Identity Manager Roles Based Provisioning Module 3.7.0 ... - NetIQ

More documents

Recommendations

Info

• Erik (an end user) performs a search for all employees who speak German at his location. • Eduardo (an end user) browses the organization chart, finds Ella, and clicks the e-mail icon to send a message to her. Working with Roles and Resources • Maxine (a Role Manager) creates the Nurse and Doctor business roles and the Administer Drugs and Write Prescriptions IT roles. Maxine creates several resources that are needed for these roles, and associates the resources with the roles. • Maxine (a Role Manager) defines a relationship between the Nurse and Administer Drugs roles, specifying that the Nurse role contains the Administer Drugs role. Max also defines a relationship between the Write Prescriptions and Doctor roles, specifying that the Doctor role contains the Write Prescriptions role. • Chester (a Security Officer) defines a separation of duties constraint that specifies that a potential conflict exists between the Doctor and Nurse roles. This means that ordinarily the same user should be not assigned to both roles at the same time. In some circumstances, an individual who requests a role assignment may want to override this constraint. To define a separation of duties exception, the individual who requests the assignment must provide a justification. • Ernest (an end user) browses a list of roles available to him, and requests assignment to the Nurse role. • Amelia (an approver) receives notification of an approval request via e-mail (which contains an URL). She clicks the link, is presented with an approval form, and approves it. • Arnold (a Role Manager) requests that Ernest be assigned to the Doctor role. He is notified that a potential conflict exists between the Doctor role and Nurse role, to which Ernest has already been assigned. He provides a justification for making an exception to the separation of duties constraint. • Edward (a separation of duties approver) receives notification of a separation of duties conflict via e-mail. He approves Arnold’s request to override the separation of duties constraint. • Amelia (an approver) receives notification of an approval request for the Doctor role via e- mail. She approves the Arnold’s request to assign Ernest to the Doctor role. • Bill (a Role Auditor) looks at the SoD Violations and Exceptions Report and sees that Ernest has been assigned to both the Doctor and Nurse roles. In addition, he sees that Ernest has been assigned the resources associated with these roles. Working with Process Requests • Ernie (an end user) browses a list of resources available to him, and requests access to the Siebel* system. • Amy (an approver) receives notification of an approval request via e-mail (which contains an URL). She clicks the link, is presented with an approval form, and approves it. • Ernie checks on the status of his previous request for Siebel access (which has now gone to a second person for approval). He sees that it is still in progress. • Amy is going on vacation, so she indicates that she is temporarily unavailable. No new approval tasks are assigned to her while she is unavailable. • Amy opens her approval task list, sees that there are too many for her to respond to in a timely manner, and reassigns several to co-workers. 20 Identity Manager Roles Based Provisioning Module 3.7.0 User Application: User Guide
• Pat (an administrative assistant, acting as a proxy user for Amy) opens Amy’s task list and performs an approval task for her. • Max (a manager) views the task lists of people in his department. He knows that Amy is on vacation, so he reassigns tasks to others in his department. • Max initiates a request for a database account for someone in his department who reports directly to him. • Max assigns Dan to be an authorized delegate for Amy. • Dan (now a delegated approver) receives Amy’s tasks when she is unavailable. • Max engages an unpaid intern, who should not be entered into the HR system. The system administrator creates the user record for this intern and requests that he be given access to Notes, Active Directory*, and Oracle*. Working with Compliance • Maxine (a Role Manager) creates the Nurse and Doctor business roles and the Administer Drugs and Write Prescriptions IT roles. • Maxine (a Role Manager) defines a relationship between the Nurse and Administer Drugs roles, specifying that the Nurse role contains the Administer Drugs role. Max also defines a relationship between the Write Prescriptions and Doctor roles, specifying that the Doctor role contains the Write Prescriptions role. • Chester (a Security Officer) defines a separation of duties constraint that specifies that a potential conflict exists between the Doctor and Nurse roles. This means that ordinarily the same user should be not assigned to both roles at the same time. In some circumstances, an individual who requests a role assignment may want to override this constraint. To define a separation of duties exception, the individual who requests the assignment must provide a justification. • Arnold (a Role Manager) requests that Ernest be assigned to the Doctor role. He is notified that a potential conflict exists between the Doctor role and Nurse role, to which Ernest has already been assigned. He provides a justification for making an exception to the separation of duties constraint. • Philip (a Compliance Module Administrator) initiates a role assignment attestation process for the Nurse role. • Fiona (an attester) receives notification of the attestation task via e-mail (which contains an URL). She clicks the link and is presented with an attestation form. She provides an affirmative answer to the attestation question, thereby giving her consent that the information is correct. • Philip (a Compliance Module Administrator) initiates a new request for a user profile attestation process for users in the Human Resources group. • Each user in the Human Resources group receives notification of the attestation task via e-mail (which contains an URL). Each user clicks the link and is presented with an attestation form. The form gives the user an opportunity to review the values for various user profile attributes. After reviewing the information, each user answers the attestation question. Getting Started 21
Page 1 and 2: AUTHORIZED DOCUMENTATION User Appli
Page 4 and 5: 4 Identity Manager Roles Based Prov
Page 6 and 7: 4 Using the Associations Report 55
Page 8 and 9: 11 Managing Work for Users, Groups,
Page 10 and 11: 20.3 Exploring the Tab’s Features
Page 12 and 13: Part Part III, “Using the Work Da
Page 14 and 15: 14 Identity Manager Roles Based Pro
Page 18 and 19: • Roles, which enable you to: •
Page 22 and 23: 1.2 Accessing the Identity Manager
Page 24 and 25: 2 Type your username and click Subm
Page 26 and 27: 2 Click the Help link (in the top r
Page 28 and 29: Button Description Localize Display
Page 30 and 31: To use filtering: 1 Specify a value
Page 36 and 37: Figure 2-1 The Organization Chart P
Page 38 and 39: Table 2-2 Actions Available Through
Page 42 and 43: Figure 3-1 Default View at Login In
Page 44 and 45: 3.2 Navigating the Chart This secti
Page 46 and 47: Table 3-1 Types of Organization Cha
Page 48 and 49: Action Expand Manager-Employee Expa
Page 50 and 51: The Lookup page displays your searc
Page 52 and 53: This part of the message Body Conta
Page 56 and 57: Figure 4-1 The Associations Report
Page 60 and 61: If you want to change some of these
Page 62 and 63: 2 Specify search criteria for the u
Page 64 and 65: If you see a list of groups that in
Page 66 and 67: 2 Specify the recipients of the mes
Page 68 and 69: Figure 5-3 The My Profile Page Show
Page 70 and 71:
This is the detailed information ab
Page 72 and 73:
The Identity Manager User Applicati
Page 74 and 75:
Figure 6-2 Specify a Search Criteri
Page 76 and 77:
6.2 Performing Basic Searches 1 Go
Page 78 and 79:
To perform an advanced search: 1 Go
Page 80 and 81:
If the attribute is a User (item ca
Page 82 and 83:
The Lookup page displays: 2 Specify
Page 84 and 85:
For instance, all of the following
Page 86 and 87:
• Revise Search • Export Result
Page 88 and 89:
This page is just like the My Profi
Page 90 and 91:
4 Use the Format drop-down list to
Page 92 and 93:
6.5.4 To Delete a Saved Search 1 In
Page 94 and 95:
7.2 Password Challenge Response Cha
Page 96 and 97:
7.5 Password Policy Status You are
Page 98 and 99:
3 Specify values for the following
Page 100 and 101:
3 Specify values for the following
Page 102 and 103:
You can expand or collapse the node
Page 104 and 105:
Chip chip c c* *p *h* A manager loo
Page 106 and 107:
106 Identity Manager Roles Based Pr
Page 108 and 109:
Page 110 and 111:
Figure 9-1 Work Dashboard If you go
Page 112 and 113:
Action Make a Process Request Descr
Page 114 and 115:
Icon Terminated: Retracted Descript
Page 116 and 117:
9.6.1 User Self-Service The authent
Page 118 and 119:
Table 9-8 Task Notifications for Do
Page 120 and 121:
Table 9-11 Task Notifications for D
Page 122 and 123:
To perform this action... Retract r
Page 124 and 125:
To perform this action... View work
Page 126 and 127:
• When a group is selected, the l
Page 128 and 129:
10.1.2 Viewing the Summary for a Ta
Page 130 and 131:
A pop-up window displays to indicat
Page 132 and 133:
• The name of the user who made t
Page 134 and 135:
If the task requires a digital sign
Page 136 and 137:
The User Application displays a mes
Page 138 and 139:
When no filters are defined, the De
Page 140 and 141:
2 To expand the task list display b
Page 142 and 143:
2 To specify that the action of ope
Page 144 and 145:
The Resource Administrator and Reso
Page 146 and 147:
Scrolling within the Resource Assig
Page 148 and 149:
7 If there are additional custom fi
Page 150 and 151:
• When a role is selected, the Ro
Page 152 and 153:
Sorting the Role Assignment List To
Page 154 and 155:
The User Application displays the l
Page 156 and 157:
• The Recipient column identifies
Page 158 and 159:
Status summary icon Detailed Status
Page 160 and 161:
10.4.2 Viewing the Summary for a Re
Page 162 and 163:
To remove all previously defined fi
Page 164 and 165:
2 To display the details within the
Page 166 and 167:
The Retract button is enabled only
Page 168 and 169:
2 In the Manage control, select the
Page 170 and 171:
11.2 Changing to a Different Manage
Page 172 and 173:
• In the Manage dialog, click the
Page 174 and 175:
Proxy Assignments When a Role Is th
Page 176 and 177:
Settings Menu Option Team Settings>
Page 178 and 179:
2 Select the user for whom you want
Page 180 and 181:
This information is particularly he
Page 182 and 183:
Button Duration End date No Expirat
Page 184 and 185:
Only Provisioning Administrators, P
Page 186 and 187:
NOTE: The User Application does not
Page 188 and 189:
Button No Expiration Specify Expira
Page 190 and 191:
2 Click Select a team to select a t
Page 192 and 193:
Alternatively, use the Object Selec
Page 194 and 195:
manager can still view delegate set
Page 196 and 197:
3 Click Continue. 4 In the Team Mem
Page 198 and 199:
Field Available Requests in Selecte
Page 200 and 201:
7 Specify the status by selecting o
Page 202 and 203:
The All Request Types check box is
Page 204 and 205:
9h If you select a certificate that
Page 206 and 207:
13.2 Making a Process Request To ma
Page 208 and 209:
5i Click Preview to see the user ag
Page 210 and 211:
If the digital signature type is se
Page 212 and 213:
Page 214 and 215:
Page 216 and 217:
14.1.1 About Roles This section pro
Page 218 and 219:
When you define a role, you can opt
Page 220 and 221:
Role Roles Manager Description A sy
Page 222 and 223:
Resource Requests Resources can be
Page 224 and 225:
Table 14-2 Roles and Resources Acti
Page 226 and 227:
Icon Higher Level Relationship Desc
Page 228 and 229:
2 Specify a filter string for the r
Page 230 and 231:
2 Provide details for the role defi
Page 232 and 233:
2 Click Add. The Add Role Relations
Page 234 and 235:
For entitlements that take static p
Page 236 and 237:
Field Standard Approval Description
Page 238 and 239:
You need to have permission to retr
Page 240 and 241:
2 Fill in the fields on the Add Rol
Page 242 and 243:
2 To include an additional column i
Page 244 and 245:
2 In the Filter dialog, specify a f
Page 246 and 247:
Field Description Categories Owners
Page 248 and 249:
The Entitlement tab shows informati
Page 250 and 251:
2 To assign a dynamic value at requ
Page 252 and 253:
3 To assign a dynamic value at requ
Page 254 and 255:
2b The Request Form tab adds a new
Page 256 and 257:
If the Allow role approval process
Page 258 and 259:
For each field on the request form,
Page 260 and 261:
Assigning a Resource From the Catal
Page 262 and 263:
16.1.6 Refreshing the Resource List
Page 264 and 265:
Page 266 and 267:
2 Specify a filter string for the c
Page 268 and 269:
Field Default Approvers Approvers D
Page 270 and 271:
3 Select Show all administrative de
Page 272 and 273:
3 Choose to show all role assignmen
Page 274 and 275:
3 Choose to list all SoD Constraint
Page 276 and 277:
• The Roles in which each user ho
Page 278 and 279:
3 In the User Selection pane, selec
Page 280 and 281:
Page 282 and 283:
The following settings are read-onl
Page 284 and 285:
Field Quorum Description Select Quo
Page 286 and 287:
Page 288 and 289:
Attestation Requests and Processes
Page 290 and 291:
20.2 Accessing the Tab To access th
Page 292 and 293:
Table 20-2 Compliance Actions Categ
Page 294 and 295:
20.6 Common Compliance Actions The
Page 296 and 297:
20.6.4 Defining the Attestation For
Page 298 and 299:
2 Click Submit to initiate the atte
Page 300 and 301:
Page 302 and 303:
2 If you want to use the details fr
Page 304 and 305:
4 Select the SoD constraints whose
Page 306 and 307:
4 In the Verify Assignments For box
Page 308 and 309:
4 In the Verify Roles Assigned To b
Page 310 and 311:
• The Attestation Type column ind
Page 312 and 313:
The Attester column in the Request
Page 314:
6b2 To view those processes that ha
show all

Identity Manager Roles Based Provisioning Module 3.7.0 ... - NetIQ

Create successful ePaper yourself

Delete template?

Save as template?