View Only
  • 1.  Security Best Practices

    Posted Apr 16, 2019 06:42 PM

    I thought it would be interesting to start a thread on Security Best Practices.  So Hello everyone!


    What do you find as the best practice Do's and Don'ts for setting up and maintaining Clarity security?

  • 2.  Re: Security Best Practices

    Posted Apr 17, 2019 05:47 AM

    The basics are in the Green Book

    CA PPM - Implementing Security Green Book 

    Just wondering again...

    What would be the Broadcom URL for downloading it?

  • 3.  Re: Security Best Practices

    Posted Apr 24, 2019 01:43 PM

    How is everyone validating their users security is appropriate for their job?  Is anyone having manager attest to their staffs access to Clarity?


    How is everyone granting access to Clarity?  How about revoking of access?

  • 4.  Re: Security Best Practices
    Best Answer

    Posted May 07, 2019 04:49 AM

    This discussion did not seem to take off. So I am giving another push.


    Have the rights assignment initiation delegated.

    Use a form which the manager sends in and which specifies the organizational unit, the duties that require rights and timeframe.


    Grant rights only once.

    Depending on your security model a user may get the same rights different ways like belonging to an OBS unit, being a member of a group, automatically, directly.

    Though it is a lot of work cleaning the accesses so that you only get a right once will affect performance, because on every page the rights are checked first and the the more assignment of rights there are the longer it may take.

    It is also easier to establish who can do what if there are less assignment of rights.


    Remove access rights when they are no longer needed.

    One reason is as above the performance.

    The second reason is that the rights are the thing that determine which licenses are required.

    When removing the rights bear in mind that participants and collaboration managers also require licenses eventhough they are not in rights administration.

    Remove the rights as soon as the user does not need them any more and as soon data related to the user's role affecting the rights is no longer needed for reporting. Eg some reports are based on Project Managers and removing the project manager assignment removes the data related to that user from such reports.


    Give rights through groups

    Giving rights through groups simplifies the rights administtration as it separates he management of the rights and management of who has them.

    Use groups at leats whenever two users have the same rights.


    Rights from being a member of an OBS unit

    This type right has very limited use as a user/resource can be associated with only one unit in each OBS type as opposed being a member of many groups each having  various rights to several instances associated with differen units in the same OBS.

    Use this type of rights assignment only in a very general way eg. a user associated with any unit in an OBS type.

  • 5.  Re: Security Best Practices

    Posted May 07, 2019 02:31 PM

    Thanks for assisting.