|
|
|
To support each role, Identity Manager creates a number of objects in the Identity Manager object store, depending on the role configuration.
Identity Manager creates one base object for each role. In addition to the base object, Identity Manager creates two objects for each member, admin, and owner policy rule, and two objects for each scope rule. The rule objects include:
Contains metadata about the rule, such as rule type
Contains the expression to be evaluated
The following table illustrates the objects created for a single admin role.
|
Object Type |
Base Object |
Member Policy Objects |
Admin Policy Objects |
Owner Policy Objects |
|---|---|---|---|---|
|
Admin Role
|
1 |
Member rules: 2 (1 rule definition object and 1 rule data object) Scope rules: 2 (1 rule definition object and 1 rule data object)
Total: 4 objects |
Admin rule: 2 (1 rule definition object and 1 rule data object)
Scope rules: 2 (1 rule definition object and 1 rule data object) Total: 4 objects |
Owner rule: 2 (1 rule definition object and 1 rule data object)
Total: 2 objects |
Note: This table assumes that there is only one member, admin, and owner policy.
For any admin role, Identity Manager creates at least 11 objects. If the member policy included 3 scope rules, the number would increase to 15 objects.
Large numbers of role objects may impact the performance of the object store searches and policy evaluations.
| Copyright © 2011 CA. All rights reserved. | Email CA Technologies about this topic |