DX Application Performance Management

Our APM/CEM is integrated with EEM for LDAP. I have created a DL which is called "APM PowerUsers" which I have added to 

System Adminstrative Setting write

System Configuration Settings capture comprehensive defect details

and

System Configuration Settings write

Yet my power user are not able to see detailed Defects info "HTTP Info" under Incident management tab

Any idea what I need to do in EEM to get them to see the HTTP Info which shows up below the "Web Server Info" in the screenshot above?

Thanks in advance

Manish

Dear Manish:

      Looking at the default settings , You should see all of the Incident Page

https://docops.ca.com/ca-apm/10/en/administrating/apm-security/securing-cem/eem-authentication-and-authorization-for-cem

When you use the EEM permissions test utility, does it pass? Is the EEM or EM log giving any errors/messages

Although the attachment is EEM+ CEM+ LDAP, it may give some ideas.

I also recall some KBs on this topic. (EEM and CEM)

If all that does not help, please open a case

Thanks

Hal German

Based on this document from Guenter_Grossberger I think you need to add "CEM Incident Analyst" 

CEM Permissions 

It is the "Business Service read sensitive data" access policy that is crucial

EEM Authentication and Authorization for CEM - CA Application Performance Management - 10.5 - CA Technologies Documentat… 

The Business Service resource class also has two extra actions that are associated with it only: read and read sensitive data. In CA CEM, HTTP header information is attached to a defect. Having read sensitive data permission for a business service allows a CA CEM user to view the defect-related HTTP header information for that business service.

Lynn_Williams actually the "Business Service" resource has 4 diff access policies associated with it

So, you are saying the the DL I want to give access to read "HTTP Info", that DL (gug) needs to be part of the 4th policy shown above in the screenshot or should I copy that policy and rename it and leave the original alone? I would then I have create diff policy for each of the apps I am monitoring using CEM b/c our security model dictates that one app team should not have visibility into another apps' CEM info.

Hi Manish,

Yes it is the 4th policy action "read sensitive data"

With the security limitation you described yes for each group you want to limit the data access you will need to create a different Business Service Access Policy, assign the required actions and group - see step 7 in above pdf posted by Hal.

Here is the wiki section but it is not as detailed as the pdf

Setting the Security Groups for New Business Services - CA Application Performance Management - 10.5 - CA Technologies D… 

Hope that helps

Lynn

Lynn,

I've applied the changes and awaiting to hear back from my customer/user. I am pretty this will resolve the issue but if it doesn't then I'll reply to this thread.

Thanks again for all assistance.

Manish

 harcr06 - FYI

I know we were discussing this last week during our health check on EEM integration privileges for proper access to CEM for "HTTP Info". This thread answers that.

Dear Manish:

     Lynn's last comment about the policy setting is the likely culprit. We also have not heard anything further from you. So marking as answered. We welcome further updates and questions on this issue as warranted

Thanks

Hal German