This article contains the following topics:
Users, roles, and login have the following relationship:
Users can have one role in each business unit in which they are defined. Users can have different roles in different business units.
Request-related functionality is available when CA Service Catalog is installed. Subscription and invoice-related functionality is available when Accounting Component is installed.
Service Delivery Administrator
Is the "root" (highest level) user in the Service Provider (highest level) business unit. This user has complete system access to all business units. For example, this user can specify default settings that apply to all users by logging in to the root business and accessing the Administration, Configuration, User Default tab. This role is available only for the Service Provider business unit, the default business unit that is created during installation.
Only this administrator has access to data mediation, system configuration, events, rules, and actions.
By default, at installation time, the Catalog system creates a user ID named spadmin with this role.
The roles provide default access rights to various functions. Administrators use configuration settings to add default access rights to a role or remove default access rights from a role.
The following table lists the tasks that each role can perform. The letter X indicates that the role can perform the task. The dash (-) indicates that the user cannot perform the task.
|Tasks||Cat Usr||Req Mgr||Cat Adm||End Usr||Adm||Svc Mgr||SBU Adm||SD Adm|
|By default, all users have all shopping functions, except as noted in Roles and Default Access Rights. However, administrators can configure the access rights of each role to create proxy requests, edit requests, and so forth.
All users can also delegate the use of their catalogs to create requests on their behalf.
|View, edit, delete, and cancel requests||X||X||X||X||X||X||X||X|
|Act on assigned requests pending action||X||X||X||X||X||X||X||X|
|Search for requests||X||X||X||X||X||X||X||X|
|View all items in a request||X||X||X||X||X||X||X||X|
|View request tracking and audit trail information||-||X||X||-||X||-||X||X|
|Add personal dashboards||X||X||X||X||X||X||X||X|
|Create shared dashboards||-||-||X||-||X||-||X||X|
|Print dashboard reports||-||-||-||-||X||X||X||X|
|View subscriptions and invoices||-||-||-||X||X||-||X||X|
|During checkout, change the Requested For user from the current setting to another account or user. That account or user requires a role in the business unit scope of the logged in user.||-||X||X||-||X||-||X||X|
|View and add News Messages||-||-||-||X||X||X||X||X|
|View Documents (if enabled) and View Reports||-||-||-||-||-||X||X||X|
|Managing the Catalog|
|View and alter catalog services and service option groups||-||-||X||-||-||X||X||X|
|View and alter CA Service Catalog configuration settings||-||-||X||-||-||-||X||X|
|Manage catalog entries or configuration||-||-||-||-||-||X||X||X|
|Manage subscriptions or invoices||-||-||-||-||X||-||X||X|
|Managing other elements|
|Manage accounts within your business unit scope||-||-||-||-||X||-||X||X|
|Manage users with roles in your business unit scope||-||-||-||-||X||-||X||X|
|Manage the dashboard library for the business unit||-||-||-||-||X||-||X||X|
|Manage scheduled tasks||-||-||-||-||X||-||X||X|
|Manage Change Events and Alerts||-||-||-||-||X||-||X||X|
|Cat Adm||Catalog Administrator|
|Cat Usr||Catalog User (none)|
|End Usr||end user|
|Req Mgr||request manager|
|Svc Mgr||service manager|
|SB Adm||Super Business Unit administrator|
|SD Adm||Service Delivery administrator|
Tasks that Each Role Can Perform for Other Users
The following table displays the roles that can perform authorized tasks for themselves and for other accounts and users.
|Can Perform Tasks for Themselves and||Cat Usr||Req Mgr||Cat Adm||End Usr||Adm||Svc Mgr||SBU Adm||SD Adm|
|Other accounts and users with roles in their business unit||-||X||X||-||X||X||X||X|
|Other accounts and users with roles in their business unit and any of its child business units.||-||X||X||-||-||X||X||X|
|Other accounts and users with roles in all business units, including all child business units||-||-||-||-||-||X||-||X|
The default role for all users applies to every user in the entire Catalog system. This default role applies to all users in all business units, including all child business units.
Only the Service Delivery administrators can set this default role. To set the role, the administrator logs in to the root business unit and selects Administration, Configuration, User Default Role.
The Catalog system automatically assigns this default role to every new user. However, administrators can optionally specify a different role for a user when they add or edit the user.