|
|
|
With Identity Manager, you assign privileges to users by assigning roles. A role contains tasks that correspond to application functions in Identity Manager or account templates that correspond to additional accounts. When you assign a role to a user, that user can perform the tasks contained in the role or use the accounts associated with the role.
Identity Manager provides these types of roles:
Roles simplify privilege management. Instead of associating a user with each task that he performs or each account that he needs, you can assign a role to the user. The user can perform the tasks in the role or use the accounts associated with the role.
You can then edit the role by adding tasks or account templates, which define the accounts. Every user who has the role can now perform the new task or use the new account. If you remove a task or account template from a role, the user can no longer perform that task or use the account.
Tasks enable users to perform Identity Manager functions, such as modifying a profile.
The following illustration shows several tasks which are combined into a single admin role and assigned to multiple users:
For a provisioning role, you combine several accounts, such as an email account, a database account, and an Active Directory account. You can assign the role to several users, who each need these accounts.
The following illustration shows several accounts which are combined into a single provisioning role and assigned to multiple users.
Note: In this figure, each user receives four accounts, when you assign the provisioning role to that user.
| Copyright © 2011 CA. All rights reserved. | Email CA Technologies about this topic |