Release Notes › New Features in CA Identity Manager r12.5 › CA Role & Compliance Manager Integration › Connector for Identity Manager - Update Limitations

Connector for Identity Manager - Update Limitations

Successful update of endpoint data using the customizable endpoint handler requires thorough knowledge of the data structure, syntax, and rules of the target endpoint type. To avoid problems, you must consider the data structure dictated by the endpoint type when you configure the handler and define data mapping.

The following general issues apply when you use the customizable endpoint handler to send updates to CA Identity Manager:

• Target endpoint restrictions - Identity Manager allows configuration of password protection and other validation restriction on endpoints and endpoint types. These restrictions may cause creation of entities on Identity Manager to fail. CA RCM does not verify successful creation of new entities during update, and the CA RCM connector may not record these events in its log.
• Account Templates - The following limitations concern how CA RCM and Identity Manager handle resources, endpoints, and account templates:
  • Do not rename account templates in CA RCM. When you rename an account template, CA RCM attempts to update endpoints by deleting the existing template and creating a new template. This unintentionally modifies many template attributes.
  • Changes to an endpoint's resource are reflected in all endpoints of the same type. For example, if you delete the "admin privileges" resource from an account template, and send an update of that template to a single, specific Microsoft SQL Server endpoint - the "admin privileges" resource is removed from every Microsoft SQL Server endpoint that has that resource.
  • CA RCM does not verify whether an Identity Manager account template is available for a target endpoint or endpoint type. You must verify that the account template is available before you update endpoints of a given type.
  • The default account template (the Identity Manager account template referenced by CA RCM as a model for new account templates) is specified in a static configuration file. CA RCM does not verify this setting and does not detect if the default account template has been deleted or changed in Identity Manager.
• Error Logging - In some situations, errors during update are not recorded in the log file of the connector job.