Implementation Guide › Optimizing CA IdentityMinder › Role Optimizations › Optimize Role Policy Evaluation

Optimize Role Policy Evaluation

For each admin role, you can create three types of policies:

• Member policies

  Define a member rule, which determines the users who receive the role, and scope rules, which determine the objects that role members can manage

• Admin policies

  Define admin rules, scope rules, and administrator privileges for a role

• Owner policies

  Define who can modify a role

To optimize performance when CA IdentityMinder evaluates role policies, consider the following:

• Limit the number of admin roles in a CA IdentityMinder environment.
• Follow the guidelines for creating policy rules.
• Tune the user store.
• Tune the policy store, if CA IdentityMinder includes SiteMinder.