Security Policies
Security policies restrict access to certain TA functions. The defined access rights can be saved as a security policy, and then assigned to one user or multiple users.
For example, there might be different sets of users who:
-
Administer TA
-
Create and schedule jobs for themselves and others
-
Operate the job schedule
You may have a set of users that creates jobs, a set of users that schedule jobs and another set that works with the job schedule. Using security policies, the users creating jobs can be restricted from inserting them into production and changing the schedule. The other users can be restricted from creating jobs.
TA includes default security policy templates that can be modified to create your own security policies. Each user within the supplied working model has a defined set of TA functions. When all the default security policies are in use, all aspects of scheduling are covered and available.
This table lists the system features available for each of the default security templates:
| Default Security Policy |
Available System Features |
|---|---|
|
Scheduler_Administrator |
The default for new installations. This includes all available functions |
|
Administrator |
Configures users |
|
User |
Creates, edits, and submits jobs. Creates workgroups and user-defined variables |
|
Scheduler |
Edits and tests job schedules |
|
Operator |
Runs and controls jobs. Responds to alerts that jobs may issue |
|
Inquiry |
Views jobs and resources. Cannot perform modification |
Each security policy has its own name, description, and set of TA functions that it comprises it. Functions are chosen from a list of available functions and listed in the Security Policy Definition dialog. Once defined, security policies can be assigned to users from the User Definition dialog.
You can override security policy restrictions for a user by selecting the Super User option in the User Definition dialog. Users with Super User authority have access to all TA functions.
Note: If you are the only defined TA user, you will not be allowed to remove the Super User option from your profile until you have defined at least one other TA user with Super User capability. This is a safety feature to prevent inadvertent exclusion from TA, which would require you to reinstall the product.
Security Policy Templates
TA includes a set of default security policy templates. Inherent in these templates is the default network scheduling model where each user has a defined set of scheduling tasks. When all the security policies are assigned to users, the result is a complete enterprise network scheduling solution. Each user makes their contribution to the entire scheduling process. Each user can be insulated from tasks that are not relevant to their scheduling role.
You can modify these templates to create your own scheduling model based on the needs of your organization. Use caution so that vital functions are not inadvertently left out of a particular profile.
Note: Selecting the Super User option in a User Definition supersedes any security policy previously assigned. The Superuser option provides full and unrestricted access to all TA functions. Some functions, such as calendars supersede even SuperUser privileges and are controlled by the function’s owner and available only to members of a workgroup. A SuperUser may access a function but can not modify the function if not a member of the workgroup.
Default Security Policies
This table summarizes the functions that are available for each user account using the security policies provided with TA. If the function has been included in the security policy assigned to your user account then you have the capability described in that function.
|
Default Security Policy |
Available Functions |
|---|---|
|
TA Admin |
All TA functions are available |
|
Administrator |
Functions for configuring TA including configuring users, security, queues, agent lists, connections, and licenses |
|
Scheduler |
All functions except adding users |
|
Operator |
Functions for end-user support such as schedule control and queue and agent list configuration. Ability to edit job information as necessary |
|
User |
Functions for end-user activity excluding configuration and schedule control, but including the tools necessary for creating, editing and submitting jobs |
|
Inquiry |
Functions for viewing jobs and other items, but not for creating, editing, or deleting |
TA Functions
About TA Functions
Each security policy includes the TA functions that a user with that policy can perform. You can create new security policies from the Security Policy Definition dialog, or add and remove TA functions to an existing security policy. When you finish defining a security policy, you assign it to a user through the User Definition dialog.
Note: To use a job as a job dependency, you must have the ability (security policy permission) to View the job. However, View permission alone does not enable you to perform job control functions on the job.
Function Descriptions
These are descriptions of each TA function, grouped by category, that can be added to or removed from a security policy.
Agent Lists Category
|
Function |
Description |
|---|---|
|
Add Agent List |
Specify a group of agents for the purpose of agent fault tolerance (dynamic rerouting), workload balancing and job broadcasting. The list will be available to all users that schedule jobs |
|
Edit Agent List |
Edit the properties of an agent list |
|
Delete AgentList |
Delete any agent list that exists in theScheduler database |
|
View Agent List |
View the properties of any agent list |
|
Enable/Disable Agent List |
When this function is selected:
|
Alerts Category
|
Function |
Description |
|---|---|
|
Acknowledge Alert |
Acknowledge a console alert generated by a job event or system events |
|
Close Alert |
Complete the response to a console alert |
|
View Alert |
View alert details |
Authorization Policy Category
|
Function |
Description |
|---|---|
|
Add Authorization Policy |
Ability to create new authorization policies |
|
Edit Authorization Policy |
Ability to edit authorization policies |
|
Delete Authorization Policy |
Ability to delete authorization policies |
|
View Authorization Policy |
Ability to view authorization policies |
|
Add Shared Owner Policy |
Ability to create new shared owner policies |
|
Edit Shared Owner Policy |
Ability to edit shared owner policies |
|
Delete Shared Owner Policy |
Ability to delete shared owner policies |
|
View Shared Owner Policy |
Ability to view shared owner policies |
|
Assign/Update Shared Owners |
Ability to assign or update shared owners in a shared owner policy |
|
Apply Shared Owner Policies |
Adds Apply Shared Owner Policies option on the TA toolbar when viewing the Shared Owner Policies pane |
Configuration and Licensing Category
-
Edit Configuration/Licensing – Access to the System Configuration dialog. You can change Master configuration data, update licenses, configure mail, job defaults, and other system-wide settings.
-
View Configuration/Licensing – View alert details.
Connections Category
|
Function |
Description |
|---|---|
|
Add Connection |
Add a new connection definition |
|
Edit Connection |
Edit a connection definition |
|
Delete Connection |
Delete a connection definition |
|
View Connection |
View the details of connection information |
|
Edit Agent Job Limit |
Change the number of jobs that can run on an agent at the same time |
|
Edit Machine Name |
Edit the agent machine designation |
General Category
|
Function |
Description |
|---|---|
|
Add Public Data |
Add events, actions, calendars, and variables so that they can be used by anyone who schedules jobs. You must have the security rights to add and edit these items to make them public |
|
View Logs |
View the audit trail of all scheduling activity, error messages, and diagnostics from the Logs pane. You can view all messages generated by the sources specified in the System Configuration dialog, Logging tab |
|
View Reports |
View the results of TA reports |
|
View History |
View the audit trail of TA activity |
|
View Master Status |
Access to the Master Status pane, where you can view all the statistics related to the TA Master |
|
Move Jobs to Production |
Use Transporter to copy all jobs to other databases whether the user owns them or not |
|
Move Own Jobs to Production |
Use Transporter to copy only the jobs that the user owns to other databases |
Job Actions Category
|
Function |
Description |
|---|---|
|
Add Job Actions |
Create actions (messages, jobs, variable updates) to support specific job events and system events |
|
Edit Job Actions |
Edit the properties of an action that is owned by you or your workgroup |
|
Delete Job Actions |
Delete an action that you own |
|
View Job Actions |
View the specifics of all actions available |
Job Classes Category
|
Function |
Description |
|---|---|
|
Add Job Class |
Create a class to which jobs can be assigned. Job classes are available to all schedulers |
|
Edit Job Class |
Edit a job class |
|
Delete Job Class |
Delete a job class |
|
View Job Class |
View the description of a job class |
Job Console (Activity) Category
|
Function |
Description |
|---|---|
|
View All Jobs |
View the activity of all job occurrences as they are scheduled and run. You will also be able to view console alerts created by jobs. to add and edit these items to make them public |
|
View Own Jobs |
View the activity of your own job occurrences or those owned by your workgroup(s) as they are scheduled and run. You will also be able to view console alerts created by those jobs |
|
Edit All Jobs |
Edit the definition of any job or job group |
|
Edit Own Jobs |
Edit job and job group definitions that are owned by you or your workgroup(s) |
|
Control All Jobs |
Apply job control to all jobs and job groups, within any limits set in the job control functions |
|
Control Own Job |
Apply job control to jobs and job groups owned by you or the workgroup(s) you belong to, within any limits set in the job control functions |
Job Control Category
|
Function |
Description |
|---|---|
|
Adhoc Job Job Control |
Manually adds an unscheduled job to production |
|
Adhoc Job Deny Parameter Override |
Denies the ability to override the job parameters for users with Adhoc Job Job Control |
|
Cancel/Abort |
Manually cancels or aborts a job occurrence from the Job Activity pane. Cancelled and aborted jobs cannot be resumed. They must be rerun |
|
Hold/Stop |
Manually holds or stops a job occurrence from the Job Activity pane. The job can be restarted at a later time |
|
Override Dependencies |
Overrides a job’s dependencies and allows it to run even if the job’s predefined dependencies are not met |
|
Release/Resume |
Releases a job requiring operator release, and resume a job that has been stopped or held |
|
Rerun |
Reruns a job |
|
Set Status |
Sets a job’s completion status |
|
Remove Job(s) from Schedule |
Removes the selected job occurrence from the production schedule. When you right-click the Job Activity pane, the Remove Job(s) from Schedule context menu is enabled only if Control All or Control Own checkbox in Job Console Category and Remove Job(s) from Schedule checkbox in Job Control Category is selected |
|
Terminate |
Manually terminates a job occurrence from the Job Activity pane. Terminated jobs cannot be resumed. They must be rerun |
|
Edit Last Run Status |
Enables the Edit Last Run Status option in the Jobs pane context menu |
Job Events Category
|
Function |
Description |
|---|---|
|
Add Job Event |
Set up conditions to trigger job alert messages and recovery procedures (job events) |
|
Edit Job Event |
Edit the properties of a job event owned by you or your workgroup(s) |
|
Delete Job Event |
Allows a user to delete job events that the user created or are owned by a workgroup to which they belong |
|
View Job Event |
Allows a user to view the specifics of all job events (messaging service and recovery procedure constructs) available |
|
Allow All Jobs |
Enables/disables the Apply this event to all jobs checkbox in the Job Event definition. If you do not have this enabled in your security policy, you cannot apply a job event to all jobs |
Jobs Category
|
Function |
Description |
|---|---|
|
Add Jobs |
Create new job and job group definitions. You have full control over what, where, and when the job or group runs. You can also specify dependencies for your definitions |
|
Assign Job Events |
Assign predefined job events to a job or job group from the Job or Job Group definition dialogs |
|
Edit Jobs |
Edit jobs for yourself or for your workgroup(s). You have full control over what, where, and when the job or group runs. You can also specify dependencies for your definition |
|
Delete Jobs |
Delete jobs belonging to you and your workgroup(s). |
|
View Jobs |
View all the properties of the jobs and groups that you and your workgroup(s) own |
|
Enable Jobs |
Enable (activate) jobs and job groups. A job cannot run unless it is enabled |
Queues Category
|
Function |
Description |
|---|---|
|
Add Queue |
Create job queues to tune the throughput and allocation of system resources |
|
Edit Queue |
Edit job queues to tune the throughput and allocation of system resources |
|
Delete Queue |
Delete a job queue |
|
View Queue |
View all queues and their properties |
|
Edit System Queue |
Edit the system queue, including setting the overall limit of the number of jobs run on the network concurrently. With the Edit System Queue function, users can also edit all other queues |
|
Edit Native Priority |
Edit the CPU scheduling priority for jobs in a queue. This function applies to Nice values in Unix and to job classes in SAP |
Resources Category
|
Function |
Description |
|---|---|
|
Add Resources |
Create new resources |
|
Edit Resources |
Edit resource definitions |
|
Delete Resources |
Delete existing resource definitions |
|
View Resources |
View all the properties of the resources that you and your workgroup(s) own |
Schedule Category
|
Function |
Description |
|---|---|
|
Shutdown Scheduler |
Stops the Master service |
|
Create Schedule |
Manually generate job occurrences for the next production schedule period |
|
Pause/Resume Schedule |
Prevent all jobs in the production schedule from launching. Also allows you to resume the schedule if it is paused |
|
Refresh Schedule |
Updates the production data |
Security Category
|
Function |
Description |
|---|---|
|
Add Security Policy |
Allows a user to create a set of Scheduler functions that can be assigned to a user |
|
Edit Security Policy |
Allows a user to add and remove functions to/from a Scheduler functions set. |
|
Delete Security Policy |
Allows a user to delete a Scheduler function set |
|
View Security Policy |
Allows a user to view the function set associated with a security policy |
System Events Category
|
Function |
Description |
|---|---|
|
Add system event |
Set up conditions to trigger actions based on events generated by the system (system events) |
|
Edit system event |
Edit the properties of a system event that belongs to you or your workgroup(s) |
|
Delete system event |
Delete system events that belong to you or your workgroup(s) |
|
View system event |
View the specifics of all system events (messages, jobs, variable updates) available |
Users Category
|
Function |
Description |
|---|---|
|
Add Users |
Add a new user definition to the Scheduler database |
|
Edit Users |
Edit all properties of a user definition except for Assign Security Policy, Assign Runtime Users and Assign Agents |
|
Delete Users |
Delete any user from the Scheduler database |
|
View Users |
View all user information |
|
Edit Personal Data |
Update the personal data properties (User Definition dialog, Other tab) of your user definition |
|
Assign Security Policy |
Specify the functions that will be available to another user |
|
Assign Runtime Users |
Assign access to other user accounts for the purpose of running jobs |
|
Impersonate User |
Operate Scheduler as another user. You assume all characteristics of that user, including their security policy |
|
Assign Agents |
Designate the agent(s) on which a user is allowed to run jobs |
|
Assign Agent Lists |
Designate the agent lists on which a user is allowed to run jobs |
Workgroups Category
|
Function |
Description |
|---|---|
|
Add Workgroup |
Create a group of users to share data |
|
Edit Workgroup |
Edit users who belong to a workgroup |
|
Delete Workgroup |
Delete workgroups that belong to you. Deleting a workgroup disables sharing of data between users |
|
View Workgroup |
View workgroup definitions |
|
Assign Agent Lists |
Designate the agent lists on which a workgroup is allowed to run jobs |
Variables Category
|
Function |
Description |
|---|---|
|
Add Variable |
Create variable definitions |
|
Edit Variable |
Edit variable definitions that belong to you and your workgroup(s) |
|
Delete Variable |
Delete user-defined variables that belong to you and your workgroup(s) |
|
View Variable |
View variables that belong to you and your workgroup(s) |
Fault Monitor Category
|
Function |
Description |
|---|---|
|
Control Fault Monitor |
Enables a user to use the control options in the context menu in the Fault Monitor pane |
|
View Fault Monitor |
Enables a user to view the Fault Monitor pane |
OracleApps Jobs Category
|
Function |
Description |
|---|---|
|
Add OracleApps Job |
Create and add OracleApps jobs to the TA production schedule |
|
Edit OracleApps Job |
Edit OracleApps job definitions |
Variable Events Category
|
Function |
Description |
|---|---|
|
Add Variable Events |
Create and add variable events to the TA production schedule |
|
Edit Variable Events |
Edit variable events that belong to you and your workgroup(s) |
|
Delete Variable Events |
Delete variable events that belong to you and your workgroup(s) |
|
View Variable Events |
View all the properties of the variable events that you and your workgroup(s) own |
|
Suspend Variable Events |
Suspends the variable events that you and your workgroup(s) own |
|
Resume Variable Events |
Resumes suspended variable events that you and your workgroup(s) own |
File Events Category
|
Function |
Description |
|---|---|
|
Add File Events |
Create and add file events to the TA production schedule |
|
Edit File Events |
Edit file events |
|
Delete File Events |
Delete file events that belong to you and your workgroup(s) |
|
View File Events |
View all the properties of the file events that you and your workgroup(s) own |
|
Suspend File Events |
Suspends the file events that you and your workgroup(s) own |
|
Resume File Events |
Resumes suspended file events that you and your workgroup(s) own |
Email Events Category
|
Function |
Description |
|---|---|
|
Add Email Events |
Create and add Email events to the TA production schedule |
|
Edit Email Events |
Edit Email events |
|
Delete Email Events |
Delete Email events that belong to you and your workgroup(s) |
|
View Email Events |
View all the properties of the Email events that you and your workgroup(s) own |
|
Suspend Email Events |
Suspends the Email events that you and your workgroup(s) own |
|
Resume Email Events |
Resumes suspended Email events that you and your workgroup(s) own |
Oracle DB Events Category
|
Function |
Description |
|---|---|
|
Add Oracle DB Events |
Create and add Oracle DB events |
|
Edit Oracle DB Events |
Edit Oracle DB events |
|
Delete Oracle DB Events |
Can delete Oracle DB event definitions |
|
View Oracle DB Events |
Can view Oracle DB event definitions |
|
Suspend Monitoring |
Can suspend the operation of the Oracle DB monitor |
|
Resume Monitoring |
Can resume the operation of the Oracle DB monitor |
Oracle DB Jobs Category
|
Function |
Description |
|---|---|
|
Add Oracle DB Jobs |
Create and add Oracle DB jobs to the TA production schedule |
|
Edit Oracle DB Jobs |
Edit Oracle DB job definitions |
SAP Jobs Category
|
Function |
Description |
|---|---|
|
Add SAP Job |
Create and add SAP jobs to the TA production schedule |
|
Edit SAP Job |
Edit SAP job definitions |
|
Delete SAP Job |
Delete SAP job definitions |
|
View SAP Job |
View SAP job definitions |
|
View Job Log |
View job’s job log |
|
View Job Spool |
View job’s job spool |
SAP Variants Category
|
Function |
Description |
|---|---|
|
Add/Edit Variants |
Create and edit SAP variants |
|
Delete Variants |
Can delete SAP variants |
SAP Process Chains
|
Function |
Description |
|---|---|
|
Enable Planning View |
Can enable planning view |
MSSql Events
|
Function |
Description |
|---|---|
|
Add MSSql Events |
Create and add MSSql events |
|
Edit MSSql Events |
Can edit MSSql events |
|
Delete MSSql Events |
Can delete MSSql event definitions |
|
View MSSql Events |
Can view MSSql event definitions |
|
Suspend Monitoring |
Can suspend the operation of the MSSql monitor |
|
Resume Monitoring |
Can resume the operation of the MSSql monitor |
MSSql Jobs
|
Function |
Description |
|---|---|
|
Add MSSql Jobs |
Create and add MSSql jobs to the TA production schedule |
|
Edit MSSql Jobs |
Can edit MSSql job definitions |
|
Delete MSSql Jobs |
Can delete MSSql job definitions |
|
View MSSql Jobs |
Can view MSSql job definitions |
PeopleSoft Jobs Category
|
Function |
Description |
|---|---|
|
Add PeopleSoft Job |
Create and add PeopleSoft jobs to the TA production schedule |
|
Edit PeopleSoft Job |
Edit PeopleSoft job definitions |
|
Delete Workgroup |
Delete a workgroup, disabling the sharing of data between users |
|
View Workgroup |
View workgroup definitions |
PeopleTools Category
|
Function |
Description |
|---|---|
|
Enable PeopleTools Access |
Can access PeopleTools |
WebService Jobs Category
|
Function |
Description |
|---|---|
|
Add WebService Jobs |
Create and add WebService jobs to the TA production schedule |
|
Edit WebService Jobs |
Can edit WebService job definitions |
|
Delete WebService Jobs |
Can delete WebService job definitions |
|
View WebService Jobs |
Can view WebService job definitions |
Horizon Jobs Category
|
Function |
Description |
|---|---|
|
Add Horizon Jobs |
Create and add Horizon jobs to the TA production schedule |
|
Edit Horizon Jobs |
Can edit Horizon job definitions |
|
Delete Horizon Jobs |
Can delete Horizon job definitions |
|
View Horizon Jobs |
Can view Horizon job definitions |
Tags Category
|
Function |
Description |
|---|---|
|
Add Tags |
Can create tags |
|
Edit Tags |
Can edit tags |
|
Delete Tags |
Can delete tags |
|
View Tags |
Can view tags |
|
Assign/Remove Tags |
Can add/ remove tags from an object |
Timezone Category
|
Function |
Description |
|---|---|
|
Add Timezone |
Ability to create new timezone |
|
Edit Timezone |
Ability to edit existing timezone |
|
Delete Timezone |
Ability to delete existing timezone |
|
View Timezone |
Ability to view timezone |
Token Category
|
Function |
Description |
|---|---|
|
Add Token |
Ability to create new API tokens |
|
Edit Token |
Ability to edit API tokens that you and you workgroup(s) own |
|
Delete Token |
Ability to delete API tokens that you and you workgroup(s) own |
|
View Token |
Ability to view API tokens |
|
Regenerate Token |
Ability to regenerate API tokens that you and your workgroup(s) own |
|
Download/Copy Token |
Ability to download and copy API tokens that you and your workgroup(s) own |
Security Policies User Interface
Accessing Securities Policies
Click Administration > Security Policies on the Navigation pane open to view the Security Policies pane.
All existing security policy names are displayed. If security policies do not appear, you do not have the appropriate rights to view security policies.
Buttons
The Security Policies interface contains these buttons:
-
Add Security Policy – Displays the Security Policy Definition dialog to add a new security policy.
-
Edit Security Policy – Displays the Security Policy Definition dialog to edit an existing security policy.
-
Copy Security Policy – Creates a copy of the selected security policy with the same information as the original security policy, except that the name of the copy has the prefix “Copy of”.
-
Delete Security Policy – Removes the selected security policy definition from the TA database.
-
Refresh – Updates the data in the current pane.
-
Print – Displays the Reports pane to view and print your security policy definitions. For more information, see Monitoring Production.
-
Where Used – Allows to view the objects to which the selected security policy has been referred.
Search Field
Enter text that you want to search for within the columns displayed into this field.
Note: This field at the top right of the grids will only search text columns that are not grayed out and are string-based.
Columns
The Security Policies interface contains these columns:
-
Name – The name of the security policy.
-
Description – A description of the security policy. The Description field in the Security Policy Definition is optional, so there may not be any data in this column.
-
Modified – The last time the security policy was modified.
Security Policies Preferences
Open View>Preferences from the main menu bar while viewing the Security Policies pane to display the Security Policies Preferences dialog.
From this dialog, you can select which columns are displayed in the Security Policies pane and in what order they appear.
-
A checkmark to the left of a column title indicates that it will be displayed in the pane. No checkmark indicates that it will not be displayed.
-
To rearrange the order in which the columns are displayed, select the column and click the up or down arrow.
Navigation Context Menu
When you right-click in the Navigation pane while viewing the Security Policies pane, the Navigation context menu displays. This context menu contains these options:
-
Add Security Policy – Displays the Security Policy Definition to add a new security policy. Has the same function as the Add Security Policy button.
-
Preferences – Displays the preferences for the Security Policies pane.
-
Print – Displays the Reports pane to view and print your security policy definitions. Has the same function as the Print button on the toolbar. For more information, see Monitoring Production.
-
Export – Saves the data in the current pane as an HTML file.
-
Refresh – Updates the data in the current pane.
Security Policies Context Menu
When you right-click in the Security Policies pane, the Security Policies context menu displays. This context menu contains these options:
-
Add Security Policy – Add a new security policy definition by displaying the Security Policy Definition.
-
Edit Security Policy – Edit the selected security policy by displaying the Security Policy Definition.
-
Delete Security Policy – Deletes the selected security policy.
-
Copy Security Policy – Creates a copy of the selected security policy with the same information as the original security policy, except that the name of the copy has the prefix “Copy of”.
-
Print Security Policies – Displays the Reports pane to view and print your security policy definitions. For more information, see Monitoring Production.
-
Where Used – Allows to view the objects to which the security policy has been referred.
Security Policy Definition Dialog
The Security Policy Definition displays when you edit or add a security policy from the Security Policies pane.
Common to All Tabs
Security Policy Name – The name of the security policy (up to 30 characters). Each security policy name must be unique.
Functions Tab
This tab contains these elements:
-
Category – Functions are grouped into categories, as shown in the tables in TA Functions.
No checkmark to the left of the category means that none of the functions in that category are assigned.
A gray checkmark to the left of the category means that some of the functions in that category are assigned.
A black checkmark to the left of the category means that all of the functions in that category are assigned.
-
Functions Assigned – The list of functions assigned to the security policy.
For more information about TA functions, see TA Functions.
Checklist Context Menu
Double-clicking a function category displays a small checklist context menu in the Functions Assigned column. The checklist context menu displays all the functions that belong to that category. Clicking Browse to the far right of the category, next to the Functions Assigned column, will also display the checklist for that category. Click Close in the checklist to return to the Functions tab. A black checkmark to the left of a function signifies that the function has been selected. No checkmark to the left of a function signifies that the function has not been selected.
Functions Tab Context Menu
Right-clicking the Functions tab of the Security Policy definition displays the context menu of options for granting and revoking basic functions in all categories simultaneously in the security policy:
Note: The options in the Functions context menu to grant or revoke all of a type of function only apply to the basic functions. More advanced functions must be granted/revoked individually. For example, the Grant All Edit option grants the Edit Queue function but not the more advanced functions of Edit System Queue or Edit Nice Queue Value.
-
Grant All Functions – Enables all functions in all categories, in effect, giving the user Superuser privileges.
-
Grant All Functions for Category – Enables all functions in a selected category.
-
Grant All Add – Enables each of the basic Add functions in each category.
-
Grant All Edit – Enables each of the basic Edit functions in each category.
-
Grant All Delete – Enables each of the basic Delete functions in each category.
-
Grant All View – Enables each of the basic View functions in each category.
-
Revoke All Functions – Cancels all functions in all categories.
-
Revoke All Functions for Category – Cancels all functions in a selected category.
-
Revoke All Add – Cancels each of the basic Add functions in each category.
-
Revoke All Edit – Cancels each of the basic Edit functions in each category.
-
Revoke All Delete – Cancels each of the basic Delete functions in each category.
-
Revoke All View – Cancels each of the basic View functions in each category.
Description Tab
Description – Any user comments regarding the security policy, up to 255 characters.
Security Policy Configuration Procedures
Adding a Security Policy
A user can be assigned with one or more security policies. The TA administrator can assign functions to a security policy, when required. New user definitions are assigned with the Operator security policy by default.
To add a security policy:
-
Click Administration > Security Policies on the Navigation pane to display the Security Policies pane. You can view the security policies in the Security Policies pane, only if you have appropriate rights.
-
Perform one of these actions to display the Security Policy Definition dialog:
-
Click Add on the TA tool bar.
-
Right-click on a security policy and click Add Security Policy from the context menu.
-
-
Enter a unique name not exceeding 30 characters in the Security Policy Name field.
-
Open the Functions tab and click the required functions to be assigned to the security policy.
-
Open the Description tab and type a description not exceeding 255 characters for the security policy. This is an optional step.
-
Click OK to save the changes and close the Security Policy Definition dialog.
The security policy is now added to the existing list of security policies and can be assigned to users.
Assigning Functions to a Security Policy
-
Click Administration > Security Policies on the Navigation pane to display the Security Policies pane. You can view the security policies in the Security Policies pane, only if you have appropriate rights.
-
Perform one of these actions to display the Security Policy Definition dialog:
-
Double-click a security policy.
-
Choose a security policy and click Edit on the TA toolbar.
-
Right-click on a security policy and click Edit Security Policy from the context menu. All function categories appear in the Category column on the Functions tab.
-
-
Perform one of these actions to select the required functions from a category:
To assign one or more functions of a category to the security policy, double-click a record and select the required function to add/assign it to the security policy. Clear a checkbox to remove/unassign a function from the security policy.
-
To assign all functions of a category to the security policy, click the Grant All Functions option on the context menu.
-
Conversely, select the Revoke All Functions option to remove all the functions of a category from the security policy.
-
-
Click OK to save the changes and return to the Functions tab.
Deleting a Security Policy
Note: You cannot delete a security policy that is being used by any user. You must assign a different security policy to each user using that security policy before you can delete it.
To delete a security policy:
-
Click Administration > Security Policies on the Navigation pane to display the Security Policies pane. You can view the security policies in the Security Policies pane, only if you have appropriate rights.
-
Click the security policy you want to delete.
-
Perform one of these actions to delete the selected security policy:
-
Click Delete on the TA toolbar.
-
Right-click on the selected security policy and click Delete Security Policy from the context menu.
-
-
Click OK in the Delete Confirmation dialog.
Editing a Security Policy
With appropriate security rights, you can change functions available to a user by editing the user's security policy.
To edit a security policy:
-
Click Administration > Security Policies on the Navigation pane to display the Security Policies pane. You can view the security policies in the Security Policies pane, only if you have appropriate rights.
-
Perform one of these actions to display the Security Policy Definition dialog:
-
Double-click a security policy.
-
Choose a security policy and click Edit on the TA toolbar.
-
Right-click on a security policy and click Edit Security Policy from the context menu.
-
-
Change the name and description, if required.
-
Open the Functions tab and add or remove one or more functions. For information about how to assign functions, see Assigning Functions to a Security Policy.
Copying a Security Policy
Copying an existing security policy allows you to create a copy that retains most of the properties from original security policy.
To copy a security policy:
-
Click Administration > Security Policies on the Navigation pane to display the Security Policies pane. If you have the appropriate rights, you can view the security policies in the Security Policies pane.
-
Right-click a security policy and click Copy Security Policy from the context menu or click Copy on the TA toolbar.
A copy of the original security policy is added to the Security Policies pane. The name of the copy has the prefix “Copy of”. Rename the copy and modify the properties as required in the copy.