CA Tuesday Tip: CA ControlMinder Enterprise Manager System Manager Role

Discussion created by AaronArmagost Employee on Sep 2, 2014

How do I add users to the System Manager role is a common question we get in CA Support. We recommend that you make a copy of the current System Manager role and give access this way. This allows you to keep the original System Manager role without changes to the default setup.

1. Login to CA ControlMinder Enterprise Management as the current System Manager.
2. Go to Users and Groups > Roles > Admin Roles > Create Admin Role.
3. Chose 'create a copy of a role' and search for System Manager. Select System Manager then then Go.
4. Give your new Role a proper name and description. Submit the new role at this point.
5. Go back and Modify Admin Role > Chose the new role to be modified.
6. Go to the Members Tab and remove 'who are owners of ( admin role "System Manager" )' from the Member Policies.
7. Modify the remaining Member Rule: where ( Logon Name = "Administrator" ).
8. Change ‘Which users are members of this role?’ so that it specifies "who are members of <group-member-role>, group <group>, and search for your AD group.
9. Next you will need to add any missing scoping rules. Below is a full set of rules.


Access Task - All 
Admin Role - All 
Admin Task - All 
Connection - All 
Connector Server - All 
Endpoint - All 
Endpoint Type - All 
Group - All 
Host - All 
Host Group - All 
Organization - All 
Password Consumer - All 
Password Policy - All 
Policy - All 
Privileged Account - All 
Privileged Account Management Audit - All 
Privileged Account Password Policy - All 
Privileged Account Request - All 
User - All

10. Once you have verified all the scoping rules you can submit the new role.


Example Screenshot:




Aaron Armagost
Principal Support Engineer