Administration GuideManaged Services (Basic Access Requests)Creating a Service › Define Fulfillment and Revocation Actions for the Service

Previous Topic: Understand Fulfillment and Revocation Actions

Next Topic: Assign a Service to a User

Define Fulfillment and Revocation Actions for the Service

On the Actions tab, you define the entitlements and information that CA IdentityMinder adds, modifies, or removes when a service is assigned to, or removed from, a user.

Follow these steps:

  1. Click the Actions tab.

    The Fulfillment and Revocation Actions screen appears.

  2. Click Manage Actions.

    The Modify Policy Xpress Policy screen appears.

    Note: CA IdentityMinder preconfigures the Policy, Events, Data, and Entry Rules tabs. You do not need to modify the information in these tabs.

  3. Click Action Rules.

    A preconfigured action rule appears for this service.

  4. Click the edit icon to the left of the rule.

    The Edit Action Rule Screen appears, with name, description, priority, and rule conditions preconfigured. You do not need to modify these items.

  5. Under Add Actions, click Add Action when Matched.

    The Add Action when Matched screen appears. On this screen, you define the actions that the system takes when the service is assigned to a user.

  6. Enter a friendly name that defines the purpose of the action.

    For example, enter "Add the Sales Manager Admin Role."

  7. Select the category of action you want the system to take.

    For example, to add a role, select the Roles category.

  8. Select the type of action you want the system to take.

    For example, to add or remove an admin role, select the Set Admin Role type.

  9. Select the function that you want the system to perform.

    For example, to add an admin role, select the Add function.

    Note: When you select a function, a description of that function appears. This description can help you determine whether the selected function results in the system behavior you want.

  10. Define the specific action that you want the system to take.

    For example, to add an admin role named "Sales Manager", enter the role name, or click the Browse button and select Sales Manager from the list of available admin roles.

  11. Click OK.

    Repeat this procedure until you have added all the desired actions for this service.

  12. Under Remove Actions, click Add Action when No Longer Matched.

    The Add Action when No Longer Matched screen appears. On this screen, you define the actions that the system takes when the service is revoked from a user.

  13. Similarly, designate the specific action that you want the system to take when the service is revoked.

    Typically, Remove Actions and Add Actions match so that when a service is revoked from a user, all associated entitlements are removed.

  14. Click OK.

    The system associates the designated fulfillment and revocation actions with the service. When a user receives the service, the associated entitlements and information are added, modified or removed.

  15. If desired, you can now assign a service to a user.