|
|
|
If you have purchased CA Identity Manager (Identity Manager), you can exclude Identity Manager access roles from your policies. Identity Manager access roles define roles that may be assigned to users in Identity Manager. Roles may be associated with users or groups of users that share common access requirements. For more information about access roles in Identity Manager, see CA Identity Manager Operations Guide.
You can exclude roles from policies using a procedure similar to excluding groups from policies. When a user who has been assigned the excluded access role in Identity Manager tries to access a protected resource, the Policy Server verifies that the user has been assigned the excluded Identity Manager role, and blocks access to the resource.
To exclude Identity Manager roles from a policy
The Users tab contains sub-tabs for each user directory and IdentityMinder Environment included in the policy domain.
The SiteMinder Policy Identity Manager Role dialog opens.
The opposite procedure removes roles from the Current Members list.
You can select multiple entries by holding the CTRL or SHIFT key and clicking on entries in one of the Members lists. When you select multiple entries and click one of the Arrow buttons, the Policy Server User Interface moves all of the selected entries.
A red circle with a slash appears to the left of the excluded roles.
| Copyright © 2011 CA. All rights reserved. | Email CA Technologies about this topic |