A shallow use case works with data from several different endpoints to analyze organizational roles and perform certification or role modeling. The object mapping between CA Identity Governance and the endpoint system is less granular than in a deep use case.
When importing data in a shallow use case where endpoints are managed with CA Identity Manager, a specific universe is generated. Endpoint privileges, groups, and roles are mapped to CA Identity Governance resources, and CA Identity Manager provisioning roles and account templates are mapped to CA Identity Governance roles. When CA Identity Governance exports universe data back to CA Identity Manager, it updates changes to provisioning roles and account templates, and any additional or removed links between users, provisioning roles, nested provisioning roles, account templates, and endpoint privileges. CA Identity Manager translates these changes into links between user accounts and endpoint privileges, and where an account does not exist, a new account is created.
CA Identity Governance does not export changes or additions to user attributes or resource attributes (you should manage these attributes with the user management tool or the native utilities of the endpoint, respectively).
You use CA Identity Governance with the CA IAM Connector Server (an optional part of the CA Identity Governance installation) to perform shallow mapping when your endpoints are not managed with CA Identity Manager. You do this by importing data from multiple endpoints through the CA IAM Connector Server. The selected endpoint permissions are modeled as resources, and business roles are modeled as roles. Export is not supported in this scenario.
|
Copyright © 2014 CA.
All rights reserved.
|
|