Policy rules, which dynamically identify a set of users, are used in the evaluation of role member, admin, and owner policies, and identity policies. The evaluation of these rules can take significant time in large CA IdentityMinder implementations.
Note: For more information about member, admin, owner, and identity policies, see the Administration Guide.
To reduce the evaluation time for rules that include user-attributes, you can enable the in-memory evaluation option. When the in-memory evaluation option is enabled, CA IdentityMinder retrieves information about a user to be evaluated from the user store and stores a representation of that user in memory. CA IdentityMinder uses the in-memory representation to compare attribute values against policy rules. This limits the number of calls CA IdentityMinder makes directly to the user store.
You enable the in-memory evaluation option for an environment in the Management Console.
Follow these steps:
The User Defined Properties page opens.
UseInMemoryEvaluation
In-memory evaluation is disabled.
In-memory evaluation is enabled. When this option is specified, the attribute comparison is case-sensitive.
In-memory evaluation is enabled. When this option is specified, the attribute comparison is not case-sensitive.
CA IdentityMinder adds the new property to the list of existing properties for the environment.
|
Copyright © 2013 CA.
All rights reserved.
|
|