Novell IDENTITY MANAGER ENTITLEMENTS SERVICE DRIVER 3.6.1 Implementation Manual Download Page 11 | Manualshive

Page: 11 / 40

background image

Overview

11

no

vd

ocx

(e

n)

17

Sep

te

m

be

r 20

09

A user is renamed.

You manually initiate a reevaluation of a policy’s membership.

2. The driver updates the DirXML-EntitlementRef attribute of any user whose entitlements have

changed. This includes granting entitlements if the user was added to an entitlement policy or
revoking entitlements if the user was removed from a policy.

3. After the DirXML-EntitlementRef attribute for a user is updated, the Entitlements Service

driver’s job is finished. For the entitlement to be implemented, the entitlement must be defined
on the appropriate driver and the driver’s policies must include the actions required to enforce
the entitlement. For information about creating entitlements and the policies to support them,
see the

Identity Manager 3.6.1 Entitlements Guide

(http://www.novell.com/documentation/

idm36/idm_entitlements/data/bookinfo.html)

.

1.2 Role-Based Entitlements Versus Other

Entitlements

Entitlements managed through the Entitlements Service driver are called

Role-Based Entitlements

,

or RBEs, because they are granted to users who are members of, or have a role in, an entitlement
policy. Only the Entitlements Service driver uses Role-Based Entitlements and entitlement policies.
The two other entitlement agents (roles-based provisioning and workflow-based provisioning
through the User Application) use their own methods for assigning entitlements to users.

The Role-Based Entitlement functionality in iManager lets you manage the entitlement policies used
by the Entitlements Service driver.

1.3 Multiple Entitlements Service Drivers

If your Identity Manager system includes multiple driver sets and you want to use Role-Based
Entitlements with each driver set, you must create an Entitlements Service driver in each driver set.
In addition, the Entitlements Service driver can manage only those User objects that are in a master
or read/write replica on the Metadirectory server (where the Entitlements Service driver is located).

If necessary, you can run multiple Entitlements Service drivers in the same driver set. However, you
must make sure that the scope of users managed by each of the drivers does not overlap. For
example, entitlements for User A should not be managed by two different Entitlement Service
drivers.

«
...
9
10
11
12
13
...
»

Summary of Contents for IDENTITY MANAGER ENTITLEMENTS SERVICE DRIVER 3.6.1

Page 1: ...m novdocx en 17 September 2009 AUTHORIZED DOCUMENTATION Identity Manager 3 6 1 Driver for Role Based Entitlements Implementation Guide Identity Manager Entitlements Service Driver 3 6 1 June 05 2009 I...

Page 2: ...o export or re export to entities on the current U S export exclusion lists or to any embargoed or terrorist countries as specified in the U S export laws You agree to not use deliverables for prohibi...

Page 3: ...r 2009 Novell Trademarks For a list of Novell trademarks see Trademarks http www novell com company legal trademarks tmlist html Third Party Materials All third party trademarks are the property of th...

Page 4: ...4 Identity Manager 3 6 1 Driver for Role Based Entitlements Implementation Guide novdocx en 17 September 2009...

Page 5: ...17 3 2 2 Configuring the Driver Settings 19 3 2 3 Starting the Driver 19 3 3 Activating the Driver 19 4 Upgrading an Existing Driver 21 4 1 Supported Upgrade Paths 21 4 2 What s New in Version 3 6 1 2...

Page 6: ...iver for Role Based Entitlements Implementation Guide novdocx en 17 September 2009 A 1 3 Authentication 38 A 1 4 Startup Option 38 A 1 5 Driver Parameters 39 A 1 6 ECMAScript Designer Only 39 A 2 Glob...

Page 7: ...ole based entitlements Feedback We want to hear your comments and suggestions about this manual and the other documentation included with this product Use the User Comment feature at the bottom of eac...

Page 8: ...8 Identity Manager 3 6 1 Driver for Role Based Entitlements Implementation Guide novdocx en 17 September 2009...

Page 9: ...driver is one of three entitlement agents that you can use to grant entitlements or permission slips to users The other two entitlement agents are the role based provisioning component and workflow b...

Page 10: ...iated with the policy Users assigned to the policy receive all of the entitlements associated with the policy If the user is removed from the policy he or she loses all entitlements associated with th...

Page 11: ...RBEs because they are granted to users who are members of or have a role in an entitlement policy Only the Entitlements Service driver uses Role Based Entitlements and entitlement policies The two ot...

Page 12: ...12 Identity Manager 3 6 1 Driver for Role Based Entitlements Implementation Guide novdocx en 17 September 2009...

Page 13: ...Entitlements Guide http www novell com documentation idm36 idm_entitlements data bookinfo html Create a new Entitlements Service driver or Upgrade an existing Entitlements Service driver to the new ve...

Page 14: ...14 Identity Manager 3 6 1 Driver for Role Based Entitlements Implementation Guide novdocx en 17 September 2009...

Page 15: ...our environment After you ve created and configured the driver you need to deploy it to the Identity Vault and start it Section 3 1 1 Importing the Driver Configuration File on page 15 Section 3 1 2 C...

Page 16: ...ion Host Specify the IP address or DNS name of the server hosting the Identity Vault Username Specify the DN of the user object used to authenticate to the Identity Vault Password Specify the user s p...

Page 17: ...guration File on page 17 Section 3 2 2 Configuring the Driver Settings on page 19 Section 3 2 3 Starting the Driver on page 19 3 2 1 Importing the Driver Configuration File 1 In iManager click to disp...

Page 18: ...nue with the next section Configuring the Driver Settings or To skip the configuration settings at this time click Finish When you are ready to configure the settings continue with the next section Co...

Page 19: ...ge 4 Conditional If the Entitlement driver s Summary page for the Import Configuration wizard is still displayed click Finish WARNING Do not click Cancel on the Summary page This removes the driver fr...

Page 20: ...n 17 September 2009 For information on activation refer to Activating Novell Identity Manager Products http www novell com documentation idm36 idm_install data afbx4oc html in the Identity Manager 3 6...

Page 21: ...pported Upgrade Paths on page 21 Section 4 2 What s New in Version 3 6 1 on page 21 Section 4 3 Upgrade Procedure on page 21 4 1 Supported Upgrade Paths You can upgrade from any 3 x version of the Ent...

Page 22: ...22 Identity Manager 3 6 1 Driver for Role Based Entitlements Implementation Guide novdocx en 17 September 2009...

Page 23: ...to the policy receive all of the entitlements associated with the policy If the user is removed from the policy he or she loses all entitlements associated with the policy To create an entitlement pol...

Page 24: ...o the object you logged in as but you can change it to an object with the appropriate rights For example if you log in as the administrator there might be parts of the tree that you have rights to tha...

Page 25: ...Users page add the entitlements you want associated with the policy To do so 9a Click Add Driver to display a list of drivers with entitlements 9b Select the driver with the entitlement you want to a...

Page 26: ...n to doing a global assignment of rights to all properties All Attributes Rights you can assign rights to specific properties This lets you limit rights to some properties and expand rights to others...

Page 27: ...is making changes to policies As another example the Identity Manager driver configurations don t revoke entitlements that have values from a user account in another system If a user is granted membe...

Page 28: ...28 Identity Manager 3 6 1 Driver for Role Based Entitlements Implementation Guide novdocx en 17 September 2009...

Page 29: ...swords to securely store passwords associated with the driver Monitoring the driver s health status Backing up the driver Inspecting the driver s cache files Viewing the driver s statistics Using the...

Page 30: ...30 Identity Manager 3 6 1 Driver for Role Based Entitlements Implementation Guide novdocx en 17 September 2009...

Page 31: ...our production environment while your changes to policies are incomplete Similarly the Entitlements Service Driver won t start if more than one person appears to be editing Entitlement Policies at the...

Page 32: ...nts membership in a GroupWise e mail distribution list named Trade Show Mailing List and he is excluded from membership in the Trade Show Managers Policy that also assigns the e mail distribution list...

Page 33: ...ity Manager Identity Manager Overview then select a driver set 2 Click the Driver status button then select Stop driver 3 Click the driver icon for the driver that offers the entitlement you want to c...

Page 34: ...t resolution priority then the order of the list of Entitlement Policies matters but only for those entitlements you changed For information about these values see Conflict Resolution between Entitlem...

Page 35: ...Troubleshooting Role Based Entitlements 35 novdocx en 17 September 2009 4 Click Close to restart the driver Changes in priority don t take effect until the driver is restarted...

Page 36: ...36 Identity Manager 3 6 1 Driver for Role Based Entitlements Implementation Guide novdocx en 17 September 2009...

Page 37: ...on page 2 Open the driver set that contains the driver whose properties you want to edit To do so 2a In the Administration list click Identity Manager Overview 2b If the driver set is not listed on th...

Page 38: ...mote Loader This setting does not apply to the Entitlements Service driver You cannot use the driver with the Remote Loader A 1 2 Driver Object Password iManager Only Option Description Driver Object...

Page 39: ...driver parameters you want to modify Edit XML Opens an editor so that you can edit the driver s configuration file Driver Options There are no general driver options Subscriber Options Result Threshol...

Page 40: ...river set 2c Click the driver set to open the Driver Set Overview page 3 Locate the Entitlements Service driver icon then click the upper right corner of the driver icon to display the Actions menu 4...

Reviews:

No comments

Related manuals for IDENTITY MANAGER ENTITLEMENTS SERVICE DRIVER 3.6.1

Analog Factory S.E.

Brand: Arturia Pages: 31

Brand: Olympus Pages: 149

Brand: I-Data Pages: 79

Brand: Epson Pages: 6

Stylus Color 600Q

Brand: Epson Pages: 1

Stylus Pro - Stylus Color Pro Ink Jet Printer

Brand: Epson Pages: 14

Software Film Factory

Brand: Epson Pages: 73

Stylus Pro - Stylus Color Pro Ink Jet Printer

Brand: Epson Pages: 98

Stylus Color 600Q

Brand: Epson Pages: 95

Brand: Epson Pages: 209

PowerLite D6150

Brand: Epson Pages: 196

DS-605 - VPN Client - PC

Brand: D-Link Pages: 15

DSN-210-SW - SureSync Continuous Data Protection

Brand: D-Link Pages: 4

Brand: D-Link Pages: 56

D-View 6 Professional

Brand: D-Link Pages: 143

Brand: D-Link Pages: 136

Brand: D-Link Pages: 279

External OEMR 2800

Brand: Dell Pages: 32

Brands by name

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Popular brands

Load more brands