Novell IDENTITY MANAGER 3.6.1 - ENTITLEMENTS, Руководство пользователя

Страница: 9 / 44

Entitlements Overview
1
9
no
vd
ocx
(e
n)
13
Ma
y 20
09
1
Entitlements Overview
Novell
®
Identity Manager uses entitlements as a way for you to provide users with access to
resources in connected systems.
You can think of an entitlement as a permission slip. For example, if you want a new employee to be
given an Active Directory* account when he or she is added to your Human Resource system, the
user must have a permission slip, or entitlement, for the Active Directory account. If the user doesn’t
have the permission slip, he or she doesn’t receive the account.
The following sections explain how entitlements work and how they make administration of your
Identity Manager system more efficient.
Š
Section 1.1, “How Entitlements Work,” on page 9
Š Section 1.2, “Why Use Entitlements?,” on page 10
Š
Section 1.3, “Drivers with Preconfigured Entitlements,” on page 11
1.1 How Entitlements Work
The following diagram shows the basic entitlement process.
Figure 1-1
Overview of Entitlements
1. An entitlement agent grants an entitlement to a user. There are three ways that entitlements are
granted to a user:
Š
Role-Based Entitlements: The Entitlements Service driver grants the entitlement based
on criteria that place the user in a particular role (or group). The criteria can be based on
any event that occurs in the Identity Vault. For example, adding a new employee in an HR
system causes a User object to be created in the Identity Vault. Creation of the new User
object is the criterion that causes the Entitlements Service driver to grant the Active
Directory User Account entitlement to the user.
Š
User Application Roles Based Provisioning: The user receives a role assignment
through the User Application. The User Application’s Role Service driver grants the user
any entitlements associated with the new role. For example, a user is assigned an