A shallow use case works with data from several different endpoints to analyze organizational roles and perform certification or role modeling. The object mapping between CA GovernanceMinder and the endpoint system is less granular than in a deep use case.
When importing data in a shallow use case where endpoints are managed with CA IdentityMinder, a specific universe is generated. Endpoint privileges, groups, and roles are mapped to CA GovernanceMinder resources, and CA IdentityMinder provisioning roles and account templates are mapped to CA GovernanceMinder roles. When CA GovernanceMinder exports universe data back to CA IdentityMinder, it updates changes to provisioning roles and account templates, and any additional or removed links between users, provisioning roles, nested provisioning roles, account templates, and endpoint privileges. CA IdentityMinder translates these changes into links between user accounts and endpoint privileges, and where an account does not exist, a new account is created.
CA GovernanceMinder does not export changes or additions to user attributes or resource attributes (you should manage these attributes with the user management tool or the native utilities of the endpoint, respectively).
You use CA GovernanceMinder with the CA IAM Connector Server (an optional part of the CA GovernanceMinder installation) to perform shallow mapping when your endpoints are not managed with CA IdentityMinder. You do this by importing data from multiple endpoints through the CA IAM Connector Server. The selected endpoint permissions are modeled as resources, and business roles are modeled as roles. Export is not supported in this scenario.
|
Copyright © 2014 CA.
All rights reserved.
|
|