|
|
|
Capability Attributes
An account template can contain two types of attributes: initial or capability. An initial attribute is used only when a CA Top Secret CREATE is done. A capability attribute affects processing when a CA Top Secret CREATE is done and when synchronization is performed. The CA Top Secret security capability attributes appear as boldface characters in the account template property sheet.
In CA Identity Manager, when a CREATE is done and multiple account templates are assigned to the global user, the product performs a CREATE using the values of the first account template and issues successive MODIFY statements to implement the values of the subsequent account templates. This becomes important with CA Top Secret because, at a minimum, each ACID must be assigned a department. We recommend that you enter a department value in the global user attributes and that each account template use the %UDEPT% rule string to obtain the value from the global user record. This ensures uniformity during the CREATE and also ensures that the ACID does not get moved between departments during subsequent MODIFY statements.
The Department field does not appear in the account template as a required field but may be required for a successful CREATE. You should always verify the use of your account templates under as many conditions as will exist in your CA Identity Manager implementation.
| Copyright © 2011 CA. All rights reserved. | Email CA Technologies about this topic |