How do I add users to the System Manager role is a common question we get in CA Support. We recommend that you make a copy of the current System Manager role and give access this way. This allows you to keep the original System Manager role without changes to the default setup.
1. Login to CA ControlMinder Enterprise Management as the current System Manager.
2. Go to Users and Groups > Roles > Admin Roles > Create Admin Role.
3. Chose 'create a copy of a role' and search for System Manager. Select System Manager then then Go.
4. Give your new Role a proper name and description. Submit the new role at this point.
5. Go back and Modify Admin Role > Chose the new role to be modified.
6. Go to the Members Tab and remove 'who are owners of ( admin role "System Manager" )' from the Member Policies.
7. Modify the remaining Member Rule: where ( Logon Name = "Administrator" ).
8. Change ‘Which users are members of this role?’ so that it specifies "who are members of <group-member-role>, group <group>, and search for your AD group.
9. Next you will need to add any missing scoping rules. Below is a full set of rules.
Access Task - All
Admin Role - All
Admin Task - All
Connection - All
Connector Server - All
Endpoint - All
Endpoint Type - All
Group - All
Host - All
Host Group - All
Organization - All
Password Consumer - All
Password Policy - All
Policy - All
Privileged Account - All
Privileged Account Management Audit - All
Privileged Account Password Policy - All
Privileged Account Request - All
User - All
10. Once you have verified all the scoping rules you can submit the new role.
Example Screenshot:
Thanks,
Aaron Armagost
Principal Support Engineer