Select Scalable Policy Rule Types

Implementation Guide › Optimizing CA IdentityMinder › Role Optimizations › Guidelines for Policy Rule Creation › Select Scalable Policy Rule Types

Select Scalable Policy Rule Types

In addition to the number of policy rules, the type of policy rule may also impact performance. Typically, policy rules are constructed based on how the user store is structured and how entitlements are determined. For example, you may create policy rules based on group membership, organization, or user attributes. However, when there are multiple ways to construct policy rules, consider the performance guidelines in the following table before deciding which type of rule to construct.

Note: The policy rule types in the following table are listed in order of performance, beginning with the most efficient rule type.

Policy Rule Type	Performance Notes
Organization	Best overall performance Does not require a search in LDAP directories. CA IdentityMinder uses the DN of the user being evaluated and the DN of the organization in the policy rule
Role	CA IdentityMinder stores role object information and previous evaluations in the object store cache In most cases, performance will be as good as organization policy rules
User attribute	Provides the best user store search performance, and is the least affected by large user populations Allows you to enable in-memory evaluation for significant performance gains
Group Membership	Performance depends on group size and user store type