of a menu bar for a user with very limited permissions More information About Security amp Permissions see page 257 Chapter 3 Getting Started This chapter describes the order of procedures to be carried out when running the CA RCM Portal on a system whose user role and resource data has not yet been downloaded by the CA RCM system The step by step details for each step in the procedures mentioned here are described in later chapters This section contains the following topics Introducing Entities and Links see page 32 Step 1 Creating a Universe see page 33 Step 2 Creating Import Connectors see page 34 Step 3 Importing Entity Data see page 34 Step 4 Generating Master Model Configurations see page 35 Step 5 Creating a Campaign see page 35 Step 6 Exportin
184. in your list of active tickets When a campaign is delegated a new root ticket is generated with the new owner listed in the Owner field and the administrator who delegated the campaign is listed in the Previous Owner field A comment is generated stating that the campaign has been Delegated to current owner This comment appears in both the old root ticket and in the new root ticket L The new root appears as the top level in the new owner s campaign ticket and as the second level in the previous owner s archived campaign ticket To delegate a campaign you have to select a user from the list of appropriate users The Find Delegate Users window is divided into two sections The filter Located in the window s header The filter lets you narrow down the list of proposed approvers The proposed users This table presents a pre filtered list of users who can receive the delegated approval task s This list can be filtered to aid in finding a specific user The names listed in the proposed approvers list are governed by several default property filters of the type tms delegate filter To delegate an campaign 1 Click Delegate in the Campaign Ticket s Properties Form The Find Delegate Users screen opens 2 Select a name from the list You can use the filter option to reduce the number of records listed in the table 3 Click OK The Executing bar appears The campaign is archived and its status is set to Delegate
185. ion have been returned to CA or destroyed EXCEPT AS OTHERWISE STATED IN THE APPLICABLE LICENSE AGREEMENT TO THE EXTENT PERMITTED BY APPLICABLE LAW CA PROVIDES THIS DOCUMENTATION AS IS WITHOUT WARRANTY OF ANY KIND INCLUDING WITHOUT LIMITATION ANY IMPLIED WARRANTIES OF MERCHANTABILITY FITNESS FOR A PARTICULAR PURPOSE OR NONINFRINGEMENT IN NO EVENT WILL CA BE LIABLE TO THE END USER OR ANY THIRD PARTY FOR ANY LOSS OR DAMAGE DIRECT OR INDIRECT FROM THE USE OF THIS DOCUMENTATION INCLUDING WITHOUT LIMITATION LOST PROFITS BUSINESS INTERRUPTION GOODWILL OR LOST DATA EVEN IF CA IS EXPRESSLY ADVISED OF SUCH LOSS OR DAMAGE The use of any product referenced in the Documentation is governed by the end user s applicable license agreement The manufacturer of this Documentation is CA Provided with Restricted Rights Use duplication or disclosure by the United States Government is subject to the restrictions set forth in FAR Sections 12 212 52 227 14 and 52 227 19 c 1 2 and DFARS Section 252 227 7014 b 3 as applicable or their successors All trademarks trade names service marks and logos referenced herein belong to their respective companies Copyright 2009 CA All rights reserved Contact CA Contact Technical Support For your convenience CA provides one site where you can access the information you need for your Home Office Small Business and Enterprise CA products At http ca com support you can acce
186. ipatory role types Although some companies and organizations do allow for example double participatory types this generally implies that the roles have not yet been truly resolved and so impedes the value of the RACI approach in clarifying each role on each task For further information on RACI see http www pmforum org library tips pdf_files RACI_R_Web3_1 pdf This type of link represents a hierarchal relationship Users who are members of a parent role are automatically members of the sub role and therefore provisioned with all the sub roles privileges Tickets are work items that can be viewed in the Ticket Queue They can be work related or informational and or hierarchal or provide a plain notification concerning a process A term used to denote a unique Master configuration Model configuration pair A violation is a breach of corporate security policies guidelines BPRs and or regulations CA RCM identifies such infractions and lists them in Audit Cards where relevant While using the CA RCM Portal you will come across Violations columns where relevant The number listed in such columns provides the number of violations associated with the specific row in the table Campaigns and approval processes are guided by a workflow a collection of instructions that guide the application logic The workflow is generated by Workpoint which is a Business Processes Management BPM workflow design engine Glossary 299 300 Portal U
187. irects the auditing process setting it to either basic role based auditing or policy compliance auditing By determining the campaign universe the administrator who is the campaign owner determines which configuration files will be audited Chapter 15 Using Administration Functions 219 Adding Campaigns 220 Portal User Guide The campaign owner is responsible for creating the campaign and must generate or verify the existence of The Universe in which the campaign will run The RACI permissions for this Universe The campaign analyzes the user information in the context of the links between the users roles and resources defined for the corporation A campaign can focus on the links from the various viewpoints creating User Campaigns which focus on the users and their links or Role Campaigns which focuses on the roles and their links or Resource Campaign which focuses on the corporate resources and their links Each campaign is defined for a specific viewpoint A campaign is completed either when all the approvers have approved rejected the items they manage or when the campaign owner decides to arbitrarily stop the campaign The default workflow entails first running a campaign and collating all the rejected links and only afterwards are those links actually reviewed and either they are rejected severed or they are approved in spite of the problem that caused them to be rejected during the campaign The Certification Campa
188. is information appears in the Description field of the ensuing Self Service Approval Root ticket Request Description Provide a concise and meaningful description of the new role and its purpose The role definitions area includes the following fields Role Name The name of the new role concise and descriptive Description Describe the new role Owner Provide the owner ID You can use the Find function to open the Find User filter Type Provide the role type use autocomplete Organization Provide the name of the main organization use autocomplete Organization 2 Provide the name of the secondary organization use autocomplete Organization 3 Provide the name of the tertiary organization use autocomplete Rule Optional Provide a rule for the new Role You can use the Add Rule function to construct a rule Chapter 11 Running Self Service Tasks 165 Defining a New Role To define a new role first screen 1 Or SNE SON Ol ae 10 11 12 13 14 15 Click Request a New Role Definition on the Self Service menu The Request New Role Definition screen opens Select a Universe from the drop down list The newly defined role is associated with the configuration belonging to this universe The users and resources to be linked with this role is taken from this universe s configuration Enter the Business Area for the current action Enter the Business Process associated with the current action Ente
189. is that the Suggest Entity service is based on analytical pattern based technology while the Test Compliance utility examines the rules written by the system s administrators rules that may or may not override the findings of the analytical pattern based examination of the corporation s configuration files For example the system may find that under certain conditions a specific application role is recommended for a group of users and yet the Test Compliance utility will record this as a violation because the application is licensed and there are no free licenses available at this time More information Test Compliance see page 135 Suggesting Entities see page 137 During a Self Service provisioning task you can select to link users to roles and or resources In other screens you can assign users and resources to specific roles You also have the ability to remove links between various entities during Self Service tasks After making your selection s you can test the compliance of your selections with the existing BPRs security regulations and policies Note For more information on violations stemming from non compliance and other security issues see the CA RCM DNA User Guide The Violations screen lists only those records that have a violation associated with them If there are no violations the screen will have no records listed Chapter 11 Running Self Service Tasks 135 General Self Service Functions 136 Portal U
190. isted in the ticket and either approved rejected or reassigned when relevant them The campaign owner can view all the CMAs as branches located under the campaign s owner ticket Other users can only view their own CMAs Note The campaign owner can stop a campaign whenever he chooses to do so If he does the Campaign Manager Approver tickets will be hidden from the Approvers Chapter 8 Campaign Approver Tickets 93 CMA Ticket Properties Form Approver CMA tickets contain two types of operations m Link related actions Ticket related actions Ticket related actions that are shared by all ticket Ticket related actions unique to specific types of tickets are described in the relevant sections This section contains the following topics CMA Ticket Properties Form see page 94 Auditing Links see page 95 General CMA Ticket Functions see page 101 Advanced CMA Ticket Functions see page 102 CMA Ticket Properties Form 94 Portal User Guide As an approver your goal is to examine the links listed within your CMA ticket and approve reject or reassign them by the campaign s due date As you review progresses after every time you save your selections you can see your progress on the Approver Progress bar Your progress is also listed as number of links approved total of links to approve so that if you have a total of six links to approve and you have already approved two links you will see 2 6 in
191. ities have links that have not been reviewed It is important to realize that the function only hides main entities that have been fully audited Entities whose link tables have only been partially audited will be visible IWhen the Hide Selected option is active the function menu bar changes and replaces the Hide Selected button with a Show All button Chapter 8 Campaign Approver Tickets 101 Advanced CMA Ticket Functions Advanced CMaA Ticket Functions View Initiators 102 Portal User Guide The Campaign Manager Approver ticket provides the following advanced functions at the bottom of the CMA s Ticket Properties From More information Add Comment see page 68 Add Attachment see page 69 View Transaction Log see page 69 View Initiators see page 102 The View Initiators button opens the View Initiators list in a separate browser window This list in table format provides the list of users that generated this Campaign Manager Approver ticket Usually you can find here the name of the campaign owner When a campaign has been delegated or escalated you can view the list of users who received ownership of the campaign The information provided by the View Initiators table is based on the campaign s configuration files To view the campaign s initiator list 1 Click Advanced at the bottom of the Ticket Properties Form 2 Click View Initiators The View Initiators table appears in a separate browser window
192. ives an info ticket and under what conditions Approval Process Owner When an approval process has been completed Approver When an approval process has been completed As each approval process is submitted to two approvers two such tickets are generated User The user whose provisioning has been altered by the approval process is notified Role Resource manage The manager of the role resource that has been updated is informed of the change s As the ticket that was the origin of the modification of the universe s configuration can be of various types the list of users can be longer or shorter depending on whether one user has more than one role a user is both the Approval Process owner and the user affected by the change or if the ticket was delegated escalated during the process Info tickets General Info Ticket Functionality Info tickets provide you with the following General functionality Close Closes the ticket Save Saves the changes made to the ticket Delegate When you want to share the info ticket s information you can transfer the ticket to another manager Escalate When you want to share the info ticket s information you can transfer the ticket to another manager Acknowledge Click after reading the information provided by the info ticket The info ticket is archived More information Delegate see page 108 Escalate see page 106 Chapter 6 Tickets and the Ticket Queue 71 Info ti
193. jected Link Parent ticket is a management ticket generated by the CA RCM portal for every rejected link that has to be reviewed during an Approval Process procedure While the Approval Root ticket controls the lifecycle of the whole tree the Rejected Link Parent ticket controls the lifecycle of the individual link under its purview In this section you will find information specific to the Rejected Link Parent ticket It is important to remember that Approval Process tickets are based on specific campaigns lt Ticket Title gt Delete Link Entity1 Entity2 For example Delete Link User Resource Title Request to remove Entity1 to Entity2 association Entity1 Entity1 name Entity2 Entity2 name For example Request to remove user to resource association resource UGMPMRK RACFPROD RACF22 Production RACF user Garr Jim 77371120 Description A description of the ticket It includes the details of the request Request was submitted on Universe Universe name from Campaign Title For example Request to remove user to resource association resource UGMPMRK RACFPROD RACF22 Production RACF user Garr Jim 77371120 Request was submitted on Universe Portal from User Review Use this ticket s functionality when you wish to transfer the specific link s sub tree to the management of another user or to cancel this specific review You can use the options in the ticket s Advanced section to access additional informa
194. le Approver ticket is generated This Approver ticket is sent to the new role s manager It contains a table listing all the links that were requested during the Request New Role Definition task Once the role manager approves the link requests listed in this ticket stage three of the Add New Role Approval Process begins and a new set of Approver tickets is generated This includes one sub tree for every requested link that consists of parent child pairs of tickets where the parent ticket is a standard Link Entity Role Parent ticket and the child ticket is a standard Link Entity Role Approver ticket The Role Approver ticket supplies you with all the data you need to make the decision whether to approve or reject the request The Role Approver ticket also provides you with the required functionality to assist you in the process More information Self Service Request New Role Parent Ticket see page 195 Self Service Request New Role Approver Ticket see page 198 Approve see page 123 Reject see page 123 Role Approver Tickets General Functions see page 193 Role Approver Tickets Advanced Functions see page 194 Add New Role Ticket Tree Role Approver Tickets General Functions The Role Approver ticket provides the following General functionality Close Closes the ticket Save Saves the changes made to the ticket Delegate Transfers the ticket tree to another manager Escalate Transfers the ticket tree to anoth
195. lled to this role This column also provides the value as a percentage for example 1 3 33 Role Name Click any highlighted role name listed in this column to open its Role Card Depending on the type of action you wish to take you may find that after selecting the appropriate check boxes in this section you have completed the task In this case you can ignore the Other Roles section and skip submit your requests by clicking Submit at the bottom of the Manage My Team s Roles screen To make selections in the Currently Enrolled Roles table 1 Inthe Currently Enrolled Roles table click the relevant check boxes in the Add and or Remove columns At this point you can choose to m End the process at this point a Add additional roles to the selected users If you do not want to add new roles submit your requests Manage My Team s Role Assignments Other Roles Table MMT Role Screen This section allows you to enroll your selected user s to additional roles of your choice The actual enrollment will take place following a review process Note When you click Get Roles in the Users section a list of roles that are not linked to the currently selected user s appears in the Other Roles table In addition to managing the roles currently linked to the members of your team you can also request that the system provide a list of recommended roles for your selected users This list of roles will be displayed in the section Other Roles
196. ludes The universe name and the source of the request For example Approval Root Request Request was submitted on Universe Portal from Update Role This section covers the following topics The Role Definition Approval Root ticket s General functions The Role Definition Approval Root ticket s Advanced functions More information The Ticket Properties Form see page 65 Approval Root Ticket General Functions Role Definition see page 179 Approval Root Ticket Advanced Functions Role Definition see page 180 Role Definition Approval Root Ticket Approval Root Ticket General Functions Role Definition The Role Definition Approval Root ticket provides the following General functionality Close Closes the ticket Save Saves the changes made to the ticket Delegate Transfers the ticket tree to another manager Escalate Transfers the ticket tree to another manager Start Process For regular Approval Processes this button is disabled as the procedure starts automatically when the tickets arrive in the approvers Ticket Queues Cancel Process Allows you to manually stop the Approval Process at any stage Acknowledge This function is disabled until the Approval Process has been completed More information Escalate see page 106 Delegate see page 108 Cancel Process see page 115 Acknowledge see page 116 Chapter 12 Role Definition Tickets 179 Role Definition Main Request Parent Ticket A
197. mation concerning the link s Approver tickets View Entity Opens the entity s card Two buttons are provided one for each member of the link under review The View Children function shows you the two Approver tickets associated with this parent ticket You can access the corresponding Approver tickets by clicking Select in the ticket s row More information Add Comment see page 68 Add Attachment see page 69 View Transaction Log see page 69 View Initiators see page 111 View Parent see page 111 View Entity see page 113 View Children see page 112 Chapter 9 Approval Process Tickets 119 Approval Process Approver Tickets Approval Process Approver Tickets 120 Portal User Guide When an Approval Process is set it motion following a campaign the Approver tickets are sent to all the relevant entity managers As an Approver your job is to either approve or reject the request to reject a link between two specific entities The Approver ticket supplies you with all the data you need to make the decision and with the required functionality to assist you in the process The Ticket type s name is constructed from the ticket s action delete link and the entities involved Therefore an Approver ticket for a request to delete a link between a user and a resource will be called a Delete Link User Resource ticket Your main task is to either approve or reject the submitted request to severe a link between t
198. me Description The universe s description Edit Provides the option of editing the universe definitions Delete Provides the option to delete a universe To access the Universe settings table 1 On the Administration menu click Settings The available options list appears 2 Click Universe Settings The Universe list appears Chapter 15 Using Administration Functions 229 Setting a Universe Creating a New Universe 230 Portal User Guide It is recommended that you create a new universe the first time you run the CA RCM Portal You will use this universe in order to run the first import and audit procedures Sometimes it is necessary to create a separate universe for specific purposes for example when running an audit on a partial configuration As a universe contains a specific master model configuration pair you can either use real configuration names if you already have them or you can use names that will be place savers and can be replaced in the future when you know the true configuration file names When you aren t referring to an existing configuration the information fields will have to remain empty during the creation of the new universe Make sure to fill in the information prior to running a campaign based on this universe Note If the configuration files do not exist the Import process will create them The Create New Universe screen contains the following fields Universe Name Provide the name of
199. more junior manager to be the ticket owner Escalate The act of appointing a more senior manager to be the ticket manager Note The term reassign is used in relation to links to mark the transfer of the responsibility for reviewing a link s from one Approver to another Approver More information Delegating a Campaign see page 81 Reassigning a Link see page 98 Chapter 6 Tickets and the Ticket Queue 55 Ticket Life Cycle Ticket Types Name Campaign owner ticket Approver ticket Info ticket Approval Process Root ticket Rejected Link Parent ticket 56 Portal User Guide A ticket s Ticket Type appears under the Type column in the user s Ticket Queue and also as the ticket title in the Ticket Properties Form The ticket type presents the ticket s purpose Each ticket type has its own unique life cycle Each ticket s state and status attributes denote where it is currently situated within the ticket s life cycle Tickets can be part of a larger process and therefore tickets in the same ticket type category may actually present different functionality The tickets are described in this manual as part of procedures and therefore we have given them names according to their purpose within the procedure The following table presents the list of tickets described in this guide Ticket Type s Campaign Campaign Manager Approver Link Entity1 Entity2 Delete Link Entity1 Entity2 A
200. mpaign Progress button located in the campaign owner s ticket The campaign progress screen opens in a separate browser window CA Role amp Compliance Manager Initial User Audit Progress Universe Current Universe Configuration model_w_emails Approver Name Progress Completed DOMAIN Hill_Gary Hill Gary 0 5 0 DOMAIN Goodman_Bruce Goodman Bruce i 27 33 79 DOMAIN Cooper_Amos Cooper Amos 156 247 63 DOMAIN Herman_Barbara Herman Barbara 0 273 0 DOMAIN Katz_Nancy Katz Nancy l j i 0 54 0 DOMAIN Levi_Jay Levi Jay 0 76 0 DOMAIN Sherman_Allen Allen Sherman a a 0 0 100 DOMAIN Schwarts_Barry Schwarts Barry 0 14 0 DOMAIN Purple_Mary Purple Mary I T 0 106 0 DOMAIN Mills_Robert Mills Robert 0 14 0 More information View Campaign Progress see page 88 46 Portal User Guide Running a Campaign A Case Study Sending Reminders to Approvers As the campaign s due date nears Gary sends reminders to the Approvers who have not yet finished reviewing their Approver tickets In the campaign owner ticket he clicks Send Reminder The Send Reminder screen opens in a separate browser screen a Role amp Compliance Manager Escalation criteria s Parameters default X 1 If less than po of work finished by fi or less days before due date send email from email template ManagerDefault z to Manager of Approver x 2 If less t
201. n For resources three sets of brackets with the three names appear after the For example role Cayman or resname1 email resname2 outlook resname3 WinNT Filter Extensions Permissions Expression may also have logical operations applied to them The available operations are AND OR and NOT AND and OR are binary operations and should be applied to pairs of expressions while NOT is a unary operation Operation symbols are amp AND OR NOT Operator symbols are prefixes and should be placed before the expression s Usage examples amp Location Cayman Organization Finance users in the Cayman finance office Country US Country Uk people in the US or the UK Active false Active users Filters may be as compound as necessary as long as they adhere to the above rules For example amp Country US Country Uk amp Active false Organization Finance Are all the users which are from the US or the UK and are active users from the finance department These filter extensions are for internal use only campaigns additional operators which involve the RACI model A approved entities gt links to approved entities Usage examples All roles whose approver is AD1i Admin A type role sageUser AD1 Admin m All roles linked to users whose manager is AD1 Admin gt type role A type user SageUser AD1 Admin Chapter 16 About Security amp
202. n the fly by adding or removing links between themselves their team members and the corporation s roles and resources The Self Service tasks include the ability to create new roles or update existing one only available to managers with appropriate permissions Each task involves the functionality of one or more screens which will be documented in this chapter In Adding Campaigns we stated that managers do not update entity links during campaigns They are limited to approving or rejecting the current links At times either following a campaign or following changes in corporate regulations or policies it is necessary to update the actual links between the corporate users and the systems roles and resources or to generate new roles This need is fulfilled by using the Self Service tasks Note The general functionality available in Self Service task screens is already documented in Using the CA RCM Portal Interface see page 17 and therefore will not be documented in this chapter Chapter 11 Running Self Service Tasks 133 Compliance Dashboard This chapter documents all the Self Service tasks available via the CA RCM Portal Managers will have access only to those features for which they have been provisioned For the purpose of this manual the Self Service tasks are divided into two groups Provisioning Tasks Includes all the tasks that manage a user s roles resources Manage my team s role assignments Manage my role as
203. n various platforms Identity management systems for example CA Identity Manager This refers to human resource software systems located on various platforms Chapter 15 Using Administration Functions 233 Setting Connectors The CA RCM Portal provides you with the option to define these converters as Import Connectors or Export Connectors for the specific corporate environment The converters are conveniently located in the Import and Export menus of the CA RCM Data Management application For further information on importing exporting and converters see the CA RCM Data Management User Guide Note At some point you may have to access the DM in order to edit the specific converter s Settings and Mappings file For further information see the CA RCMData Management User Guide At the end of an audit process the original configuration that was downloaded from the end point is compared to the new configuration The configuration variance between the original and the updated configuration resulting from the audit and the implementation of corporate policies and enforcing regulatory compliance is uploaded via Export Connectors to the endpoints This section discusses the following procedures m The Connector Settings panel Create a new import connector Create a new export connector R Runa connector m Edit a connector Delete a connector Connectors are defined specifically either as an import connector or as an export conn
204. nality General Provides general data concerning the campaign Advanced Lists the attachment and comments More information Ticket Data Campaign see page 78 General Data Campaign see page 79 Advanced Campaign see page 80 Chapter 7 Running Campaign owner Tickets 77 Campaign Ticket Data Ticket Data Campaign The Ticket Data section consists of the fields located at the top of the campaign s Ticket Properties Form The Ticket Data section of the Campaign Ticket Properties Form contains the following fields Ticket ID The Ticket s unique number Owner The Campaign owner the user who generated the campaign Previous Owner During campaigns or approval processes tickets may be delegated escalated to other managers If a ticket was sent to the owner from another user that user s name not the current owner appears in this field Status Shows the current campaign ticket status Due Date The date by which the campaign ticket must be completed Priority Shows the current priority level Severity Shows the current severity level State Shows the current ticket s state Modified Date The last time the campaign ticket was modified Date Created The date on which the campaign ticket was first generated Title The campaign ticket s title Description The campaign ticket s description 78 Portal User Guide Campaign Ticket Data General Data Campaign The General section is in the body of the
205. nd roles to which you should enroll After making your selection s you can test the compliance of your selections with the existing BPRs and policies You can decide to make the request despite any violations or you can amend your selections To link to additional roles 1 In the Manage My Roles screen scroll down to the Other Roles table 2 Optional Click Find Roles to access the Select Role filter screen 3 Optional Click Suggest Roles to see the CA RCM Portal s recommendations 4 Select one or more roles to link to the chosen users 5 Optional Click Test Compliance to review your selections and check for possible violations The Violations screen opens in a separate browser window Click X to close the Violations window 6 Click Submit The Requests screen opens More information Approval Process Tickets see page 103 Customizing a Data Table see page 19 Setting the Number of Records Per Page see page 20 Entity Card and Data Table Tabs see page 21 Test Compliance see page 135 Suggesting Entities see page 137 Introducing the Requests Table see page 171 Chapter 11 Running Self Service Tasks 151 Manage My Team s Resources Manage My Team s Resources 152 Portal User Guide For the purposes of the CA RCM Portal your team is essentially the users that you were assigned to manage As a team manager you may find it necessary to update resources because of corporate chang
206. nector e 31 233 235 Indirect Link e 226 Info ticket s 50 56 70 71 74 103 123 127 M Master 31 33 36 219 228 230 252 275 Model s 31 33 36 93 103 173 228 230 275 P Permissions e 30 65 79 219 258 Properties s 29 43 50 53 55 56 60 65 67 68 69 72 73 77 78 79 80 81 82 84 85 87 89 90 91 93 94 95 98 102 105 106 108 110 111 112 113 116 121 177 180 193 198 200 205 219 247 249 250 283 R RACI e 24 25 29 35 38 93 103 173 187 219 228 230 252 253 254 263 283 Reassign e 95 98 101 277 Reminder e 47 84 89 Reports e 18 26 28 49 51 283 S Scheduler lt 240 243 245 283 Search e 62 63 Security e 180 187 195 Self Service e 14 26 27 30 48 52 53 56 173 177 180 185 187 189 190 191 193 195 196 198 200 202 203 204 205 228 260 Severity e 65 78 235 238 State e 55 58 65 78 85 302 Portal User Guide Status s 27 55 59 63 65 72 73 78 85 90 106 108 112 T Ticket Queue s 14 21 26 27 30 38 43 50 53 55 56 60 62 63 65 72 73 77 80 81 82 85 93 94 103 106 108 113 115 125 173 179 219 235 238 240 243 255 TMS Administration s 255 Transaction Log e 67 69 74 89 102 110 116 119 124 127 180 183 190 194 197 199 203 206 245 U Universe s 14 23 24 25 28 29 31 33 35 79 88 93 103 113 117 125 173 177 195 207 219 228 229 2
207. ng a suggestion for a recommended user role or resource The available options depend on the Self Service task that is calling for the Suggest Entities service The pre defined patterns are Matching Rights Used only for roles HR Pattern Used for both roles and resources Privileges Pattern Used for both roles and resources Matching Rule Used only for roles Each one of these patterns is documented in detail in the CA RCM DNA User Guide The pattern matching results appear in the columns of the relevant table For provisioning tasks the results appear in the Other Roles table For role definition tasks the results appear in the entity s designated table Chapter 11 Running Self Service Tasks 137 General Self Service Functions 138 Portal User Guide For the purposes of understanding what the CA RCM Portal is suggesting the following table explains the logic behind these patterns Matching rights The CA RCM looks at the current user s resources which correlate according to a given with the selected role s assigned resources and suggests to enroll the current user in the selected role The equivalent in the CA RCM DNA In Out of Pattern User matching HR Pattern The CA RCM looks for users that are similar to the current user in terms of human resources attributes and then looks at the common limited by a pre selected threshold roles linked to those users and suggests to add some of the common roles to t
208. ng the same data The data fields and their content depend on the ticket type and it is in general self explanatory To toggle between the two modes click the visible option More Details Less Details Chapter 9 Approval Process Tickets 109 Advanced Approval Process Ticket Functions Advanced Approval Process Ticket Functions Ticket Type Approval Root The Ticket Properties Forms for the various Approval Process tickets share many of the same functions m Add Comment m Add Attachment R View Transaction Log The following Advanced functions are described in this section View Initiators R View Parent View Children View Entity where entity is either user role or resource The following table provides a summary of all the Advanced functions available for the various Approval Process tickets Advanced Functions a Add Comment campaign Approval Process owner ticket Delete Link Entity1 Entity2 Rejected Link Parent ticket m Add Attachment a View Transaction Log a View Children a View Statistic Add Comment m Add Attachment a View Transaction Log m View Parent a View Initiators a View Children a View Entity m View Entity2 Delete Link Entity1 Entity2 Approver ticket 110 Portal User Guide Add Comment m Add Attachment a View Transaction Log a View Parent Ticket Type View Initiators View Parent Advanced Approval Process Ticket Functions Advanced Func
209. nistrators Chapter 1 Introduction 15 Opening the CA RCM Portal More information Using The CA RCM Portal Interface see page 17 Opening the CA RCM Portal To open the CA RCM Portal 1 Run your browser 2 Enter the address http ServerName ServerPort eurekify and click Go The Login screen opens 3 Enter your User Name and Password in the text fields Note Both the User Name and Password are case sensitive 4 Click Login The CA RCM Portal Home Page appears More information Using The CA RCM Portal Interface see page 17 Presenting the Home Page see page 49 16 Portal User Guide Chapter 2 Using The CA RCM Portal Interface This guide assumes that you are familiar with CA RCM DNA and Sage Data Manager modules and know how to access them to obtain required data file names and locations and to generate necessary files For more information see the CA RCM DNA User Manual and the CA RCM Data Management User Manual The user interface menus and options are fully described in this chapter Not all users will have full administrative privileges and therefore not all the described options will be available for all users This section contains the following topics User Interface see page 18 Menu Bar see page 26 User Interface for Non Administrators see page 30 Chapter 2 Using The CA RCM Portal Interface 17 User Interface User Interface To open the CA RCM Portal follow the in
210. nitiOns 4 0 He rE H deca sateen Sac RRR ONEA 170 Introducing the Requests Table 0 ccc cee cece eee eee eee n eee e eee eneee 171 Chapter 12 Role Definition Tickets 173 Role Definition Approval Root Ticket 00 0 ccc ccc cece eee teen ene t net n een e eee 177 Approval Root Ticket General Functions Role Definition 0 cee ee eee eee 179 Approval Root Ticket Advanced Functions Role Dernitioni 002 eee eee 180 Role Definition Main Request Parent Ticket 0 ccc ccc nner renn nner errore teens 180 Main Parent Ticket General Functions Role Definition 0 0 0 ccc cece cece eee 182 Main Parent Ticket Details Section 182 Main Parent Ticket Advanced Functions Role Definition 0 0 ccc cece eens 183 Add New Role Ticket Tree 0 0 ccc n ee cnet nent tenet teen eee neees 185 Select Accountable Ticket Add New Role 0 ccc cece cece tect ee ene eee eens 187 8 Portal User Guide Role Approver Ticket Add Role cece cece cence eee cnet ete teen eee e ees 192 Self Service Request New Role Parent Ticket 195 Self Service Request New Role Approver Ticket 198 Update Role Ticket Tree ce ce ce ne ne nee e eee nent een e eee e eee e ee neeeeeee 200 Self Service Request Update Role Parent Ticket 202 Self Service Request Update Role Approver Ticket 0 ccc ccc eee cece cent eee eens 204 Chapter 13 Entity Browser 207 CAFS Ca Was nC e ete m
211. nly errcode settings strings universes errors modelhasparen t errcode settings strings universes errors modelnotlogge d errcode settings strings universes errors errorswasfoun d errcode settings strings universes errors wouldliketoaut ofix errcode error workpoint dbconnection errcode 274 Portal User Guide Code txs002 ust001 ust002 ust003 ust004 ust005 ust006 ust007 ust008 ust009 ust010 ust011 ust012 ust013 ust014 ust015 wp001 Description failed to run 0 please watch log files warning master and model configurations are the same missing name field missing description field duplicate name name already in use missing master configuration name field missing model configuration name field was unable to find the audit settings file 0 the master configuration 0 is not read only the master configuration 0 has a parent configuration the model configuration 0 is not logged the model configuration 0 is not read only the model configuration 0 has a parent configuration the model configuration 0 is not logged the following issues were found would you like to auto fix them workpoint database connection is closed Duplicating a Configuration Duplicating a Configuration In the course of your work with the CA RCM Portal you may need to duplicate a configuration whether to use while l
212. o the CA RCM s database When you run the CA RCM Portal the CA RCM server checks the database property listings If the value of a property key in the database is different than the value listed in the eurekify properties the system will use the value listed in the database Note The database values do not change during system updates The CA RCM Portal provides you with two databases to store your update key values DB_dynamic_properties The change is immediate You do not have to wait for the server to go offline to update the property values DB_static_properties The change will take place the next time that the server is restarted Note Servers go offline for regular maintenance and backup The changes made to the property values designated DB_static_properties will be implemented the next time the server goes back online 248 Portal User Guide Properties Settings To access the Properties page 1 On the Administration menu click Settings The list of available options appears 2 Click Properties Settings The CA RCM Properties Page screen opens More information Accessing the Common Properties Settings Page see page 249 CA RCM Properties see page 277 Setting the Number of Records Per Page see page 20 Accessing the Common Properties Settings Page Common properties are properties of the type properties headers commonProperties For instructions on how to create a new property key or edit an exis
213. o aid in finding a specific user The names listed in the proposed users list are governed by several default property filters of the type tms escalate filter General Campaign Ticket Functions To escalate an approval 1 Click Escalate in the Campaign Ticket s Properties Form The Find Escalate Users screen opens 2 Select a name from the list You can use the filter option to reduce the number of records listed in the table 3 Click OK The Executing bar appears The campaign is archived and its status is set to Escalated The campaign ticket appears in the target user s Ticket Queue More information Filtering a Data Table see page 20 CA RCM Properties see page 277 Chapter 7 Running Campaign owner Tickets 83 Campaign Management Functions Campaign Management Functions 84 Portal User Guide The campaign management section of the Ticket Properties Form screen provides the following functions Start Campaign The campaign won t start and approver tickets will remain hidden until the campaign is activated When you start a campaign the state changes to New An email notification is sent to all the campaign s Approvers notifying them that a campaign has begun and that they have links to approve Stop Campaign This allows you as the campaign owner to arbitrarily stop a campaign at any time Restart Campaign This function is active only after a campaign has been stopped Archive Provides you wit
214. o take you may find that after selecting the appropriate check boxes in this section you have completed the task In this case you can ignore the Other Resources and submit your requests by clicking Submit at the bottom of the Manage My Resources screen To make selections in the Currently Enrolled Resources table in the Currently Enrolled Resources table click the relevant check boxes in the Remove column At this point you can choose to End the process at this point m Add resources If you do not want to add new resources submit your requests Other Resources Table Manage My Resources Screen This section allows you to enroll in additional resources of your choice The actual enrollment will take place following a review process In addition to managing the resources that you are currently linked to you can also request that the system provide you with a list of recommended resources for yourself This list of resources will be displayed in the section Other Resources Chapter 11 Running Self Service Tasks 161 Manage My Resources 162 Portal User Guide The Other Resources section provides the following options Add A column of check boxes one per resource Select one or more Res Name 1 Click any highlighted resource name listed in this column to open its Resource Card Customize Allows you to determine the columns that will appear in the Other Resources table Records per page Select the number of records
215. ocess is completed TMS Administration TMS Administration TMS stands for Ticket Management System Tickets are work items used to track information run jobs or notify users of events Tickets are generally not removed from the system except when you click Cancel Process They are archived Tickets should be considered undeletable But nevertheless in extreme circumstances it s possible to delete all the system tickets Important We highly recommend that you back up your system before deleting the system ticket and or ticket types The TMS Administration utility provides you with two options Delete All Tickets Delete All Tickets and Ticket Types Click Delete next to the serviced that you want to run After deletion a confirmation message appears More information Tickets and the Ticket Queue see page 53 System Checkup System checkup is an administrative tool that allows you to examine whether certain processes are working correctly At this time you can only check whether the CA RCM Portal s SMTP process is working correctly SMTP Checkup allows you to check two email systems TMS The Ticket Management System s email connections APP General CA RCM Portal email connections Chapter 15 Using Administration Functions 255 System Checkup 256 Portal User Guide To perform an SMTP checkup 1 On the Administration menu click System Checkup A list of System Checkup options appears Click SMTP
216. ode changeapproval child remove role role info description failed errcode changeapproval child remove role role notificati on title errcode changeapproval child remove role role notificati on description errcode changeapproval child add role resource info titl e rejected errcode changeapproval child add role resource info titl e failed errcode changeapproval child add role resource info description rejected errcode changeapproval child add role resource info des cription failed errcode changeapproval child add role resource notificat ion title errcode changeapproval child add role resource notificat ion description errcode changeapproval child remove role resource info title rejected errcode Code tkt020 tkt021 tkt022 tkt023 tkt024 tkt025 tkt026 tkt027 tkt028 tkt029 tkt030 tkt031 tkt032 tkt033 Error Messages Description already in process the request to add role 0 to role 1 is already in process request was submitted on universe 2 from 3 request to delete role 0 from role 1 rejected request to delete role 0 from role 1 failed the request to delete role 0 from role 1 was rejected request was submitted on universe 2 from 3 the request to delete role 0 from role 1 failed request was submitted on universe 2 from 3 request to delete role 0 from role 1 is already in process the request to delete r
217. of links m Direct links m Indirect links m Dual links You can select to examine one or more types of links during your campaign Direct Links Refer to an immediate connection between entities This is the most often examined type of link and the most important Indirect Links Refer to a link that goes through an intermediary For example a role is linked directly to both a resource and a user There is no direct link between the user and the resource The link between the user and the resource is an indirect link Indirect Links can be reviewed but they cannot be audited A campaign can list them for general knowledge but an Approver cannot approve or reject such a link Dual links Are cases where there is both a direct link for example between a resource and a user but there is also an indirect link going through a role During a campaign only the Direct link is audited The Indirect link is listed for general knowledge CA RCM provides a mechanism to identify and list suspicious users roles and resources in six categories m Suspect entities R Suspect connections Similar roles and role hierarchy Similar resources In out of pattern entities Entities with many few connections An Audit Card file can be generated via the CA RCM DNA client tool For further information see the section on Audit Card Generation and Management in the CA RCM DNA User Guide 226 Portal User Guide Adding Campaigns You c
218. oints This requires you to define import connectors Connectors allow you to import export for example Active Directory CSV RACF or SQL files into the CA RCM using a pre defined converter thereby creating a communications link to the downloading uploading production server The connectors are defined as either import connectors or export connectors and utilize a specific pre defined converter see CA RCM Data Management User Guide Import refers to downloading the system s true user resource and role when available configuration data Export refers to uploading the desired changes in user resource and role data generated following an audit You will need the following information when you create a new connector Name and location of the converter s Settings XML file see CA RCM Data Management User Manual Name and location of the converter s Mapping XML file see CA RCM Data Management User Manual Optional Name and location of the Enrichment Settings file see CA RCM Data Management User Manual m Name of the converter s Java Class Name of the Workflow process More information Setting Connectors see page 233 Step 3 Importing Entity Data 34 Portal User Guide Import refers to downloading the system s current user resource and role when available configuration data You can use the import connector that you created in Step 2 to download the entity data from the
219. ole This button is disabled because all the role s details already appear in this ticket View Consult Results This button appears only when the Consult service has been activated More information Add Comment see page 68 Add Attachment see page 69 View Transaction Log see page 69 View Parent see page 111 View Initiators see page 111 View Violations see page 191 View Consult Results see page 125 Add New Role Ticket Tree Self Service Request New Role Parent Ticket The Self Service Request New Role Parent ticket is a management ticket generated by the CA RCM portal during the third stage of the Add New Role Approval Process While the Approval Root ticket controls the lifecycle of the whole tree the New Role Request Parent ticket controls the lifecycle of the approver ticket generated during the third stage of the Approval The ticket s type is the same as the Approver ticket below it but it is intended to be a management ticket The ticket owner in this case is the role manager In this section you will find information specific to the Self Service Request New Role Parent ticket lt Ticket Title gt Link Entity Role Title Request to add Entity to role association Role Role Entity Entity ID For example Request to add user to role association role Corporate Security user 89213720 Description Request to add Entity to role association Role Role Entity Entity ID
220. ole 0 from role 1 is already in process request was submitted on universe 2 from 3 request to add resource 1 to role 1 rejected request to add resource 0 to role 1 failed the request to add resource 1 to role 0 was rejected request was submitted on universe 2 from 3 the request to add resource 1 to role 0 failed request was submitted on universe 2 from 3 request to add resource 1 to role 0 is already in process the request to add resource 1 to role 0 is already in process request was submitted on universe 2 from 3 request to delete resource 1 from role 1 rejected Chapter 17 Troubleshooting 271 Error Messages Field changeapproval child remove role resource info title failed errcode changeapproval child remove role resource info description rejected errcode changeapproval child remove role resource info description failed errcode changeapproval child remove role resource notification title errcode changeapproval child remove role resource notification description errcode changeapproval child role task addroletoraci description errcode changeapproval child remove user role notificati on description errcode login errors invalidcredentials errcode login errors invalidcredentials errcode page admin failuremessage errcode error validate optionvalue errcode error validate command notfound errcode error validate command disabl
221. onality Add Comment Manually add a comment to the ticket Add Attachment Add an attachment or URL to the ticket View Transaction Log The transaction log provides a history of the ticket related actions executed since the creation of the ticket View Children Opens a table which provides you with information concerning all the nodes leaves that are located below the current ticket For the Approval Process Root ticket this means that you can view information concerning the Approval Processes Rejected Link Parent ticket View Statistics Provides the status of all the children tickets More information Add Comment see page 68 Add Attachment see page 69 View Transaction Log see page 69 View Children see page 112 View Statistics see page 116 The View Statistics button opens the View Statistics list in a separate browser window This list in table format presents the statistics concerning how many of the child tickets Reject Link Parent ticket in this case have one of three state status combinations Any ticket that has already been processed will not be listed here 116 Portal User Guide Rejected Link Parent Ticket To view the ticket s statistics information 1 Click Advanced at the bottom of the Ticket Properties Form 2 Click View Statistics The View Statistics table appears in a separate browser window 3 Click Close to close the View Statistics window Rejected Link Parent Ticket The Re
222. only what is explicitly permitted will be visible and enabled for the user More information Permissions see page 260 Security Authentication Settings Encryption Authentication is the act of establishing that a user does indeed have security permission to gain access to the CA RCM Portal The security parameters located in the eurekify properties file governs the necessity of using a password to obtain access to the CA RCM Portal sage security disable ADAuthentication true When this property is set to True the user does not have to use his her established password in order to log in to the CA RCM Portal and any alphanumeric combination will allow them to gain entry When the property is set to False only registered passwords will provide access to the CA RCM Portal This means that there has to be a corporate Active Directory server that has a list of all the users and their passwords When a user attempts to log in the user and password are sent to the Active Directory server for authentication When sending the user login and password data it is recommended that this data be encrypted The security parameter located in the eurekify properties file is sage security disable ss ADAuthentication true When this is set to True SSL authentication is disabled SSL or Secure Sockets Layer technology enables encryption of sensitive information during transactions When the parameter is set to False that is SSL encry
223. operties 281 tms campaign campaign type reassign filter tms campaign campaign type reassign filter Used for filtering the reassign option user list Comprises three options Description Reassign filter Property tms campaign campaign type reassign filter Example tms campaign userCertification reassign filter GFilter Organization owner Organization tms campaign roleCertification reassign filter GFilter Organization owner Organization tms campaign resourceCertification reassign filter GFilter Organization owner Organization 282 Portal User Guide Appendix B Portal Structure XML This section contains the following topics Sample Portal Structure XML see page 284 Appendix B Portal Structure XML 283 Sample Portal Structure XML Sample Portal Structure XML lt xml version 1 0 standalone yes gt lt DOCTYPE portal View Source for full doctype gt lt portal gt lt tag id HomePage gt lt type gt internal lt type gt lt label gt Home lt label gt lt data gt com eurekify web portal homepage HomePage lt data gt lt checkPermission gt false lt checkPermission gt lt tag gt lt tag id TmsSystem gt lt type gt external lt type gt lt data gt SAGE_SERVICE_URL tms ui credential lt data gt lt checkPermission gt true lt checkPermission gt lt tag id DefaultTickets gt lt type gt external lt type gt lt label gt Open New Done Tickets lt label
224. operties Form General Ticket Functions Ticket functionality depends on the ticket type and on the user who is viewing the ticket Every Ticket Properties Form has at least two active functions Save Click to save any changes made to the ticket Close Click to close the Ticket Properties Form browser window More information Running Campaign owner Tickets see page 75 Campaign Approver Tickets see page 93 Running Self Service Tasks see page 133 Advanced Ticket Functions Advanced ticket functionality depends on the ticket type and is available only to the ticket owner Click Advanced at the bottom of the Ticket Properties Form to access the advanced ticket functions Most non info type tickets have the following functionality Add Comments Click to add a comment to the ticket Add Attachments Click to add an attachment to the ticket View Transaction Log Click to view the ticket s transaction log Additional functions such as the option to view the ticket initiators view violations or view the relevant user depend on the ticket type More information Running Campaign owner Tickets see page 75 Campaign Approver Tickets see page 93 Approval Process Tickets see page 103 Info tickets see page 70 Chapter 6 Tickets and the Ticket Queue 67 The Ticket Properties Form Add Comment 68 Portal User Guide Using this function you can add specific comments in free style text This is in addition to s
225. or URL to the ticket View Transaction Log The transaction log provides a history of the ticket related actions executed since the creation of the ticket Chapter 12 Role Definition Tickets 183 Role Definition Main Request Parent Ticket View Parent Opens the current ticket s parent s ticket View Initiators View of list of the users who launched this ticket View Children Opens a table which provides you with information concerning all the nodes leaves that are located below the current ticket For the Approval Process Root ticket this means that you can view information concerning the various Approver Process tickets and sub subtrees generated during a Role definition Approval Process View Role Opens the role s card As the approval process focuses on a specific role this is the card that is available to you at this stage of the process More information Add Comment see page 68 Add Attachment see page 69 View Transaction Log see page 69 View Initiators see page 111 View Parent see page 111 View Entity see page 113 View Children Role Definition Approval Process 184 Portal User Guide Role Definition Approval Processes proceed in stages During each stage the child tickets you can see when you click View Children will change During an Add Role approval process you will be able to see Stage 1 Only the Select Accountable task ticket is listed Stage 2 Both the Select Accountable task ti
226. or ticket processing check box Click Create the Campaign 224 Portal User Guide Adding Campaigns The campaign has been created and a ticket will be generated If the Don t wait for ticket processing option has been disabled you will see a percentage progress bar on screen and when the campaign ticket is ready the Campaign Settings Completed screen opens This screen signals that the campaign generation has been completed and contains the following Campaign name Campaign type m Universe Configuration Audit Card Number of approvers as generated according to the RACI model Number of entities total number of users roles or resources that the approvers have to approve depending on the campaign s focus Campaign ticket ID When the Don t wait for ticket processing option has been enabled the following message appears Your request was sent to execution a mail message will be sent upon completion Note Any entity that does not have a manager will be assigned to the campaign administrator s approver ticket To start the campaign you have to go to your Ticket Queue More information Setting a Universe see page 228 Audit Cards see page 226 Privileges to Certify Options see page 226 Campaign Approver Tickets see page 93 Chapter 15 Using Administration Functions 225 Adding Campaigns Privileges to Certify Options Audit Cards CA RCM identifies three types
227. ords that will appear in the Users table Find Users Opens the Select User filter screen to assist you in finding specific users Once you have selected the user s you want to manage at this time you can click Get Roles to obtain a list of the roles currently associated with these users Note If the actions you want to take do not involve the currently enrolled roles associated with the selected user you can skip the Currently Enrolled Roles table and go to the Other Roles table Manage My Team s Role Assignments To select users and obtain their roles 1 Inthe Users table select one or more users You can click Find Users to open the Select User screen 2 Click Get Roles The roles linked to the selected user s appear in the Currently Enrolled Roles table A list of roles that are not linked to the currently selected user s appears in the Other Roles table At this point you can choose to m Manage the current enrollment list m Add additional roles to the selected users Do both If you do not want to manage the currently enrolled roles skip to add roles to the selected users More information Customizing a Data Table see page 19 Filtering a Data Table see page 20 Setting the Number of Records Per Page see page 20 Currently Enrolled Roles Table Manage My Roles Screen This section allows you to manage the current roles enrollment for your selected users The options available to you depend on
228. ormation Tickets and the Ticket Queue see page 53 Running Campaign owner Tickets see page 75 Campaign Approver Tickets see page 93 The Reports Bar The Reports Bar The Reports navigation bar lets you easily navigate to your most popular reports Click to add links to your favorite reports To add a report link to the list of reports displayed in the Reports Pane 1 In the Reports bar header click 3d The Select Links for My Reports screen opens in a separate browser window In the Available Links left hand panel select one or more using Ctrl Shift of the report links Click S to transfer the selected link s to the Selected Links pane Optional To change the order of the listed links in the Selected Links pane select a link and click 4or To remove a report link from the Selected Links pane select the link and click When you finish making your selections click OK The selected links will now appear in the Home page Reports navigation bar Chapter 5 Presenting the Home Page 51 The Business Processes Bar The Business Processes Bar 52 Portal User Guide The Business Processes navigation bar lets you easily navigate to your most popular business processes The business processes that are available are those procedures listed also in the Self Service menu You can click Q to add links to your favorite ones To generate a list of Business Process links 1 In the Business Process na
229. ort Universe Specifies the universe the report will reference The drop down lists all universes defined in the portal Configurations Specifies the configurations in the universe to use for the report Entity Type Specifies the entity the report will cover by Field Specifies a data field used to filter participants The drop down shows all data fields defined for the selected entity type in the specified configuration file s Select an attribute and existing values are listed Click a value to use it as a filter From Date Specifies the report s start date Changes to selected entities since this date are included in the report Show Current Links Includes existing links to other entities in the report Chapter 14 How to Generate Reports 215 Display a Report s Index Display a Report s Index Some reports are indexed by the data field used to filter and sort the report You can use this index to navigate the report in your browser To display a report s index click G A navigation pane appears on the left of the screen Change Report Parameters You can regenerate the report with different parameter settings This is useful if the scope of the report is not what you planned or if you wish to compare parallel subsets of information for example different locations or business units To regenerate the report 1 Click the Show Parameters link on the left of the report display The parameters dialog for t
230. ot appear in the AuditCard This is useful in case the AuditCard represents Approved Violations Permissions Override the eurekify cfg permissions in order to ensure that campaign designated approvers are permitted access to the subjects of their approval Automatically provision campaign permissions Recommended Select to ignore the system permissions and automatically provision campaign permissions For example this shortcut is useful as it allows managers to view tickets that otherwise they wouldn t be allowed to view because the security administrator had to run a campaign even though the corporation is in the middle of setting up permissions When this option is disabled an Approver may receive a ticket yet the ticket will be empty if the permissions were not defined so as to allow this Approver to view the relevant links General Don t wait for ticket processing receive email when finished Select to enable processing of the campaign in the background When a ticket is generated you will receive email notification For very large campaigns have the system process the campaign creation offline the campaign owner can continue with other tasks and send an email to the campaign owner once the campaign has been created Generating a campaign is a resource intensive process especially as the number of links is not limited to the number of system users For example in a company with 10 000 employees and assuming each u
231. ot ticket controls the lifecycle of the whole tree the Update Role Request Parent ticket controls the lifecycle of the approver ticket generated during stage 1 of the Approval Process and also all the sub trees generated during stage 2 of the Approval Process In this section you will find information specific to the Self Service Request Update Role Parent ticket lt Ticket Title gt Update Role Title Update Role Role Name Description Update Role Role Name The More Details gt gt lt lt Less Details option provides more information than in other parent tickets In this case you can see a full list of the ID numbers for all the users that you or the Self Service manager requested to enroll in this role Use this ticket s functionality when you wish to transfer the specific link s sub tree to the management of another user or to cancel this specific review You can use the options in the ticket s Advanced section to access additional information concerning the current ticket and the rest of the tickets in the sub tree More information The Ticket Properties Form see page 65 202 Portal User Guide Update Role Ticket Tree Update Role Ticket General Functions The Self Service Request Update Role Parent ticket provides the following General functionality Close Closes the ticket Save Saves the changes made to the ticket Delegate Transfers the ticket tree to another manager Escalate Transfers the ticket tree to
232. our corporation s new needs In the Request Role Update screen you are required to select a Universe Selecting the Universe opens the Select Role screen This is a search screen with built in filters and a RACI based advanced search feature Note The universe s model configuration is listed in the upper right hand corner of the Select Role screen Once you have successfully constructed a search pattern a list of roles is displayed in the Role table To update an existing role 1 Click Request Changes to a Role Definition on the Self Service menu The Request Role Update screen opens Select a Universe from the drop down list Click OK The Select Role screen opens Filter the data table to create a search pattern non BR U N Optional You can use the RACI based Advanced Search feature to include additional constraints on the search 6 Click Search A list of roles is displayed in the customizable Role table 7 Select the Add check box for the role you want to update 8 Click OK The Request Role Update screen opens Introducing the Requests Table More information Defining a New Role see page 164 Filtering a Data Table see page 20 Request New Role Definition Screen see page 164 Definitions for Role Name New Role Name see page 168 Introducing the Requests Table Each Self Service task requires you to submit a request to perform the changes generated via the task s screens When
233. ovides descriptive information concerning the current action Users Your team members Select one or more users for the current action Currently Enrolled Roles The current roles linked to the selected users Other Roles Recommended roles for the selected users The Users and Other Roles sections present customizable tables As the MMT Role screen allows many options and great flexibility the task s procedures will be broken up by section The fields in the General section m The Users table options and functionality The Currently Enrolled Roles table options and functionality The Other Roles table options and functionality To manage my team s role assignments click Mange My Team s Role Assignments on the Self Service menu The Manage My Team s Roles screen opens Manage My Team s Role Assignments More information Customizing a Data Table see page 19 General Section MMT Role Screen see page 141 Users Table MMT Role Screen see page 142 Currently Enrolled Roles Table Manage My Roles Screen see page 143 Other Roles Table MMT Role Screen see page 145 General Section MMT Role Screen The General section of the Managing My Team s Roles screen contains the following fields Universe Select the Universe you wish to work with The users table and the available roles depend on the universe Business Area General information descriptive This information will appear in the Descri
234. pes of action may be possible When the ticket has been processed the ticket state changes to Done and you can archive the ticket As tickets can be hierarchal that is actions taken on a ticket located higher in a ticket tree can impact on a ticket lower in the tree For example a campaign ticket tree consists of the Owner ticket root ticket and the associated Approver tickets The number of Approver tickets associated with a specific campaign is listed in the Children column when visible Until the Campaign owner starts the campaign the Approver tickets are listed in the campaign owner s Ticket Queue as state Hidden and the Approver tickets do not appear in the respective approvers Ticket Queues Once the campaign has begun the state of the Approver tickets listed in the campaign owner s Ticket Queue changes to New And the Approver tickets are now visible in their respective approvers Ticket Queues The approvers can now begin to examine the links provided in the Approver tickets Another facet of a ticket s life cycle is that some tickets under certain conditions can be transferred to another user For example a senior administrator can generate a campaign the campaign owner and then transfer campaign ticket ownership to another system administrator Approval Process tickets can also be transferred by their owners The CA RCM Portal uses the terms delegate escalate to denote such a transfer Delegate The act of appointing a
235. pproval Process tickets View Entity Opens the entity s card Two buttons are provided one for each side of the link under review View Consult Results This button appears only when the Consult service has been activated More information Add Comment see page 68 Add Attachment see page 69 View Transaction Log see page 69 View Initiators see page 111 View Parent see page 111 View Entity see page 113 Consult see page 121 View Consult Results Approval Process Info Tickets When an Approver sends a request for a consult during an Approval Process the View Consult Results button is added to the ticket s Advanced function buttons When you click this button you open the View Consult Results window in a separate browser window Click Close to close the window You can use this utility to see what the consultation results are If at the time of the viewing no answers are available the screen will list this data as follows The View Consult Results table has two columns Action The action was taken by the consulting parties Counter The number of consultants who responded in this manner Over time as the various users respond to the request for a consultation by approving the request to delete a link or rejecting it the table shows the various responses Click View Consult Results to view the View Consult Results screen in a separate browser window Click Close to close the browser window Approval
236. pproval Root Delete Link Entity1 Entity2 Description The campaign root ticket The ticket generated and sent to the campaign owner when a campaign is created This ticket tree comprises the campaign ticket and all the campaign s Approver tickets For more information see Running Campaign owner Tickets see page 75 A ticket sent to a user role or resource manager depending on the campaign type It contains the list of entity links that the entity s manager Approver has to approve Each individual link can be approved rejected or reassigned by the ticket owner to another approver For more information see Campaign Approver Tickets see page 93 Gives notice and supplies relevant information about specific situations in the ticket life cycle for example the termination of an approval process For more information see Info tickets see page 70 A ticket generated after a campaign is stopped or completed This ticket tree includes the Approver tickets associated with the campaign s rejected links that are being sent for review to the managers of the linked entities For more information see Approval Process Tickets see page 103 A ticket generated after a campaign is stopped or completed This ticket is the specific rejected link s manager ticket For each pair of Approver tickets sent to the link s entity managers there is a parent ticket thus creating a sub tree for each rejected link For more information
237. pproval Root Ticket Advanced Functions Role Definition The Role Definition Approval Root ticket provides the following Advanced functionality Add Comment Manually add a comment to the ticket Add Attachment Add an attachment or URL to the ticket View Transaction Log The transaction log provides a history of the ticket related actions executed since the creation of the ticket View Children Opens a table which provides you with information concerning all the nodes leaves that are located below the current ticket For the Approval Process Root ticket this means that you can view information concerning the Approval Processes Main Request Parent ticket View Statistic Provides the status of all the children tickets More information Add Comment see page 68 Add Attachment see page 69 View Transaction Log see page 69 View Children see page 112 View Statistics see page 116 Role Definition Main Request Parent Ticket 180 Portal User Guide The Main Request Parent ticket is a management ticket generated by the CA RCM portal for each Role Definition procedure All the individual tickets and sub trees that make up the Role Definition Approval Process ticket tree are located beneath this ticket The number of children tickets changes over the course of the Approval Process During the first stage there is usually only one child ticket as the Approval Process moves on and generates the entity Approver tickets
238. proval Process Tickets 111 Advanced Approval Process Ticket Functions View Children 112 Portal User Guide Post campaign Approval Process tickets are set up as hierarchal trees The View Children option allows you to see information concerning all the nodes leaves that are located below the current ticket For the Approval Process ticket tree this means that you can view the children tickets for the Approval Process Root ticket and for the Rejected Link Parent ticket You can control the number of records per page listed in the table by using the Records per page option The following fields appear in the View Children table Action The action you can take concerning this ticket For example Select opens the selected ticket in a separate browser window Owner The ticket owner Type The ticket type Status The ticket status Title The ticket title Comments The last comment added to this ticket To view a ticket s children tickets 1 Click Advanced at the bottom of the Ticket Properties Form screen 2 Click View Children A table opens at the bottom of the Ticket Properties Form screen The View Children gt gt button becomes the lt lt Close Children button 3 Optional Click Select in the Action column to navigate to the ticket listed in that row The selected ticket opens in a separate browser window 4 Click Close to close the selected ticket 5 Click Close Children to close the ticket children table
239. ption field of the ensuing Self Service Approval Root ticket Business Process General information descriptive This information will appear in the Description field of the ensuing Self Service Approval Root ticket Description Provide a concise and meaningful description of the changes you intend to make to your team s roles Submit Click to submit your request for changes To enter the data in the MMT Role General section 1 Select a Universe from the drop down list Enter the Business Area for the current action Enter the Business Process associated with the current action oe oy Enter a Description Chapter 11 Running Self Service Tasks 141 Manage My Team s Role Assignments Users Table MMT Role Screen 142 Portal User Guide The Users table displays a list of the users in the selected Universe s configuration files The members of your team are marked with a green dot next to their Person ID The Users table provides the following options Add A column of check boxes one per user Select one or more When you check multiple users all the changes you make will be implemented for all selected users Person ID Click any highlighted ID listed in this column to open the associated User s Card Get Roles Provides a list of Currently Enrolled Roles for the selected users Customize Allows you to determine the columns that will appear in the Users table Records per page Select the number of rec
240. ption is enabled you have to also supply the keystore file sage security eurekify keyStore file The keystore file is a database that stores the private and public keys necessary for SSL encryption and decoding Chapter 16 About Security amp Permissions 259 Permissions Permissions When security is enabled every action a user attempts is checked against the users permissions For this purpose CA RCM cfg provides a set of resources that govern the various permissions It should be noted that the option that allows an Approver to view the contents of an Approver ticket even if the Administrator did not give the Approver the appropriate permissions sets up resources to handle this issue in the background These permissions are limited to the specific campaign s requirements There are no permission filters for Delegate Escalate More information CA RCM Configuration Structure see page 260 CA RCM Configuration Structure Link Type Resources 260 Portal User Guide This section discusses how the eurekify cfg file s resource definitions impact a user s permissions In general various types of resources are pre defined as permission related resources The system recognizes three families of such resources m Link m Doc_Access m Filter The easiest way to view and edit these resources is within the CA RCM DNA module Resources whose type is Link determine which menu options will be visible to each
241. r Guide The Users table displays a list of the users in the selected Universe s configuration files The members of your team are marked with a green dot next to their Name The Users table provides the following options Add A column of check boxes one per user Select one or more When you select multiple users all the changes you make will be implemented for all selected users Person ID Click any highlighted ID listed in this column to open the associated User s Card Get Resources Provides a table of Currently Enrolled Resources for the selected users Customize Allows you to determine the columns that will appear in the Users table Records per page Select the number of records that will appear in the Users table Find Users Opens the Select User filter screen to assist you in finding specific users Once you have selected the users you want to manage at this time you can click Get Resources to obtain a list of the resources currently associated with these users Note If the actions you want to take do not involve the currently enrolled resources associated with the selected user you can skip the Currently Enrolled Resources table and go to the Other Resources table Manage My Team s Resources To select users from the MMT Resources Users table and obtain their roles 1 Inthe Users table select one or more users You can click Find Users to open the Select User screen 2 Click Get Resources The resourc
242. r Progress 070 100 Advanced Save and Reassign Hide Selected Save Close Chapter 4 Showcasing the CA RCM Portal 41 Running a Campaign A Case Study As all Allen s users have been reassigned the Approver progress bar shows that the review process is 100 complete and the users have a reassign icon 74 next to them In Gary s Ticket Queue Allen s ticket now has the status Completed and a new ticket has been generated for Robert Mills Role amp Compliance Manager DOMAIN Hill_Gary Log Out Home Ticket Queue v Dashboards y Self Service v Entity Browser Reports Administration v Ticket Queue zP l lt l lt e State Status Children Type 7Received Owner 7 Previous Owner aj 248 249 251 255 275 294 299 307 310 316 328 gt Initial User Audit User Certification fi User Certification Hill Gary Initial User Audit User Certification Goodman Bruce Initial User Audit User Certification Cooper Amos Initial User Audit User Certification Herman Barbara Initial User Audit User Certification Katz Nancy Initial User Audit User Certification Levi Jay Initial User Audit User Certification Allen Sherman Initial User Audit User Certification Schwarts Barry Initial User Audit User Certification Purple Mary Initial User Audit User Certification Allen
243. r configuration and Model configuration pair that includes the entitlements of one or more end points The Master configuration contains the real world user and user privileges information The model configuration starts as an identical copy of the Master configuration but as the audit process proceeds the model configuration is updated based on the corporate policies and regulatory compliance demands CA RCM Portal permissions are derived from the universe definition Note Once you have defined a universe you have to run the CA RCM Configuration settings utility so that the users can access the CA RCM Portal You also have to generate the RACI configuration to define the entity Approvers This section describes the following procedures m Access the Universe Settings List Create a new universe Edit a universe Delete a universe 228 Portal User Guide Setting a Universe More information CA RCM Configuration Settings see page 252 RACI Operations see page 253 The Universe Settings Table see page 229 Creating a New Universe see page 230 Editing a Universe see page 232 Deleting a Universe see page 233 The Universe Settings Table The Universes table displays a list of available universes their description and the options of editing or deleting an existing universe A Create New button allows you to generate a new universe The universe s ID number Name The universe s na
244. r the Request Description Enter the Role Name Enter the Description of the new role Enter the Owner s ID Optional Click Find to access the Find User filter screen Select a user from the User list generated by your filter Click OK Enter a Type use autocomplete Enter an Organization name use autocomplete Enter an Organization 2 name use autocomplete Enter an Organization 3 name use autocomplete Create a Rule Click Add Rule for assistance in constructing a rule Click Next The Definitions for Role Name Role Name screen opens More information Filtering a Data Table see page 20 Constructing a Rule see page 167 Definitions for Role Name New Role Name see page 168 166 Portal User Guide Defining a New Role Consiructing a Rule The CA RCM Portal provides you with the Add Rule utility to assist you in constructing a rule for the new role you are requesting This screen has the following text boxes and functions Field Use autocomplete to select a field name Value Enter a value or use autocomplete to provide an appropriate value Add Lets you add another constraint to the rule Remove Removes the last added constraint Cancel Cancels the rule construction Note Adding a rule is optional Not every Role has to be rule based To construct a rule 1 Click Add Rule in the Request New Role Definition screen The Rule Construction screen opens Enter a Field name Enter a Value
245. ral section 1 Select a Universe from the drop down list The Currently Enrolled Resources table and the Other Resources table shows resources belonging to the selected Universe s configuration 2 Enter the Business Area for the current action Enter the Business Process associated with the current action 4 Enter a Description Note If the actions you want to take do not involve your currently enrolled resources you can skip the Currently Enrolled Resources table and skip to the Other Roles table If you do not want to manage the currently enrolled resources add resources to the selected users 160 Portal User Guide Manage My Resources Currently Enrolled Resources Table Manage My Resources Screen This section lets you manage your current resource enrollment When you originally selected the Universe the CA RCM Portal provided the list of your current resources within the universe s configuration In this case the only option available to you in this section is to click the Remove check box next to a resource thereby severing the link between you and the selected resource The Currently Enrolled Resources table provides the following options Remove A column of check boxes one per user Check one or more to remove the link between the selected users and the selected resources Res Name 1 Click any highlighted resource name listed in this column to open its Resource Card Depending on the type of action you wish t
246. rchy evolves from role trees that are present in many corporate systems For example an Identity Manager application can have two levels of roles Provisioning Role and Provisioning Policy Users are always linked to a Provisioning Role that is linked to a specific Provisioning Policy This hierarchal structure is maintained during import export When generating a new role it is important to know whether there are system rules that demand specific hierarchal connections between roles Each section contains a customizable entity table listing all the relevant entities To assist you in your selection the following functions are available Find Entities Provides a filter screen Suggest Entities Provides suggested users for selected resources or suggested resources for selected users This service is not available for the Role Hierarchy tables Defining a New Role Highlighted Column In each customizable table there is one pre defined column that is highlighted Click the name of the entity to access its data card Customize Provides the option to select the fields that will appear in the specified table Records per page Select the number of records per page Test Compliance Tests the selections you made for violations If you select to apply the Suggest Entities service to both users and resources you see data on the enrollment of the users and resources To assign users resources and role hierarchy to the new role 1 Select us
247. rent ticket The ticket is then a Notification ticket that informs you of the reason why the expected approver tickets are not present When you click the ticket title you open the Ticket Properties Form in a separate browser window In this section you will find information specific to the Approval Root ticket type It is important to remember that Approval Process tickets are based on specific campaigns Chapter 9 Approval Process Tickets 113 Approval Process Root Ticket 114 Portal User Guide The following fields give you the basic information concerning the current Approval Process lt Ticket Title gt Approval Root Title Campaign Title Approval Root Request Description A description of the ticket It includes the details of the request Request submitted on Universe Universe name from Campaign Title This section covers the following topics The Approval Root ticket s General functions The Approval Root ticket s Advanced functions More information Rejected Link Parent Ticket see page 117 The Ticket Properties Form see page 65 Approval Process Root Ticket Approval Root Ticket General Functions Cancel Process The Approval Root ticket provides the following General functionality Close Closes the ticket Save Saves the changes made to the ticket Delegate Transfers the ticket tree to another manager Escalate Transfers the ticket tree to another manager Start Process For regular Approv
248. ribed in the relevant sections Approval Root campaign owner Delete Link Entity1 Entity2 campaign owner Delete Link Entity1 Entity2 Approver ticket This function lets you transfer the selected ticket to a more senior manager Once you have transferred the selected ticket to the new ticket owner the original ticket is archived and will no longer appear in your list of active tickets Only the current ticket owner can escalate a ticket When a ticket is escalated a new ticket is generated with the new owner listed in the Owner field and the manager who escalated the ticket s is listed in the Previous Owner field A comment is generated stating that the ticket has been Escalated to current owner This comment appears in both the old ticket and in the new ticket When viewed in the original ticket owner s Archive screen Ticket Queue Archived tickets the old ticket and the new ticket create a hierarchal tree in which the original ticket the Status is set to Escalated is the root ticket and the new ticket is the next node When the escalated ticket is viewed in the Approval Process owner s Ticket Queue when applicable the old ticket and the new ticket create a new sub tree within the original Approval Process tree in which the original ticket Status is set to Escalated is the parent ticket If the ticket that you chose to transfer is a parent ticket having other tickets located below it in the specific Appro
249. root ticket row provides the number of Approvers assigned to a specific campaign A campaign owner can also be an approver but it is not required If there are entities that do not have assigned managers their links will be sent to the campaign administrator for approval As the campaign proceeds and links are approved or rejected reminders are sent and other tasks are performed changing the content of the tickets and or their State and Status A campaign owner can see all the tickets generated by the campaign and can therefore follow the campaign by navigating the campaign s ticket tree Note A campaign has to be manually started by the campaign owner Chapter 7 Running Campaign owner Tickets 75 Info tickets 76 Portal User Guide When you create a campaign and the campaign ticket is first created its state is listed as New After you open the ticket for the first time its state is changed to Open There are various actions a campaign owner can take prior to starting a campaign for example escalate a campaign The Approver tickets are listed as Hidden until you start the campaign Once you start the campaign the approvers can see the campaign tickets in their own ticket queue A campaign can be manually stopped by the campaign owner and later restarted if necessary The campaign owner can choose to archive a campaign ticket when he she is done with it The status column provides additional information When you first cr
250. rop down box and enter the field content 3 Click OK The requested transaction logs appear in the Transaction Log table 4 Optional Click Delete All to delete all the transactions currently saved by the system More information Setting the Number of Records Per Page see page 20 Cache Manipulation 246 Portal User Guide Using the CA RCM server s cache improves performance This is achieved by uploading the current Universe and configuration data to the cache Accessing the server s cache is much faster than accessing the hard drives so users can receive information more quickly than if they had to receive content from the server hard drives This section covers the following topics Loading the cache m Clearing the cache More information Load Cache see page 247 Clear Cache see page 247 Load Cache Clear Cache Properties Settings This utility is used to swiftly load a specific configuration into the CA RCM Server s memory cache To load a specific configuration into the CA RCM Server s memory cache 1 On the Administration menu click Load Cache The Load Configuration to Cache screen opens 2 Select a Configuration from the drop down list 3 Click OK This utility is used to swiftly clear the CA RCM Server s memory cache It is useful in the special case where you updated the configuration data for example changing permissions in the DNA and you want to make sure that anyone running the system w
251. roval Root Ticket see page 177 Role Definition Main Request Parent Ticket see page 180 Add New Role Ticket Tree see page 185 Update Role Ticket Tree see page 200 Role Definition Approval Root Ticket The Self Service Approval Root ticket is the root ticket that appears in the ticket queue belonging to the manager administrator who submitted the Self Service request When expanded you can view the tickets generated for the specific Role Definition Approval Process As the tickets to be found below the Approval Root ticket depend on the specific role related requests being made these tickets will be described where relevant What is important to realize is that the Approval Root ticket provides the same information and functionality both for an Add Role request and an Update Role Definition request Note When the approval process Approver tickets are not generated a Notification ticket appears below a Request Parent ticket Chapter 12 Role Definition Tickets 177 Role Definition Approval Root Ticket 178 Portal User Guide Click the ticket title to open the Ticket Properties Form in a separate browser window In this section you will find information specific to the Approval Root ticket type for Self Service provisioning requests lt Ticket Title gt Approval Root Title Self Service Task Approval Root Request For example Add Role Approval Root Request Description A description of the ticket It inc
252. rs will receive notice of the new campaign in the email designated by the CA RCM master configuration Chapter 7 Running Campaign owner Tickets 85 Campaign Management Functions Stop Campaign Restart Campaign 86 Portal User Guide You as the campaign owner can wait for all the approvers to complete their review or you can manually stop the campaign A campaign that was manually stopped can later be restarted When a campaign has been stopped it returns to its pre start conditions state Open status Pending action and the approver tickets are once again hidden from their owners Click Stop Campaign in the campaign s Ticket Properties Form to manually stop a campaign More information Restart Campaign see page 86 The ability to restart a campaign is enabled only when you manually stop a campaign When you restart a campaign the approver tickets are once again accessible to the Approvers You will see them listed as state New in your Ticket Queue but their status will reflect their status prior to the campaign s manual cessation For example if an Approver managed to complete his assigned reviewing tasks while the campaign was running this Approver s ticket status will be Completed After you restart the campaign this Approver ticket s status will show that the process has been already completed Click Restart Campaign in the campaign s Ticket Properties Form to restart a campaign that had been manually
253. s 0 ccc ccc ccc cnet eee ete r rrr een rs 121 Approver Tickets Advanced Functions 0 ccc cece ccc cece tnt net n ee neens 124 Approval Process Info TicketS 0 0 0 0 ccc cc cece een een teen net een e een eeas 125 General Approval Process Info Ticket Functions 0c ccc ccc cece cnet teens 127 Advanced Approval Process Info Ticket Functions 0 cc cece cece cece eee e eens 127 Chapter 10 How to Use Dashboards 129 Configuration Dashboard 22202 a e ciao bed shee ah ace bbes bie GAGs RRR ROEE 129 Contents 7 Audit Card Dashboard a a R R R R cc RN N RN cece cece RAR AR R 130 Compliance DaShbOard lt 5 2o05 0 bebe ede bce beh Bobs AOA ERASE Ee BEES BEEBE Bie ede Big ace 131 Chapter 11 Running Self Service Tasks 133 General Self Service Functions cce e e e e e e e e e e Ree cece c cece sasas een eee cece eneeeseceeeceeeness 135 Test Compliance Hes ee tee etree eave weet ar ee ee ee 135 Suggesting Entities 22 5 2 24420 446464544 4466 248 SOE EEERLBEREERERE EEE EERE AE EEEREREG ERE REELS 137 Manage My Team s Role Assignments 00 cece cece cece errno norner noron teens 140 General Section MMT Role Screen ee enn eee nnr n eee eee eeeeneee 141 Users Table MMT Role Screen lt R N NR R cece cece cece E EEEE EEEE teen E EEE R o 142 Currently Enrolled Roles Table Manage My Roles Screen 00 c cee cece eee ence eeee 143 Other Roles Table MMT Role Screen 0 ccc cece
254. s harm There are various ways of achieving this goal This section presents the CA RCM Portal s solutions for specific security issues This section covers the following topics Turning security on or off Authentication settings m Encryption More information Turning Security On Off see page 258 Authentication Settings see page 259 Encryption see page 259 Chapter 16 About Security amp Permissions 257 Security Turning Security On Off 258 Portal User Guide Software security can have one of two default positions Default Deny Under these conditions everything not explicitly permitted is forbidden While it may improve security it does so at a cost in functionality Default Permit Everything is permitted The advantage of this kind of security operation is that it allows greater functionality and it may be adequate for the initial phases of setting up and testing the system By default the CA RCM Portal s security parameter is set as disabled This means that when a user logs in using a recognized user name the CA RCM Portal will not check the user s permissions no limits will be placed on what is visible to the user The user can see all the menus and menu options and the user can activate and use them all The security parameter located in the eurekify properties file is sage security disable true When this property is set to False the system shifts to the Default Deny position and
255. s to one of the following Glossary 297 m User Role m Resource Indirect Link A circuitous connection between two entities For example A user is linked to a specific role and the role is linked to a specific resource The link between the user and the resource is an indirect link Here are some further examples User Role Resource Indirect link user to resource User Role Role Indirect link user to role hierarchy User Role Role Resource Indirect link user to resource Indirect links are not defined for the case of user to resource to role where the user is linked directly to a resource and a role is linked directly to the same resource The user in this case does not have any kind of link to the role in question Link or Entity Link Refers to a connection between two entities The possible links are user role m user resource m role resource role role hierarchy Links can be categorized as direct links dual links or indirect links Mapping xml A mapping details XML file located in the lt Eurekify home directory gt lt Converter directory gt Use the Eurekify DM module to update Master configuration The original configuration downloaded from the production computer The master configuration presents the real world definitions Model configuration A copy of the master configuration The audit process is run on the model configuration and the resulting updated set of configuration files is comp
256. s will be sent to both the role manager and the resource manager for each rejected role resource link Tickets will be sent to the role manager s for each rejected role role hierarchy link Note The rejection or approval of a link during this process is final and will not be sent for further review Chapter 9 Approval Process Tickets 103 Advanced CMA Ticket Functions 104 Portal User Guide The approval process is started by the current campaign owner When an instruction to begin an Approval Process is given the CA RCM generates a hierarchal Approver Process ticket tree The ticket tree comprises three nodes Approval Root ticket This ticket belongs to the campaign owner Each approval process has only one root ticket Rejected Link Parent Ticket This is a Delete Link Entity1 Entity2 ticket This ticket belongs to the campaign owner This node is the parent of the actual approval process Approver tickets that are sent to the Approvers The number of sub trees of this type present in an approval process tree depends on the number of rejected links being processed Approver Tickets This is a Delete Link Entity1 Entity2 ticket Two tickets of this kind are generated one for each entity manager per each rejected link For example when the rejected link is a user role link then one ticket will go to the user s manager and the second ticket will go to the role s manager Entity managers are assigned as approvers
257. s workflow url http localhost 8080 msWPAdapter xfire TMSRequestsHandler wsdl tms campaign entityLinks Table maxRowPerPage 50 tms configuration mail user DemoV4 CA RCM com tms configuration mail password hasadna8 tms configuration mail server smtp eurekify com tms configuration mail serverPort 25 tms configuration mail useSSL false tms configuration mail from TMS eurekify com tms configuration mail interval 100 Sample Properties File tms configuration mail events createTicket SAGE ApproverTicket create Ticket SAGE Info Ticket create Ticket SA GE EnrTicket onDelegate onCampaignReassign onCampaignNotification tms filter variable delimiter tms filter variable customDelimiter workpoint auditApprovalRootProcess reference AARP workpoint changeRoleResource reference ARRE workpoint changeRoleRole reference ARRO workpoint changeUserRole reference AURO workpoint changeUserResource reference AURE workpoint deleteUserResource reference DURE workpoint deleteUserRole reference DURO workpoint deleteRoleRole reference DRRO workpoint deleteRoleResource reference DRRE workpoint deleteRole reference DROL workpoint updateUser reference UUSR workpoint updateResource reference URES workpoint addRole reference AROL workpoint updateRole reference UROL ws security Idap server adserver ws security manager dn AD1 Administrator ws secutiry manager password eurekify sage security disable true sage security disable ADAu
258. see page 69 View Children see page 90 Chapter 7 Running Campaign owner Tickets 89 Campaign Ticket Advanced Functions View Children 90 Portal User Guide Campaign tickets are set up as hierarchal trees The View Children option allows you to see information concerning all the leaves that are located below the Campaign Ticket This includes all campaign s Approver Tickets You can control the number of records per page listed in the table by using the Records per page option The following fields appear in the View Children table Action The action you can take concerning this ticket For example Select opens the selected ticket in a separate browser window Owner The ticket owner Type The ticket type Status The ticket status Title The ticket title Comments The last comment added to this ticket To view a ticket s children tickets 1 Click Advanced at the bottom of the Ticket Properties Form screen 2 Click View Children A table opens at the bottom of the Ticket Properties Form screen 3 Click Close Children to close the ticket children table Campaign Approver Tickets Campaign Approver Tickets When you create a new campaign you can see all the Approver tickets associated with your campaign as well as the main campaign ticket and your own Approver tickets where relevant The Approver tickets are listed in your ticket queue as branches of the campaign ticket tree Which entity managers are
259. ser Guide Index A Accountable e 38 93 103 173 184 185 187 188 189 190 253 Acknowledge e 53 71 105 115 116 127 179 240 242 Administration s 14 26 29 30 219 229 230 235 243 245 247 249 252 253 254 255 283 Approval Process e 48 50 53 55 56 67 70 84 85 86 87 103 105 106 108 110 112 113 115 116 117 118 120 124 125 127 173 177 179 180 182 183 184 185 188 189 192 193 195 196 198 200 202 203 204 205 245 Approval Process Ticket s 48 50 55 67 105 106 108 110 112 113 117 124 180 Approver e 24 25 27 30 38 44 47 50 53 55 56 60 67 70 85 86 88 90 91 93 94 95 98 101 102 103 105 110 111 112 113 116 119 120 124 125 173 177 180 183 184 185 187 188 191 192 193 194 195 197 198 199 200 203 204 205 206 219 226 253 260 283 Approver Ticket s 27 53 56 60 93 94 95 98 103 120 173 185 192 198 200 204 283 Approver Ticket lt 27 Approver Ticket lt 53 Approver Ticket lt 56 Approver Ticket lt 60 Approver Ticket lt 93 Approver Ticket lt 94 Approver Ticket lt 95 Approver Ticket lt 98 Approver Ticket lt 103 Approver Ticket lt 120 Approver Ticket lt 173 Approver Ticket lt 185 Approver Ticket e 192 Approver Ticket lt 198 Approver Ticket lt 200 Approver Ticket lt 204 Approver Ticket lt 283 Archive e 72 73 84 85 87 106 108 Attachment
260. ser Guide The Violations table provides the following information First The link s first entity Second The link s second entity Third The link s third entity Rule The rule that is being violated Description Provides further details concerning the violation Score The risk as defined for the specific BPR The value is usually between 0 and 100 To run the compliance testing 1 Click Test Compliance The Violations screen opens in a separate browser window 2 Click in the upper right hand corner to close the window General Self Service Functions Suggesting Entities The CA RCM Portal takes advantage of the advanced pattern recognition technology provided by the CA RCM This technology is utilized when you request that a CA RCM Portal s Self Service task provide you with relevant suggestions in various situations For example if you are seeking appropriate roles to add to your team s role assignments using the Suggest Roles service will provide you with a weighted list of roles where the weight is the result of pattern based analysis For further information concerning the weights applied to the CA RCM pattern recognition technology see Error Reference source not found This service is provided for users roles and resources as required The CA RCM Portal bases its suggestions on several available patterns Not all patterns are available for all entities The Suggest Entities service is available when you are requesti
261. ser Role parent ticket ticket Approver Ticket Only one A Link User Role approver ticket Self Service Request Parent A Remove Link Role Resource parent ticket ticket Approver Ticket Only one A Remove Link Role Resource approver ticket Note If the Self Service request included removing links the sub trees generated in stage 2 will include Remove Entity Link type tickets The number of Remove Link Link User Role subtrees depends on the number of entity role requests that were originally submitted If a request was made to enroll 10 users to a role then there will be 10 Link User Role subtrees generated during the second stage of the Self Service Approval Process The Remove Link Link User Role parent and approver tickets are standard tickets More information CA RCM Properties see page 277 Updating Role Definitions see page 170 Running Self Service Tasks see page 133 Manage My Team s Role Assignments see page 140 Self Service Request New Role Parent Ticket see page 195 Self Service Request New Role Approver Ticket see page 198 Chapter 12 Role Definition Tickets 201 Update Role Ticket Tree Self Service Request Update Role Parent Ticket The Self Service Request Update Role Parent ticket is a management ticket generated by the CA RCM portal when a request made using the business process Managing My Team s Roles involves a number of users that exceeds the system threshold While the Approval Ro
262. ser has an average of 10 links to resources and roles you will have a campaign that requires the processing of approximately 100 000 links in order to create the campaign s tickets When this option is disabled you will see a progress bar that shows the percentage of progress at any moment Chapter 15 Using Administration Functions 223 Adding Campaigns To add a certification campaign 1 po ON AHR WN 12 13 14 On the Administration menu click Add Campaign The Certification Campaign screen opens Provide a unique Campaign name Enter a Description In the Due date box enter a date or click the calendar icon and select a date In the Universe list type or select a universe In the Configuration list type or select a configuration Optional In the Audit Card list select an audit card In the Campaign Type list type or select a campaign type Select the relevant Privileges to Certify check boxes Direct Dual Indirect Clear the check boxes you want to disable Optional Select the Only use links from audit card check box 11 Optional Select the Only use links not in audit card check box Note Be sure to select either Only user links from audit card check box or the Only use links not in audit card check box You can select to ignore both options but you cannot enable both Recommended Select the Automatically provision campaign permissions check box Optional Select the Don t wait f
263. ser information for the selected configuration The data and the field names are obtained from the configuration s user database udb Note The highlighted column is predefined and cannot be customized You can click the highlighted Person ID in any record to open that user s User Card More information User Card see page 23 Click on the Roles tab to open the Roles Browser The Entity Browser s Roles Browser shows role information for the selected configuration Note The highlighted column is predefined and cannot be customized You can click the highlighted Role Name in any record to open that role s Role Card More information Role Card see page 24 Click the Resources tab to view the Resource browser The Entity Browser s Resource Browser shows resource information for the selected configuration The data and the field names are obtained from the configuration s resource database rdb Note The highlighted column is predefined and cannot be customized You can click the highlighted Res Name 1 in any record to open that resource s Resource Card Chapter 13 Entity Browser 209 Specific Entity browser More information Resource Card see page 25 210 Portal User Guide Chapter 14 How to Generate Reports Reports provide customized views of role based configurations you create in CA RCM Generate reports to m Track the progress of import export role definition or certific
264. signments a Manage my team s resource assignments a Manage my resource assignments Defining Roles Tasks Includes the role definition tasks Request a new role definition m Request changes to a role definition Note If you find it necessary to run a Self Service task that does not appear in your Self Service menu please report this to your system administrator The CA RCM Portal lets you add links to your favorite Self Service tasks on the Home Page under My Business Processes This section contains the following topics General Self Service Functions see page 135 Manage My Team s Role Assignments see page 140 Manage My Role Assignments see page 147 Manage My Team s Resources see page 152 Manage My Resources see page 159 Defining a New Role see page 164 Updating Role Definitions see page 170 Introducing the Requests Table see page 171 134 Portal User Guide General Self Service Functions General Self Service Functions Test Compliance The Self Service tasks functionality depends on the specific task that you undertake Nevertheless several functions are shared by several tasks This section describes two such functions Test Compliance Suggest Entity It is important to realize that you can use the Suggest Entity service to obtain a list of recommended entities and yet the Test Compliance utility will find that the suggested links are in violation of system BPRs The reason
265. ss the following Online and telephone contact information for technical assistance and customer services Information about user communities and forums Product and documentation downloads CA Support policies and guidelines Other helpful resources appropriate for your product Provide Feedback If you have comments or questions about CA product documentation you can send a message to techpubs ca com If you would like to provide feedback about CA product documentation complete our short customer survey which is also available on the CA support website found at http ca com support CA Product References This document references the following CA products CA Role amp Compliance Manager CA RCM m CA Identity Manager Contents Chapter 1 Introduction 13 About This Guide i04 iccuiecusaceseaees irae case oateee ee caer ey ee eee ces eases sess SESE 13 EITE 14 Typical ProceSSES s 0046 5444445445 464645 446409 SFE4SAERERE ES AEE ERE ta dadada ta de adada ded GREECE 14 Opening the CARCMPortal oct ects asters eaten erates arenes ng neta en eine ars ee ne lne aoe ee ne aetna een 16 Chapter 2 Using The CA RCM Portal Interface 17 User Uet d lt ee TTT 18 General Features N aK E 254425 Ghee beh SEGA SS GEE EES BR GRE BEE GREENE GR ELSE BEGG ERA R EES 18 D ta Table Features ascent scan RR en tens ete a ws toa we tee whee we dun tee vee eee eho RH ee ee 19 The Entity Cards 3 546444544444544 454444854594 844846
266. ssing receive email when finished Create The Campaign Gary specifies the type or campaign and the data involved m He chooses the universe the combination of users role hierarchy and resources that will form the basis for the campaign He can also specify an Audit Card that includes analytical information relating to this universe He also specifies the campaign type campaigns can be focused on users resources or the role hierarchy itself m He selects the access privileges he wants to include for review The campaign shown will include Direct and Indirect links between users and resources and report situations where users and resources are linked by both direct and indirect links Dual As the company is of moderate size and setting up the campaign s Approver tickets can take time Gary chooses to run the campaign definition process in the background The following message appears Campaign Requested Your request was send for execution an email message will be sent upon completion 38 Portal User Guide Running a Campaign A Case Study The CA RCM portal processes the user role and resource information in its active configuration It generates review tasks for each manager of users or resources When the campaign is ready the new user campaign s owner ticket appears in Gary s Ticket Queue when he logs in to the CA RCM portal Role amp Compliance Manager DOMAIN H ill_Gary Log Out
267. structions in Opening the CA RCM Portal see page 16 The CA RCM Portal Home Page opens a Role amp Compliance Manager DOMAIN Hill_Gary Log Out Home Ticket Queue Dashboards lt Self Service Entity Browser Reports Administration v Home State Status Children Type Received Owner Previous Owner oes x 5 A In ian 03 06 2009 Hill Gary l 248 H Initial User Audit User Certification Open Progress 10 Campaign 14 46 11 DOMAIN Hill_Gary My Reports l My Business Processes a a Copyright C 2009 CA All Rights Reserved R12 0 0004 09 05 20 Sipas TTT Magnet CA RCM Portal s home page contains the following main features menu bar Tickets pane Reports navigation bar and Business Processes navigation bar When the CA RCM Portal opens the Tickets pane displays any active new open done tickets More information Presenting the Home Page see page 49 General Features There are several features that repeat themselves in most of the screens you will access while working with the CA RCM Portal 18 Portal User Guide Autocomplete Mandatory Fields User Interface Some of the Portal s screens have fields with an enabled Autocomplete feature This feature provides a data list matching the field requirements from which you can make a selection To view the data list press Down Arrow on your keyboard Fields marked with an orange dot are mandatory Attemp
268. t As CA RCM is a role management product many of the features focus on roles The Role Definition tasks focus on the roles The CA RCM assumes that user updates will come from a relevant source such as a Human Resources database Resource information is collected from the end points during import Chapter 12 Role Definition Tickets 173 Introducing the Requests Table 174 Portal User Guide When a Role Definition task is completed a Requests screen opens This screen has two tables m Attributes m Links The next step is to submit all the requests for review by the relevant entity managers This process is known as an Approval Process Self Service role definition tasks are focused on the system s roles and the possibility of enrolling users in those roles assigning them various resources and creating hierarchal connections between different roles or on the possibility of severing an existing link between a role and another entity Therefore during the Approval Process review tickets are generated for both the role and the linked user resource role hierarchal This process is started by the manager who made the Self Service request the Self Service Manager When an instruction to begin an Approval Process is given the CA RCM generates a hierarchal Approver Process ticket tree While for most Self Service provisioning tasks the ticket tree is generated at once and the task managers and link approvers can work with their ticke
269. t roles This is a hierarchal link of the type role to role Users who are members of the parent role listed in this table are automatically members of the sub role the current role and therefore provisioned with all the sub role s privileges RACI Resource Card Provides the name of the user who is Accountable for this role This is the user who will be listed as the Approver when this role is being audited or when a change has been requested for this role Resource cards present all the information concerning the specific resource that is available in the selected Universe s configuration files a Role amp Compliance Manager Z PUBLIC RACFTEST RACF22 77292450 Res Name 1 Res Name 2 Res Name 3 Location Configurtion Organization master_w_emails PUBLIC RACFTEST RACF22 ManagerID Owner 77292450 Test RACF Test RACF Roles Users gaci Role Name ADMNMGR FINAR FINGL FINMGR MARKBP RACFPROD RACFTEST Description Organization Sage Role Sage Role Sage Role Sage Role Sage Role Organization Finance Characteristic Role 80 Automation amp document management Org Role Automation amp document management Org Role Title Accountant Characteristic Role 50 Customize Filter IT IT IT IT IT Finance Production Production Title Accountant Chapter 2 Using The CA RCM Portal Interface 25 Menu Bar Menu Bar
270. tains DisplayName Organization OrganizationType S Yoham Anne DOMAINYYoham_Anne Silicon Valley Branch Branches Sharon Johnson DOMAIN Sharon_Johnson Fifth Ave Branch Branches German Tom DOMAIN German_Tom Fifth Ave Branch Branches More Cathrine DOMAIN More_Cathrine Finance Corporate Herman Barbara DOMAIN Herman_Barbara Operations Corporate Godheart Dan DOMAIN Godheart_Dan IT Security Corporate Ester Roger DOMAIN Ester_Roger Operations Corporate Garr Jim DOMAIN Garr_Jim Marketing_Dept Corporate Deer Alex DOMAIN Deer_Alex Fifth Ave Branch Branches Pia 4 L To narrow down the number of users to choose from Gary selects the filter Where Organization contains Silicon Valley Branch the filter is case sensitive For more information on using the filter options see Filtering a Data Table see page 20 Gary reassigns Allen s users to Robert Mills a Ticket Properties Form Campaign Manager Approver Ticket Id 507 Owner Allen Sherman Due Date 19 06 2009 00 00 00 Status Completed Title User Certification Allen Sherman Initial User Audit More To set all the entities in this ticket press one of vx 1 2 of 2 Progress Violations Person ID User Name Organization Organization Type Comment 56 99883110 Bean Frank Purchasing Corporate 93 86023090 Sterling Kent Badal Corporate esources Approve
271. that will appear in the Other Resources table Find Resources Opens the Select Resources filter screen to assist you in locating specific resources Test Compliance Checks whether the selections made in the Other Resources table comply with existing policies and BPRs Business Process Rules Suggest Resources Provides a list of possible resources based on the CA RCM pattern recognition technology Chapter 11 Running Self Service Tasks 157 Manage My Team s Resources 158 Portal User Guide This table presents you with several options R You can manually select one or more resources that you wish to link to the selected users R You can use the Find Resources filter option to find specific roles and then make a selection from the filtered list of resources R You can click Suggest Resources and use the information provided by this feature to link resources to the selected users After making your selection s you can test the compliance of your selections with the existing BPRs and policies You can decide to make the request despite any listed violations or you can amend your selections Important Remember that when selecting multiple users all resource related choices apply equally to all the users If at any point you alter the selected users click Get Resources again To link resources to selected users 1 In the Manage My Team s Resources screen scroll down to the Other Resources table 2 Optional Cli
272. the CA RCM Properties page enter a name of a property key or part of one in the filter text box located below the Properties table Click Apply Filter The Properties table presents only keys that match your filter criteria 2 Click Edit next to the property key that you want to change The Edit Property screen opens Enter a Property Value in the text box 4 Select a database Type from the drop down list 5 Click Save The updated property appears in the Properties screen table Chapter 15 Using Administration Functions 251 CA RCM Configuration Settings CA RCM Configuration Settings 252 Portal User Guide The CA RCM master configuration handles user access to the CA RCM Portal A user has access to the CA RCM Portal only if they are listed in the CA RCM configuration eurekify cfg which is actually the configuration of internal CA RCM permissions When you add a new Universe to the system prior to updating the RACI configurations you have to make sure that all the users associated with the Universe via the configuration have access to the CA RCM Portal This is necessary since the users listed in the universe s configuration may need to access the portal to perform self service tasks users or approval tasks managers or certifications tasks managers This process is also important when new users have been added to the universe s configuration As all persons in an organization probably already have accounts on
273. the Requests Table 172 Portal User Guide When generating a new role or updating an existing one other tickets will be generated as needed 1 Optional Click Back to return to the previous screen to amend your selections 2 Click Submit to generate the Self Service request tickets The Requests Sent screen appears The Requests Sent screen lists the new ticket ID the ID of the ticket owner s root ticket You can view the new ticket tree in the Ticket Queue More information Running Self Service Tasks see page 133 Role Definition Tickets see page 173 Chapter 12 Role Definition Tickets This chapter is designed for managers who can run Self Service based Approval Processes and for entity managers who may receive Approver tickets as part of the Self Service approval process Self Service requests can be divided into two basic types Provisioning tasks Manage my team s role assignments Manage my role assignments a Manage my team s resource assignments a Manage my resource assignments Role definition tasks m Request a new role definition m Request changes to a role definition While the tickets generated by both types of tasks are similar they do not behave in the same manner and therefore they are described separately The ticket functions work the same irrespective of the ticket where you find them for example a Consult utility works the same even if the ticket type providing the service is differen
274. the following Advanced functionality Add Comment Manually add a comment to the ticket Add Attachment Add an attachment or URL to the ticket View Transaction Log The transaction log provides a history of the ticket related actions executed since the creation of the ticket View Parent Opens the current ticket s parent s ticket View Initiators View of list of the users who launched this ticket Click any of the functions to access data connected with the info ticket Chapter 9 Approval Process Tickets 127 Approval Process Info Tickets 128 Portal User Guide More information Add Comment see page 68 Add Attachment see page 69 View Transaction Log see page 69 View Parent see page 111 View Initiators see page 111 Chapter 10 How to Use Dashboards Dashboards use graphs and charts to provide a useful overview of role based configurations and the results of statistical and rule based analysis There are three standard dashboards The Configuration Dashboard describes the connections between users roles and resources in a selected configuration universe m The Audit Card Dashboard summarizes alerts generated by statistical analysis of a configuration The Compliance Dashboard summarizes alerts generated by applying Business Policy Rules BPRs to a configuration This section contains the following topics Configuration Dashboard see page 129 Audit Card Dashboard see page 130 Compliance
275. the list of your current roles within the universe s configuration The Currently Enrolled Roles table for the Manage My Roles task provides only option to select a Remove check box next to a role thereby severing the link between you and the selected role The Currently Enrolled Roles table provides the following functionality Add A column of check boxes one per role This column is inactive in this screen Remove A column of check boxes one per user Check one or more to remove the link between the selected users and the selected roles Role Name Click any highlighted role name listed in this column to open its Role Card Depending on the type of action you wish to take you may find that after selecting the appropriate check boxes in this section you have completed the task In this case you can ignore the instructions in the Other Roles and submit your requests by clicking Submit at the bottom of the Manage My Roles screen To make selections in the Currently Enrolled Roles table in the Currently Enrolled Roles table click the relevant check boxes in the Remove column At this point you can choose to End the process at this point Add roles If you do not want to add new roles submit your requests More information Other Roles Table Manage My Role Screen see page 150 Chapter 11 Running Self Service Tasks 149 Manage My Role Assignments Other Roles Table Manage My Role Screen 150 Portal User Guide
276. the number of children will increase to include the number of discrete requests made during the original Role Definition request plus whatever individual tickets were generated along the way Role Definition Main Request Parent Ticket The Role Definition Approval Process supports two different Main Request Parent tickets Add Role Main Parent ticket When a new role is generated this is the main parent ticket Below it you will find the Task ticket used to select the role s accountable the role managers approver ticket and the set of subtrees generated for each request listed in the original Requests table Update Role Main Parent ticket When a request is made to update a role definition this is the main parent ticket Below it you will find the role managers approver ticket and the set of subtrees generated for each request listed in the original Requests table Both ticket types provide you with the same management functionality They differ in the content of the individual Main Parent ticket In this section you will find information specific to the Request Parent tickets generated for Self Service provisioning requests lt Ticket Title gt According to source of the request either Add Role or Update Role Title Title Role For example New Role Corporate Security Description Description Role For example Update Role Organization Marketing_Dept Use this ticket s functionality when you wish to transfer the appro
277. the ticket Add Attachment Add an attachment or URL to the ticket View Transaction Log The transaction log provides a history of the ticket related actions executed since the creation of the ticket View Parent Opens the current ticket s parent s ticket View Initiators View of list of the users who launched this ticket View Violations This button is disabled View Entity Opens the entity s card Two buttons are provided one for each side of the link under review View Consult Results This button appears only when the Consult service has been activated More information Add Comment see page 68 View Transaction Log see page 69 Add Attachment see page 69 View Initiators see page 111 View Parent see page 111 View Entity see page 113 View Consult Results see page 125 Chapter 12 Role Definition Tickets 199 Update Role Ticket Tree Update Role Ticket Tree The Update Role Ticket tree is generated following one of two tasks m Inthe case of where a request is made to update a role s definitions when the Self Service manager made a request to add links to the specific role When only requests to remove links have been made the Update Role ticket tree that is generated follows the standard format for other Self Service ticket trees Inthe special case of Manage My Team s Role Assignments when the number of users selected to enroll in a role is greater than the system threshold a differ
278. thentication true sage security disable ss ADAuthentication true sage security eurekify keyStore file Uncomment this property to specify a different directory for the audit parameters default is EUREKIFY_HOME conf audit parameters audit parameters dir raci configuration separator _ raci sageMaster udb defualtCustomFields Manager D Title approvals duePeriod default 5 approvals configuration mail user DemoV4 CA RCM com approvals configuration mail password abcd1 234 Appendix A CA RCM Properties 279 Sample Properties File 280 Portal User Guide approvals configuration mail server smtp company com approvals configuration mail serverPort 25 approvals configuration mail useSSL false approvals configuration mail from TMS eurekify com approvals configuration updateRole minimumLinks 4 approvals configuration sendExternalMails true approvals configuration max ticket property length 2000 format date display dd MM yyyy HH mm ss bpr risk low 30 bpr risk med 50 bpr risk high 70 browser universe default Demo1 default role types Business Role Organizational Role Functional Role Application Role Technical Role Location Role Provisioning Policy Role approvals configuration webservice retry count 3 approvals configuration webservice retry delay seconds 30 tms workflow retry delay seconds 120 reports baseUrl httpy localhost 8080 viewer frameset __report report Nnd of properties file
279. tical information will be drawn to generate the report The drop down lists all audit cards associated with the specified configuration file Min Score Chapter 14 How to Generate Reports 213 Parameters and Filters for Report Generation 214 Portal User Guide Specifies a threshold for including information in the report This filter is applied to the audit card specified by the Audit Card parameter Audit criteria with a score lower than the threshold are not included in the report Use this filter to exclude audited conditions that are not prevalent or significant in the specified configuration From Alert ID To Alert ID Specifies a range of Alert IDs to include in the report The drop downs show existing Alert ID values in the audit card specified by the Audit Card parameter Alert Type Specifies an analytical alert that is used as a filter Only alerts of the type specified are included in the report The drop down shows all the standard analytical alerts that are present in the audit card specified by the Audit Card parameter From Date To Date Specify a time based filter for audit card data The report includes only analytical alerts that were recorded in the specified time frame This filter is applied to the audit card specified by the Audit Card parameter Use the following parameter with the Policy Verification Report for business rules Policy Specifies a Business Policy Rule BPR file used to filter report data
280. ticket for review to another Approver Therefore you as an Approver ticket owner can reassign any link listed in your Approver tickets When the reassignment process is completed a notice is sent automatically to both your email inbox and to the Approver who was reassigned the link Campaign owners can also decide to reassign links listed in specific Approver tickets so that they will now appear in the newly assigned entity manager s ticket The Approver who was reassigned the link will see the relevant ticket in his her ticket queue When you click the Save and Reassign button any changes already made to the ticket are saved Then the Find Reassign Users screens opens in a separate browser window Auditing Links The screen is divided into of two sections m Users Filter List of possible approvers The list of users provided in this screen is governed by the following property tms campaign entity Certification reassign filter GFilter specific filter Once you select the user to whom you intend to reassign the link the gt appears next to the selected row in the entity table You can view the reassignment details in a ToolTip that appears when you move the pointer over the gt icon The target user can view the reassignment details as a ToolTip marked by i which is located in the column Note You can reassign all the links listed in a specific link table at once by clicking the column label for that link table
281. tickets and tickets that were generated by you even though they have a different owner The columns are customizable The Ticket Queue menu provides a set of display filters The available filters are Open New Done Presents tickets whose state is Open New or Done New Tickets Presents new tickets Overdue Tickets Presents the tickets whose end date has already passed Approver Tickets Presents the current user s Approver tickets This is most relevant to Administrators who can view their own tickets and the Approver tickets associated with campaigns they own Campaign Tickets Presents Campaign tickets Archived Tickets Presents tickets that were sent to be archived After selecting a display mode from the menu you can interact with the tickets You can Expand a closed ticket tree Collapse an open ticket tree Click the owner s hyperlink to view the owner s data card R Sort the table based on one of the table s columns m Click the ticket title and open the Ticket Properties Form in a separate browser window Here you can perform various operations depending on the ticket type More information Sorting a Data Table by Column see page 21 Main Screen Layout see page 61 Main Screen Operations see page 62 Ticket Tables Main Screen Layout The Ticket Queue screen contains the following main features Menu Bar Provides the Ticket Queue functionality Ticket table Presents the various tickets
282. ting one see m Create a new Property key Edit an existing property key To access the Common Properties page 1 On the Administration menu click Settings The list of available options appears 2 Click Common Properties Settings The CA RCM Properties Page screen opens More information Creating a New Property Key see page 249 Editing a Property Key see page 250 Creating a New Property Key Property keys are defined and provided as part of the CA RCM product out of the box At times you may find it necessary to add a new property key to the CA RCM property file The Properties Settings utility makes this easy to do When you want to create a new property key you have to enter the key before you click Create New If you do not you will receive the following message cannot create a property with a null empty key GENPRPOO3 Chapter 15 Using Administration Functions 249 Properties Settings After you enter the new property key name and click Create New the Edit Property screen opens Save is disabled The reason is that for security reasons when you edit a property key the change is not saved directly to the properties file Instead the updated property key value is saved to the CA RCM database The CA RCM Portal provides you with two databases to store your update key values DB_dynamic_properties The change is immediate You do not have to wait for the server to go offline to update the property
283. ting to go to the next stage of a process without filling in these fields causes an error message to be displayed next to each vacant field Data Table Features When appropriate the CA RCM Portal displays data in table format data table This is true for entity for example user role resource data and for tickets that are generated as you work with the CA RCM Portal There are several features that repeat themselves for most of the data tables that you access while working with the CA RCM Portal Customizing a Data Table The Customize option is available for both Entity tables where it appears at the bottom of the data table and in the Ticket Queue Customize This option allows you to select which fields appear as columns in the data table To customize a data table 1 Click Customize A Select Fields for lt Entity gt screen opens in a separate browser window 2 Inthe Available Fields left hand panel select one or more using Ctrl Shift of the listed fields 3 Click the right arrow button to transfer the selected field s to the Selected Fields panel 4 Optional To change the order of the fields listed in the Selected Fields panel select a field and click the down arrow or up arrow button 5 To remove a field from the Selected Fields panel select the field and click the left arrow button 6 When you finish making your selections click OK The selected fields will now appear in the relevant entity table
284. tion concerning the current ticket and the rest of the tickets in the tree More information The Ticket Properties Form see page 65 Chapter 9 Approval Process Tickets 117 Rejected Link Parent Ticket Rejected Link Parent Ticket General Functions 118 Portal User Guide The Rejected Link Parent ticket provides the following General functionality Close Closes the ticket Save Saves the changes made to the ticket Delegate Transfers the ticket tree to another manager Escalate Transfers the ticket tree to another manager Cancel Process Allows you to manually stop the Approval Process at any stage More information Delegate see page 108 Escalate see page 106 Cancel Process see page 115 Rejected Link Parent Ticket Rejected Link Parent Ticket Advanced Functions The Rejected Link Parent ticket provides the following Advanced functionality Add Comment Manually add a comment to the ticket Add Attachment Add an attachment or URL to the ticket View Transaction Log The transaction log provides a history of the ticket related actions executed since the creation of the ticket View Parent Opens the current ticket s parent s ticket View Initiators View of list of the users who launched this ticket View Children Opens a table which provides you with information concerning all the nodes leaves that are located below the current ticket For the Reject Link Parent ticket this means that you can view infor
285. tion field error parsing maxduration field please use integer values missing connector client class to use missing work flow process missing ticket type please enter all audicard names name 0 appears more then once please enter all audicards audicard 0 appears more then once audicard 0 has no bpr alerts no match was found new error ticket title 3 a error ticket id the property 0 already exists an un encrypted property 0 is already exists please remove it first can not create a property with a null empty key failed to authenticate user invalid user name password failed to connect to authentication service please contact system administrator incorrect password for admin user Field loginpage userauthentication failed sagebatch e rrcode loginpage userauthorization failed errcode internalerrorpage label infoil errcode internalerrorpage label info2 errcode sagemaster headers foundconflicts errcode sagemaster headers countduplicates errcode selfservice error loading bpr errcode selfservice error finding bpr errcode selfservice error finding universe errcode selfservice error starting approval errcode selfservice validate descriptionrequired errcode selfservice validate nouserisselected errcode selfservice validate norequestsmade errcode selfservice validate missingraciconfigurations er rcode selfservice validate errorgettingraciconfiguratio ns errcode
286. tions Only use links from Audit Card The Campaign Approver tickets will only display links that are listed in the Audit Card This is very useful if you wish to run a campaign that reviews only links that have been determined to be violations of system rules Only use links not in Audit Card The Campaign Approver tickets will only display links that are not listed in the Audit Card This is very useful when the Audit Card represents authorized violations and by filtering them out you are saving time as you do not want the approvers to re examine and certify these links Chapter 15 Using Administration Functions 227 Start Approval Process from DNA Start Approval Process from DNA There is a possibility to create an AuditCard in the CA RCM DNA module that reflects changes between two configurations the pre configuration and the post configuration along the lines of master and model and then submit the audit card for approval to the CA RCM Portal As a result an approval ticket tree will be generated similar to what happens when performing Self Service tasks However as opposed the Self service originated approval tickets and Campaign originated approval tickets DNA originated approval tickets are not automatically started and you have to click Start Process The former two types always appear in the ticket queue as In Process and hence Start Process is disabled Setting a Universe A universe refers to a specific Maste
287. tions a View Initiators a View Violations a View Entity a View Entity2 View Consult Results toggle More information Advanced Ticket Functions see page 67 The View Initiators button opens the View Initiators list in a separate browser window This list in table format provides the sequence f users who that launched this post campaign Approver Process ticket For example you can find here the name of the campaign owner When a ticket has been delegated or escalated you can view the list of users who received ownership of the ticket The information provided by the View Initiators table is based on the campaign s configuration files To view the ticket s initiator list 1 Click Advanced at the bottom of the Ticket Properties Form 2 Click View Initiators The View Initiators table appears in a separate browser window 3 Click Close to close the View Initiators window Post campaign Approval Process tickets are set up as hierarchal trees The View Parent option provides you with quick access to the current ticket s parent ticket When you click View Parent in the Ticket Properties Form s Advanced functions section the parent ticket opens in a separate browser window For the Approval Process ticket tree this means that you can view the parent tickets for the Request Parent ticket and for each Approver ticket Click View Parent to open the current ticket s parent ticket in a separate browser window Chapter 9 Ap
288. tration gt lt type gt mark lt type gt lt label gt Administration lt label gt lt data gt com eurekify web AdministrationPage lt data gt lt checkPermission gt true lt checkPermission gt lt tag id SetCampaign gt lt type gt internal lt type gt lt label gt Add Campaign lt label gt lt data gt com eurekify web campaign SetCampaignPage lt data gt lt checkPermission gt false lt checkPermission gt lt tag gt lt tag id ScheduledTasksPage gt lt type gt internal lt type gt lt label gt Job Scheduler lt label gt lt data gt com eurekify web ScheduledTasksPage lt data gt lt checkPermission gt true lt checkPermission gt lt tag gt lt tag id TxLogPage gt lt type gt internal lt type gt lt label gt TxLog Page lt label gt lt data gt com eurekify web TxLogPage lt data gt lt checkPermission gt true lt checkPermission gt lt tag gt lt tag id LoadCachePage gt lt type gt internal lt type gt lt label gt Load Cache lt label gt lt data gt com eurekify web LoadCachePage lt data gt lt tag gt lt tag id ClearCachesPage gt Appendix B Portal Structure XML 289 Sample Portal Structure XML lt type gt internal lt type gt lt label gt Clear Cache lt label gt lt data gt com eurekify web ClearCachesPage lt data gt lt tag gt lt tag id CreateRaciPage gt lt type gt internal lt type gt lt label gt Create RACI lt label gt lt data gt com eurekify w
289. trator View USER VIEW so seca Y R E a N ST T R SEESE TE tet eae gre ea The Ticket Properties Form ccc ce eee eee eee nent eet eee e eee e ee eneee General Ticket FUNCTIONS 40 0 0 6tscesesd ses quaed EE EEE EE EEE E EE E ees guess vaoeeees Advanced Ticket Functions seser esn snn r rnrn rnrn erreneren r arrr r rrr Os ere s s ccs devon ene hts ESEE E E EEE es Bo Oe ew ee es EEE eee a oa oe wees RECEIVING AN TAFO TICK Ob eas sesso E 9 KR RER Ben SR RAR FS RR BR SORES RR FORE BR Bok SERRE EE ERSTE ESSE General Info Ticket Functionality 0 ccc ccc cee cece cent eee ene eeeeas Delegating an I mro TCk ets acts cache bee eh ec ec ce ec et ce Escalating an Info Ticket 2 0 0 nnn tne e ete teen net e cnet teenies Advanced Info Ticket Functionality e e e e ccc ccc ccc cece nce e eee ene ee eee eeeees Chapter 7 Running Campaign owner Tickets Campaigns TieketiDatan seers ct E eae oe se Ee oe Na a a E E a aes cate aati Ticket Data Campaign ccc nee ne ene ete eee eee ene een ete etn eens General Data Campaign RRR EREE ERER TEASEE EEEE EEE EATER EECA EEEE EERE Advanced Campaig in 6 KE 0 ER 6 0 ER R RRR God ceed bck gp cheb R E E RRR G G General Campaign Ticket Functions 0 ccc cence enn t eee n eee teen eens Delegating a CampalgM 20 sone sensi staat natonete hetero tes tae te satosete te tesetesetes Escalating a Campaign 44 644 444444454444454444464 8484844844 644845494544 8448444444448 4444484
290. ts directly Self Service Role Definition task tickets are generally generated in stages Add Role stages Stage 1 Select Accountable A Task ticket sent to the Self Service task manager Stage 2 Role Approver An Add Role ticket sent to the Role manager Stage 3 Link Approval Process sub trees One Link Entity Role parent and one Link Entity Role approver ticket for each request made during the original Self Service task The parent ticket is always assigned to the Role manager Update Role definition stages Stage 1 Role Approver An Update Role ticket sent to the Role manager This ticket is generated only when a request to Add entities is made Stage 2 Approval Process sub trees One parent and one approver ticket for each request made during the original Self Service task The request can be to either add a link or remove a link between the role and another entity The parent ticket is always assigned to the Role manager Introducing the Requests Table The ticket tree generally comprises four families of tickets Approval Root ticket This ticket belongs to the Self Service manager Each approval process has only one root ticket Main Request Parent ticket This ticket type depends on the type of request made during the role definition task There are two possible sources for this ticket Add Role Parent ticket When a new role is generated this is the main parent ticket Below it you will find the Task ticket used to s
291. u for your cooperation Role Management Team More information Running Campaign owner Tickets see page 75 Chapter 4 Showcasing the CA RCM Portal 43 Running a Campaign A Case Study Examining a User s Links When Robert Mills receives his email he logs in to the CA RCM portal An approver s ticket is waiting in his Ticket Queue It shows the review tasks he must perform as part of the campaign a Ticket Properties Form Campaign Reassigned Approver Ticket Id EES Owner Miis Robert DOMAIN Mills Robert Due Date 070672009 00 00 00 Status Pending Action Title User Certification Allen Sherman Initial User Audit Reassigned From Allen Sherman To set all the entities in this ticket press one of vx 1 2 of 2 Jz Iv x gt Progress Violations Person ID User Name Organization Organization Type Comment Hood o 11 56 99883110 Bean Frank Purchasing Corporate i oe i Human D D D 0 3 93 86023090 Sterling Kent Resources Corporate Approver Progress l 0 14 0 Save and Reassign Hide Selected Save Close 44 Portal User Guide Running a Campaign A Case Study In this case the ticket shows the two users that were originally assigned to Allen Sherman To see further details about the links to be reviewed Robert expands the sections of the ticket CA Ticket Properties Form Campaign Reassigned Approver Ticket Id p28 Owner
292. urce name you can open the linked entity s data card More information Customizing a Data Table see page 19 Setting the Number of Records Per Page see page 20 User Card User Interface User cards present all the information concerning the specific user that is available in the selected Universe s configuration files It also includes separate lists under discrete tabs of the user s linked Roles and Resources in table format The User Card also includes separate lists tabs one for the user s linked Roles and one for the user s linked Resources as shown in the following two screens a Role amp Compliance Manager amp Rodman Adam 52656727 Configurtion master_w_emails Person ID 52656727 Name Rodman Adam Organization System Management Organization Type Corporate Country US Location Pennsylvania Title Developer Cost Center 24123 Manager ID 54672910 E Mail benjo14 ca com Login ID DOMAIN Rodman_Adam Resources Role Name Description Type Organization BASIC ROLE New Role Org Role Enterprise Organization System Management Characteristic Role 80 System Management SYSGNRL Sage Role IT SYSUNIX Sage Role IT UGRKSYS Automation amp document management Org Role Production Customize Filter Chapter 2 Using The CA RCM Portal Interface 23 User Interface Role Card 24 Portal User Guide a Role amp Compliance Manager Role cards pr
293. val Process ticket tree then the complete sub tree will now be listed in the new owner s Ticket Queue If you choose to escalate an Approval Process root ticket the whole tree will now be visible in the new owner s Ticket Queue General Approval Process Ticket Functions To escalate a ticket you have to select a user from the list of appropriate users The Find Escalate Users screen is divided into two sections The filter Located in the window s header The filter lets you narrow down the list of proposed approvers The proposed users This table presents a pre filtered list of users who can receive the escalated approval task s This list can be filtered to aid in finding a specific user The names listed in the proposed users list are governed by several default property filters of the type tms escalate filter To escalate a ticket 1 Click Escalate in the ticket s Ticket Properties Form The Find Escalate Users screen opens 2 Select a name from the list You can use the filter option to reduce the number of records listed in the table 3 Click OK The Executing bar appears The original ticket is archived and its status is set to Escalated A new ticket is generated The ticket appears in the target user s Ticket Queue More information Add Comment see page 68 Filtering a Data Table see page 20 CA RCM Properties see page 277 Chapter 9 Approval Process Tickets 107 General Approval Process Tick
294. val process tree to the management of another user or to cancel the approval process You can use the options in the ticket s Advanced section to access additional information concerning the current ticket and its parent and child tickets Click the ticket title to open the Ticket Properties Form in a separate browser window This section covers the following topics m The Role Definition Main Parent ticket s General functions m The Role Definition Main Parent ticket More Details section m The Role Definition Main Parent ticket s Advanced functions Chapter 12 Role Definition Tickets 181 Role Definition Main Request Parent Ticket More information The Ticket Properties Form see page 65 Main Parent Ticket General Functions Role Definition see page 182 Main Parent Ticket Details Section see page 182 Main Parent Ticket Advanced Functions Role Definition see page 183 Main Parent Ticket General Functions Role Definition The Role Definition Main Parent ticket provides the following General functionality Close Closes the ticket Save Saves the changes made to the ticket Delegate Transfers the ticket tree to another manager Escalate Transfers the ticket tree to another manager Cancel Process Allows you to manually stop the Approval Process at any stage More information Escalate see page 106 Delegate see page 108 Cancel Process see page 115 Main Parent Ticket Details Section
295. values DB_static_properties The change will take place the next time that the server is restarted To create a new property key 1 Inthe CA RCM Properties page enter a name of a property key in the text box under Properties 2 Click Create New The Edit Property screen opens 3 Enter a Property Value in the text box 4 Select a database Type from the drop down list 5 Click Save The new property appears in the Properties Editing a Property Key 250 Portal User Guide Following system changes you may need to update the value of a property key For example if you change the name of the SMTP email server used by your corporation to send out emails When you click Edit next to an existing property key the Edit Property screen opens Properties Settings When editing an existing property the source of the property is listed in the Type drop down Save is disabled The reason is that for security reasons when you edit a property key the change is not saved directly to the properties file Instead the updated property key value is saved to the CA RCM database The CA RCM Portal provides you with two databases to store your update key values DB_dynamic_properties The change is immediate You do not have to wait for the server to go offline to update the property values DB_static_properties The change will take place the next time that the server is restarted To edit a property key 1 Optional In
296. vigation bar header click 1 The Select Links for Business Process screen opens in a separate browser window In the Available Links left hand panel select one or more using Ctrl Shift of the business process links Click to transfer the selected link s to the Selected Links pane Optional To change the order of the listed links in the Selected Links pane select a link and click uom To remove a business process link from the Selected Links pane select the link and click When you have finished making your selections click OK The selected links appear in the Home page Business Processes navigation bar More information Running Self Service Tasks see page 133 Chapter 6 Tickets and the Ticket Queue Tickets have a unique place in the CA RCM CA RCM Portal tickets are work items and they are used to transfer data run campaigns certify roles update privileges and more The Ticket Queue menu provides a series of filtered display options allowing you to view filtered lists of tickets in table format in the Ticket Queue window The available filtering options provided by the Ticket Queue menu are Open New Done Tickets New Tickets m Over Due Approver Tickets Campaign Tickets m Archived Tickets Administrators can see their own tickets and also tickets assigned to their team s campaign tickets that are associated with campaigns they created and approval process tickets associated with th
297. vilegesStatisticsForRolesParametersPage lt data gt lt checkPermission gt true lt checkPermission gt lt tag gt lt tag id PrivilegesStatisticsReportForResources gt lt type gt report lt type gt lt label gt Privileges Statistics For Resources Report lt label gt lt data gt com eurekify web reports parameters universeconfigurationreports PrivilegesStatisticsForResourcesParametersPa ge lt data gt lt checkPermission gt true lt checkPermission gt lt tag gt lt tag id AuditBasicAlerts gt lt type gt report lt type gt lt label gt Audit Basic Alerts lt label gt lt data gt com eurekify web reports parameters auditalerts AuditBasicAlertsParametersPage lt data gt lt checkPermission gt true lt checkPermission gt lt tag gt lt tag gt lt tag id RoleManagement gt lt type gt internal lt type gt lt label gt Role Management lt label gt lt checkPermission gt true lt checkPermission gt lt tag id RolesAnalysisReport gt lt type gt report lt type gt lt label gt Roles Analysis Report lt label gt lt data gt com eurekify web reports parameters roleanalysis RolesAnalysisParametersPage lt data gt lt checkPermission gt true lt checkPermission gt lt tag gt lt tag id RoleEngineeringMethodologies gt lt type gt report lt type gt lt label gt Role Modeling Methodologies Comparison lt label gt lt data gt com eurekify web reports parameters roleengineering RoleEngineeringParametersPage lt d
298. wo entities You can use any of the ticket s functions to find out more information or perform any related task This section covers the following topics Approver tickets General functions Approver tickets Advanced functions More information Reject see page 123 Approve see page 123 Approval Process Approver Tickets Approver Tickets General Functions Consult The Approval Root ticket provides the following General functionality Close Close the ticket Save Saves the changes made to the ticket Delegate Transfers the ticket tree to another manager Escalate Transfers the ticket tree to another manager Consult Allows you to request a consult from one or more managers When you activate this service a View Consult Results button appears in the Advanced functions section of the Ticket Properties Form Approve Approve the request to delete the link between the two entities Once approved the link is severed Reject Reject the request to delete the link between the two entities This means that the link will not be severed More information Delegate see page 108 Escalate see page 106 Approve see page 123 Consult see page 121 Reject see page 123 You can use the Consult utility to send a request for a consult concerning a link that you are reviewing during an Approval Process You can consult more than one user at a time You also don t have to wait for an answer to your request before you
299. xml file and the mapping xml file for this converter For more information see the lt ro e gt Data Management User Guide Import client name Provide a name for the import connector Description Provide a description of the import connector its use timing etc Chapter 15 Using Administration Functions 235 Setting Connectors 236 Portal User Guide Universe Provide the name of the universe to be associated with this import connector The data obtained through this connector will be downloaded into the universe s master configuration files In the case of a first time download and there are no pre existing configuration files the import process will create the configuration files Settings XML file Create this file in the CA RCM DM module It is usually located in the directory lt CA RCM Home Directory gt lt Converter Directory gt The installation provides a default defaultsettings xml file For more information see the CA RCM Data Management User Guide Mapping XML file Create this file in the CA RCM DM module It is usually located in the directory lt CA RCM Sage Home Directory gt lt Converter Directory gt The installation provides a default mapping xmI file For more information see the CA RCM Data Management User Guide Enrichment settings file Optional The data is usually downloaded from a specific endpoint You can enrich the original data by adding additional information from a second source For
300. y is a violation connected to an entity or to a link It is possible to edit an Audit Card in the DNA module adding instructions to either fix a violation or approve one For further information see the CA RCM DNA User Manual Children Ticket type specific The number of children listed for any campaign ticket denotes the number of Approvers assigned to the campaign The number of children listed for an Approver ticket is the number of entities the specific approver has to audit where entities refers to the campaign type user role or resource certification Configuration A CA RCM proprietary data structure that holds a snapshot of the definitions of users resources and roles if available as well as the relevant relationships privileges between them Connectors Connectors use the converters to access the production computer for both download and upload processes There are separate connectors for import and export procedures defaultSettings xml A connection details XML file located in the lt CA RCM home directory gt lt Converter directory gt Use the CA RCM DM module to update Direct Link An uninterrupted connection between two entities For example a user to resource link Dual Link Refers to the case when both a direct link and an indirect link exist For example A user is linked directly to a specific resource and at the same time the user is linked to a role that is linked to the same resource Entity Refer
301. you have finished your selections in the selected Self Service screen and have clicked Submit the Requests screen appears This screen summarizes the requests you have made while performing the Self Service task Depending on the Self Service task the Request screen may contain additional information For example when generating a new role request the Requests screen will also include the Attribute data for the new role The columns in the Links table provided in this screen depend on the type of Self Service request you have just processed Highlighted data gives you access to the relevant entity cards and further information This information always includes the following two columns Request Presents the nature of the Self Service request The options are Remove or Add Violations Presents the number of violations associated with the specific request Click on the number to view further details At this point the CA RCM Portal supplies you with two functions Back To return to the previous screen and edit your selections Submit Sends your request to the CA RCM for processing The Generating Tickets progress bar appears In the case of provisioning type Self Service tasks if no errors are found a Self Service ticket tree will be generated and placed in your ticket queue For each request listed in the Request table one branch appears in the Self Service ticket tree Chapter 11 Running Self Service Tasks 171 Introducing
302. ystem comments that may be added during a ticket s life cycle for example during a campaign a comment is added when a campaign is delegated All the comments appear in the Comments table The Comments table provides the following information Received Provides the date when the comment was generated Owner The name of the user who generated the comment Note The content of the comment Next to each comment you can see an X Click X to delete the comment The Add Comment screen contains two fields Owner Lists the name of the note owner Note Free style text To add a comment 1 Click Add Comment The Add Comment screen opens 2 Enter the comment you want to make in the Note field 3 Click Save The Executing bar appears The new comment appears in the Ticket Properties Form s Comment table The Ticket Properties Form Add Attachment View Transaction Log An advanced ticket feature that allows you to attach a file or URL to a specific ticket Next to the listed attachment s you can see an X Click X to delete the attachment The Add Attachment screen contains three fields Name Lists the attachment name When the attachment is a file the file name is listed URL The URL to be listed as an attachment File The file to be attached You can use the Browse button to locate the file To add an attachment 1 Click Add Attachment The Add Attachment screen opens 2 To link to a URL enter the URL in the
Download Pdf Manuals
Related Search