Previous Topic: Delete an Identity Manager Environment

Next Topic: Role and Task Settings

Optimize Policy Rule Evaluation

Policy rules, which dynamically identify a set of users, are used in the evaluation of role member, admin, and owner policies, and identity policies. The evaluation of these rules can take significant time in large CA Identity Manager implementations.

Note: For more information about member, admin, owner, and identity policies, see the Administration Guide.

To reduce the evaluation time for rules that include user-attributes, you can enable the in-memory evaluation option. When the in-memory evaluation option is enabled, CA Identity Manager retrieves information about a user to be evaluated from the user store and stores a representation of that user in memory. CA Identity Manager uses the in-memory representation to compare attribute values against policy rules. This limits the number of calls CA Identity Manager makes directly to the user store.

You enable the in-memory evaluation option for an environment in the Management Console.

To enable the in-memory evaluation option

  1. Open the Management Console.
  2. Select Environments, Environment Name, Advanced Settings, Miscellaneous.

    The User Defined Properties page opens.

  3. Enter the following text in the Property field:

    UseInMemoryEvaluation

  4. Enter one of the following numbers in the Value field:
    0

    In-memory evaluation is disabled.

    1

    In-memory evaluation is enabled. When this option is specified, the attribute comparison is case-sensitive.

    3

    In-memory evaluation is enabled. When this option is specified, the attribute comparison is not case-sensitive.

  5. Click Add.

    CA Identity Manager adds the new property to the list of existing properties for the environment.

  6. Click Save.