Cisco Cisco Workload Automation 6.3 Installation Guide
33
Installation Prerequisites
User Security Requirements
Once login has completed, a record is established in CWA to represent the Active Directory/LDAP only user if not
already present and only if the user belongs to an Active Directory/LDAP group defined in CWA. All user activity
logging is then done against this new user record allowing for correct auditing and reporting.
already present and only if the user belongs to an Active Directory/LDAP group defined in CWA. All user activity
logging is then done against this new user record allowing for correct auditing and reporting.
Active Directory/LDAP only users will be allowed to create and own jobs and other objects if their security
permissions permit.
permissions permit.
CWA LDAP groups are supported by the creation of groups within the CWA application.
Security Policies
Security policies can be defined and specialized by application administrators.
Each group within CWA can be assigned one security policy.
Caution: The security capabilities of a user are based upon the cumulative summation of the security policies defined
for each of the groups that the user is a member of and any security policy directly assigned to the user. The latter is only
available for users created within CWA not imported from AD/LDAP.
for each of the groups that the user is a member of and any security policy directly assigned to the user. The latter is only
available for users created within CWA not imported from AD/LDAP.
Workgroups and Security Policies
Workgroups are also available within the CWA application. These workgroups can be used to own related objects.
Users and groups can be made a member of one or more workgroups. Workgroup security allows for additional
security policies to be applied to scheduling constructs (jobs, view, alerts, etc.) owned by the workgroup for a
particular user associated with the workgroup.
Users and groups can be made a member of one or more workgroups. Workgroup security allows for additional
security policies to be applied to scheduling constructs (jobs, view, alerts, etc.) owned by the workgroup for a
particular user associated with the workgroup.
When a user or a group is made a member of a workgroup then additional security policies can be applied to this
relationship. The users total security capabilities will then be a summation of their user applied security policy, the
security policy associated with each of the groups they are a member of, and the security policies contained in the
relationship between the user or group and the workgroups they are a member of (in the context of objects contained
in that workgroup).
relationship. The users total security capabilities will then be a summation of their user applied security policy, the
security policy associated with each of the groups they are a member of, and the security policies contained in the
relationship between the user or group and the workgroups they are a member of (in the context of objects contained
in that workgroup).