Administration GuideCA Role & Compliance Manager IntegrationSuggested Provisioning Roles › Configure Defaults for Suggest Provisioning Roles

Previous Topic: Provisioning Role Scores

Next Topic: Compliance and Pattern Violations

Configure Defaults for Suggest Provisioning Roles

When an administrator clicks the Suggested Provisioning Roles button on the Provisioning Roles tab, CA Identity Manager displays a list of roles that may apply to the selected user.

The list of suggested provisioning roles that CA Identity Manager initially displays is determined by default criteria. Administrators can configure the following default criteria:

Users can overwrite the default settings by entering new values for these fields during the search.

To configure default values for Suggest Provisioning Roles searches

  1. Log into the User Console as a user with privileges to modify the Provisioning Roles tab.
  2. Select Roles and Tasks, Admin Tasks, Modify Admin Task.

    The Select Admin Task screen opens.

  3. Search for and select the task that includes the Provisioning Roles tab.

    The Modify Admin Task screen for the task you selected opens.

  4. Select the Tabs tab and then click the Edit icon next to the Provisioning Roles tab.

    The Configure Provisioning Roles screen opens.

  5. Specify the following fields, as needed:
    Hide Advanced Configuration

    Determines whether the Advanced Suggestion Configuration section appears on the Suggest Provisioning Role search screen.

    The Advanced Suggestion Configuration section allows administrators to enter new criteria for a suggested roles search. Administrators can choose the type of criteria (Matched Rule, Matched Privileges, Matched Attributes, and Almost Has) and select the match level for the results.

    Show Best Score Only

    Determines the display of columns in the list of suggested provisioning roles. When this option is selected, CA Identity Manager displays only the Role Score column, which indicates the highest score the suggested provisioning role received across all the criteria in the search.

    When this option is cleared, CA Identity Manager displays a score for all the criteria in the search.

    Check 'Matched Rule' by Default

    Select this check box to enable the Matched Rule field by default on the Provisioning Roles tab.

    When the Matched Rule field is enabled, CA Identity Manager suggests provisioning roles if the current user matches the rule that determines membership in an CA RCM role.

    Check 'Matched Privileges' by Default

    Select this check box to enable the Matched Privileges field by default on the Provisioning Roles tab.

    When the Matched Privileges field is selected, CA Identity Manager suggests provisioning roles that users who have similar privileges to the current user also have.

    If you select this field, enter a default value for the Matched Privileges field.

    Default Setting for 'Matched Privileges'

    Specify how well the suggested provisioning roles meet the Matched Privileges matching criteria by specifying a default match level.

    CA Identity Manager only suggests roles that satisfy the match level, as defined in the threshold settings (as defined in step 6.)

    Check 'Matched Attributes' by Default

    Select this check box to enable the Matched Attributes field by default on the Provisioning Roles tab.

    When the Matched Attributes field is enabled, CA Identity Manager suggests provisioning roles that other users who have similar profile attributes also have.

    If you select this field, enter a default value for the Matched Attributes field.

    Default Setting for 'Matched Attributes'

    Specify how well the suggested provisioning roles meet the Matched Attributes matching criteria by specifying a default match level.

    CA Identity Manager only suggests roles that satisfy the match level, as defined in the threshold settings (as defined in step 6.)

    Check 'Almost Has' by Default

    Select this check box to enable the Almost Has field by default on the Provisioning Roles tab.

    When the Almost Has field is enabled, CA Identity Manager suggests provisioning roles that also include similar privileges. Administrators can assign an existing role instead of creating a role with similar privileges.

    If you select this field, enter a default value for the Almost Has field.

    Default Setting for 'Almost Has'

    Specify the default value for the Almost Has field.

    Specify how well the suggested provisioning roles meet the Almost Has matching criteria by specifying a default match level.

    CA Identity Manager only suggests roles that satisfy the match level, as defined in the threshold settings (as defined in step 6.)

  6. Specify the value associated with each match level in the following fields.

    The value you specify corresponds to a score in CA RCM that indicates how well the suggested provisioning role meets the specified criteria. For example, if you set the threshold for excellent to 90, and set the default setting for the Matched Attributes and Almost Has field to Excellent, CA Identity Manager displays provisioning roles that meet the Matched Attributes and Almost Has criteria with a score of 90 or better in CA RCM.

    Setting the score to a higher value results in fewer suggested roles because the roles must meet stricter criteria.

    Threshold for Excellent

    Specifies the score that suggested roles must have in CA RCM to be considered an Excellent match.

    Threshold for Good

    Specifies the score that suggested roles must have in CA RCM to be considered a Good match.

    Threshold for Fair

    Specifies the score that suggested roles must have in CA RCM to be considered a Fair match.

    Threshold for Poor

    Specifies the score that suggested roles must have in CA RCM to be considered a Poor match.

  7. Click OK to return to the Tabs tab and then click Submit.

    CA Identity Manager saves the changes to the Provisioning Roles tab.