We have no settings button, search, messages, and highlights in Team center. (top right next to the universes)Access permissions are implemented via the Embedded Entitlements Manager.
What are we missing? Which permissions do we need to assign?
What version are you using?
I believe you need to login first as local admin and then grant permissions to the universes to the respective EEM users.
Only then the EEM users will be able to login to see the see the right data/options.
Hi Sergio,We are using:
Enterprise Manager Release: 10.7.0.45 (Build 990045)
Webview Release: 10.7.0.45 (Build 990045)
CA Embedded Entitlements Manager: 188.8.131.52
In EEM i noticed that there are only policies with CEM identities, is this correct?
Shouldn't be there policies for APM/Introscope identities aswell?
In CA Embedded Entitlements Manager |
Are only policies with CEM or EVENTLOGREADERS in the Identities:
Will also look into permissions within APM.
After importing eem.register.app.xml you should have about 14 policies in the APM application in EEM UI.
Is this is not the case, maybe something went wrong when you import the safex script.
Some policies are needed for both Introscope and CEM
Specific for Introscope are Domain,Server, Webservices and Access Policy,
Here is a KB that cover the initial configuration steps:
How to implement CA EEM and LDAP for Authenticatio - CA Knowledge
You might want to refer to this page in docops:
Securing Introscope using CA EEM - CA Application Performance Management - 10.7 - CA Technologies Documentation
If your plan is to use EEM for authentication and authorization, then keep in mind that you will need to migrate your domains-agent permissions in domains.xml as Domain Policies in EEM , I wrote a how to doc in the past, so I have upload it to this location
How to migrate LOCAL custom domains and security to EEM.pdf
For ATC, the authorization is different, you will need to grant permissions by universes as indicated in this provided KB
Read-only users get error about APM Team Center un - CA Knowledge
I hope this helps
I have done a quick test in my 10.7 environment but I can't recreate the mentioned issue, my EEM setup is configured with LDAP, I created a new test LDAP user and in EEM UI I have added it to a new Access Policy and Domain Guest Poilicy, read permissions only. With these permissions I get "Your administrator has not assigned a universe to you yet. Refresh page and try it again or contact an administrator." in TC. To fix this as suggested before, I connected as Admin and grant the test user access to the right Universes. Once this is done, I can see the right data and options (search, highlight, etc) are enabled. I have just found that this requirement is documented in this KB:
What is the version of the APM? Is the EEM user part of the a specific application group? have you created specific policies for the users? what are the exact permissions you have granted to the user? Is it part of the Access and Domain Policies? Do you have the same issue in the map, and experience view? Is this affecting all users?