Connector Guides › Connectors Guide › Connecting to Endpoints › CA DLP Connector › Connector Specific Features › How to Create Custom User Categories

How to Create Custom User Categories

CA DLP Connector account management screens display the same user categories used in CA DLP by default. For example, Administrator, Manager, User, Policy Administrator, and Reviewer.

CA DLP supports the addition of new user categories. If you add a user category in your CA DLP environment, we recommend that you also add the new user category to the CA DLP Connector account management screens. Adding user categories to the CA DLP Connector account management screens to match the user categories on your CA DLP endpoint makes administration easier.

For example, if you add a user category named Assistant Manager to your CA DLP environment, you can add a user category attribute named Assistant Manager to the CA DLP Connector account management screens.

You can add the new user category attribute by using Connector Xpress to edit the metadata of the CA DLP Connector.

To create a custom user category on the CA DLP Connector Account tab in the CA IdentityMinder User Console account management screens, do the following:

1. Edit the metadata of the CA DLP Connector using Connector Xpress as follows:
   1. Create a Connector Xpress project based on the existing CA DLP Connector metadata.
   2. In Connector Xpress, add the same User Category attribute that you added to the CA DLP endpoint.
   3. Redeploy the CA DLP Connector metadata to the provisioning server.

      Important! We recommend that you edit only the DLPUserCategory attribute in the CA DLP Connector metadata. Editing other attributes can make the CA DLP Connector inoperable.

   4. Redeploy the CA DLP Connector metadata to the provisioning server.
2. Generate the DLP account management screens, as follows:
   1. Use the Role Definition Generator to generate the CA_DLP.jar file.

      The CA_DLP.jar file contains the role, task, and screen definitions for the DLP account management screens in the CA IdentityMinder User Console.

   2. Import the CA_DLP.jar file into the CA IdentityMinder User Console.

Example: Edit the metadata of the CA DLP Connector using Connector Xpress

The following example shows you how to add a CA DLP user category attribute named Assistant Manager to the CA DLP account management screen. You add the attribute by using Connector Xpress to edit the CA DLP Connector metadata. This example assumes that you have added a user category named Assistant Manager to your CA DLP environment.

This example shows you how to add a user category named Assistant Manager to the Account Management tab in the CA IdentityMinder User Console.

To edit the metadata of the CA DLP Connector using Connector Xpress

1. Start Connector Xpress.
2. If necessary, add and configure the provisioning server that manages the CA DLP Connector.
3. In the Provisioning Servers tree, navigate to your CA DLP endpoint.
4. Right-click the CA DLP endpoint, then click Create a Project.

   Connector Xpress creates a project based on the existing CA DLP Connector metadata.

5. In the Mapping Tree, click the Custom Types node.

   The Custom Types dialog appears.

6. Under Enumerated Types, click DLPUserCatergory.
7. In the Values list, click Add, then enter the following:

   Value

   Defines the value of the enumerated type used on the endpoint system.

   Example: Assistant Manager

   Display Name

   (Optional) Defines the name of the enumerated type displayed in the CA IdentityMinder User Console.

   Example: Assistant Manager

   Ordinal

   (Optional) Defines the order of the enumerated values.

   Example: 2

8. In the Provisioning Servers tree, navigate to your CA DLP endpoint.
9. Right-click the CA DLP endpoint, then click Deploy Metadata.

   The Deploy Metadata dialog appears.

10. When prompted, increase the version number of the CA DLP Connector and confirm that you want to deploy the new metadata to the provisioning server.

    Connector Xpress deploys the CA DLP Connector metadata to the provisioning server.

    Next, use the Role Definition Generator to generate the CA DLP account management screens.

Note: For more information about how to add and configure a provisioning server, create a Connector Xpress project, and generate CA IdentityMinder User Console account management screens, see the Connector Xpress Guide.

Example: Generate CA DLP account management screens using the Role Definition Generator

This example shows you how to use the Role Definition Generator to generate the CA_DLP.jar file and how to import it into the CA IdentityMinder User Console to generate DLP account management screens. This example uses a provisioning server named myProvisioningServer, with administrator login name AdminLogin for a CA DLP endpoint named CA DLP.

This example assumes that you have edited the metadata of the CA DLP Connector using Connector Xpress and added a new user category named Assistant Manager to the CA DLP account management screens.

Note: For more information about how to use the Role Definition Generator, see How you Generate CA IdentityMinder User Console Account Screens in the Connector Xpress Guide.

To generate DLP account management screens using the Role Definition Generator

1. On the computer where you installed CA IdentityMinder, stop the CA IdentityMinder Server.
2. Navigate to the following folder:

   <jboss_home>\server\default\deploy\iam_im.ear\user_console.war\WEB-INF\lib 
   

3. Back up the current CA_DLP.jar file.

   Making a backup of the CA_DLP.jar file allows you to restore the previous version of the CA DLP Connector metadata, and revert to the previous version of the DLP account management screens, if necessary.

4. Navigate to one of the following directories according to your operating system:
   • (Windows) <identity manager_HOME>\tools\RoleDefinitionGenerator\bin
   • (UNIX) <identity manager_HOME>/ tools/RoleDefinitionGenerator/bin
5. Open a Command Prompt window or a terminal window according to your operating system, then enter one of the following commands:
   • (Windows) RoleDefGenerator.bat -d exampledomain –h im.example.com -p port–u adminusername EndpointType
   • (UNIX) RoleDefGenerator.sh -d exampledomain –h im.exmaple.com –p port –u adminusername EndpointType

   For example:

   RoleDefGenerator.bat -d im -h myProvisioningServer -p myport -u Adminlogin "CA DLP"
   

   When prompted, enter the provisioning server password.

   The Role Definition Generator creates the CA_DLP.jar file and puts it in the following folder by default:

   <identity manager_home>\RoleDefinitionGenerator\bin
   

6. Copy the CA_DLP.jar that you generated to the following folder:

   <jboss_home>\server\default\deploy\iam_im.ear\user_console.war\WEB-INF\lib
   

7. Restart the CA IdentityMinder Server.

   CA IdentityMinder loads the new role, screen, and task definitions for the CA DLP account management screens.

8. Start the CA IdentityMinder Management Console.
9. Click Environments, then click the environment that you want to change.

   The Environment Properties page appears.

10. Click Role and Task Settings, then click Import.

    CA IdentityMinder displays the currently installed version of the DLP metadata in the Installed Version column. The version of the CA DLP Connector metadata that you deployed to the provisioning server in Step 6 appears in the Version column.

11. In the Name column, select the check box next to CA_DLP, then click Finish.

    CA IdentityMinder deploys the role definitions, screens, tasks, and roles for the CA DLP Connector and updates the CA IdentityMinder environment you selected.

12. Click Continue, then click Restart Environment.
13. Start the CA IdentityMinder User Console.
14. Verify that CA IdentityMinder has added the user category Assistant Manager to the CA DLP account management screens, as follows:
    1. In the CA IdentityMinder User Console, view the CA DLP default template
    2. Click the Account tab.
    3. Verify that CA IdentityMinder has added the new user category Assistant Manager.