|
|
|
You assign privileges to users by assigning roles. A role contains tasks that correspond to application functions in CA Identity Manager, such as the Create User task, functions in an application, such a Create Purchase Order function or account templates that give the user accounts, such as an SAP account. When users are assigned a role, they receive the corresponding privileges.
CA Identity Manager provides the following types of roles:
Admin roles can also include any task that appears in the User Console.
If you remove a task or account template from a role, the user can no longer perform that task, use an endpoint account, or use an application function.
The admin roles control what a user can do in CA Identity Manager. A system administrator assigns a role to a user; that role defines a set of tasks that the user can perform. Users can perform administrative tasks on user accounts, such as changing a password or updating a job title.
Different users have different levels of access to these tasks. For example, an Employee role could contains tasks that give users the ability to modify their name and address, whereas the Human Resources Manager role contains tasks to modify the user's title and salary.
The following illustration shows four tasks which are combined into one admin role and assigned to three users:
To grant users access to accounts in additional applications, such as an email system, you assign provisioning roles. Provisioning roles contain account templates, which define the attributes that exist in one type of account. For example, an account template for an Exchange account defines attributes such as the size of the mailbox. Account templates also define how CA Identity Manager user attributes are mapped to accounts.
The following illustration shows four accounts which are combined into one provisioning role and assigned to three users. Each user receives four accounts, when you assign the provisioning role to that user
| Copyright © 2012 CA. All rights reserved. | Tell Technical Publications how we can improve this information |