CA DLP Connector account management screens display the same user categories used in CA DLP by default. For example, Administrator, Manager, User, Policy Administrator, and Reviewer.
CA DLP supports the addition of new user categories. If you add a user category in your CA DLP environment, we recommend that you also add the new user category to the CA DLP Connector account management screens. Adding user categories to the CA DLP Connector account management screens to match the user categories on your CA DLP endpoint makes administration easier.
For example, if you add a user category named Assistant Manager to your CA DLP environment, you can add a user category attribute named Assistant Manager to the CA DLP Connector account management screens.
You can add the new user category attribute by using Connector Xpress to edit the metadata of the CA DLP Connector.
To create a custom user category on the CA DLP Connector Account tab in the Identity Manager User Console account management screens, do the following:
Important! We recommend that you edit only the DLPUserCategory attribute in the CA DLP Connector metadata. Editing other attributes can make the CA DLP Connector inoperable.
The CA_DLP.jar file contains the role, task, and screen definitions for the DLP account management screens in the CA Identity Manager User Console.
Example: Edit the metadata of the CA DLP Connector using Connector Xpress
The following example shows you how to add a CA DLP user category attribute named Assistant Manager to the CA DLP account management screen. You add the attribute by using Connector Xpress to edit the CA DLP Connector metadata. This example assumes that you have added a user category named Assistant Manager to your CA DLP environment.
This example shows you how to add a user category named Assistant Manager to the Account Management tab in the CA Identity Manager User Console.
To edit the metadata of the CA DLP Connector using Connector Xpress
Connector Xpress creates a project based on the existing CA DLP Connector metadata.
The Custom Types dialog appears.
Defines the value of the enumerated type used on the endpoint system.
Example: Assistant Manager
(Optional) Defines the name of the enumerated type displayed in the CA Identity Manager User Console.
Example: Assistant Manager
(Optional) Defines the order of the enumerated values.
Example: 2
The Deploy Metadata dialog appears.
Connector Xpress deploys the CA DLP Connector metadata to the provisioning server.
Next, use the Role Definition Generator to generate the CA DLP account management screens.
Note: For more information about how to add and configure a provisioning server, create a Connector Xpress project, and generate CA Identity Manager User Console account management screens, see the Connector Xpress Guide.
Example: Generate CA DLP account management screens using the Role Definition Generator
This example shows you how to use the Role Definition Generator to generate the CA_DLP.jar file and how to import it into the CA Identity Manager User Console to generate DLP account management screens. This example uses a provisioning server named myProvisioningServer, with administrator login name AdminLogin for a CA DLP endpoint named CA DLP.
This example assumes that you have edited the metadata of the CA DLP Connector using Connector Xpress and added a new user category named Assistant Manager to the CA DLP account management screens.
Note: For more information about how to use the Role Definition Generator, see How you Generate CA Identity Manager User Console Account Screens in the Connector Xpress Guide.
To generate DLP account management screens using the Role Definition Generator
<jboss_home>\server\default\deploy\iam_im.ear\user_console.war\WEB-INF\lib
Making a backup of the CA_DLP.jar file allows you to restore the previous version of the CA DLP Connector metadata, and revert to the previous version of the DLP account management screens, if necessary.
For example:
RoleDefGenerator.bat -d im -h myProvisioningServer -p myport -u Adminlogin "CA DLP"
When prompted, enter the provisioning server password.
The Role Definition Generator creates the CA_DLP.jar file and puts it in the following folder by default:
<identity manager_home>\RoleDefinitionGenerator\bin
<jboss_home>\server\default\deploy\iam_im.ear\user_console.war\WEB-INF\lib
Identity Manager loads the new role, screen, and task definitions for the CA DLP account management screens.
The Environment Properties page appears.
Identity Manager displays the currently installed version of the DLP metadata in the Installed Version column. The version of the CA DLP Connector metadata that you deployed to the provisioning server in Step 6 appears in the Version column.
Identity Manager deploys the role definitions, screens, tasks, and roles for the CA DLP Connector and updates the Identity Manager environment you selected.
Copyright © 2011 CA. All rights reserved. | Email CA Technologies about this topic |