Configuring Users

The Rule Lifecycle Management App (RLM) App Administrator must complete two overarching tasks related to configuring users:

  • Configure user accounts that RLM will use to integrate with SecureChange and SecureTrack. The user accounts chosen for this configuration must adhere to the guidelines described in this topic.

  • Configure SecureChange accounts for the end-users who will certify rules or otherwise participate in certification activities. Rule Owners must have a SecureChange account to access RLM and certify rules. A SecureTrack account is not required.

This topic introduces details about these users. See Creating Users to learn more about TOS users in general.

Users Required for Configuration

SecureChange Integration

In the Settings () > Setup menu, add credentials for a SecureChange user that RLM uses to make calls to and from the SecureChange database.

This user must have the following permissions, which are included in the default Security Administrator role in SecureChange:

  • View Settings tab and configure Orchestration Suite settings

  • Create change requests and view 'My Requests' tab

  • View Tasks tab and handle tickets

  • View Reports tab and create reports

  • Create and handle tickets on behalf of another user (via API only)

Ticket Requestor

When RLM integrates with SecureChange, it does not relay details about which user certified or decertified the ticket. Instead, RLM opens tickets using a single, predefined Requestor user, which you configure in the Settings () > Setup menu.

  • This user must have the default Requestor role in SecureChange or must have a custom role that includes this permission: Create change requests and view 'My Requests' tab

  • This user could be the same as the user account that RLM uses to access SecureChange.

SecureTrack Integration

RLM must integrate with the SecureTrack database to retrieve rules that require certification.

  • The user that you select in the Settings () > Setup menu must be an Administrator for a single domain setup or Super Administrator for multiple domains.

Default Rule Owner Group

When RLM assigns rules to owners based on the assets or applications used in the rule, there are instances when no relevant owner can be found. In this scenario, RLM assigns the Default Owner group. You define this user in Settings () > Owners and Assets.

This user must have the following permissions, which are included in the default Security Administrator role in SecureChange:

  • View Settings tab and configure Orchestration Suite settings

  • Create change requests and view 'My Requests' tab

  • View Tasks tab and handle tickets

  • View Reports tab and create reports

Create Rule Owner Users in SecureChange

Every Rule Owner who will certify rules must have a user in SecureChange. The role, and corresponding permissions assigned to these users in SecureChange, will affect which screens are visible in RLM. Use the following table to ensure the relevant RLM screens are visible to each user.

Note that the roles in SecureChange that appear in this table are the default roles. The roles are dynamic and customers can add or remove permissions to them before and after RLM deployment.

Default Role in SecureChange

Permission in SecureChange

Corresponding RLM Access

Auditor View Reports tab and create reports

All Rules

Reports

Home

Business Owner Create change requests and view 'My Requests' tab

My Queue

Pending

Requestor Create change requests and view 'My Requests' tab

My Queue

Pending

Security Administrator View Settings tab and configure Orchestration Suite settings

Settings

Requests

Scan

Create change requests and view 'My Requests' tab

My Queue

Pending

View Tasks tab and handle tickets Tickets
View Reports tab and create reports

All Rules

Reports

Home

System Administrator View Settings tab and configure Orchestration Suite settings

Settings

Requests

Scan