The following table provides information about the account attributes that are specific to Access Enforcer. Refer to the documentation for the SAP adapter for information about general SAP attributes. Unless stated otherwise, all attribute types are String, and all attributes are write-only. The values for all attributes listed below are converted to uppercase.
Identity System User Attribute |
Resource Attribute Name |
Description |
---|---|---|
aeUserId |
UserId |
Required. The User ID for the Access Enforcer account |
aeEmailAddress |
EmailAddress |
Required. The email assigned to the user. |
aeFirstName |
FirstName |
Required. The user’s first name. |
aeLastName |
LastName |
Required. The user’s last name. |
aeRequestorId |
RequestorId |
Required. The user ID of the person requesting the account. |
aeRequestorLastName |
RequestorLastName |
Required. The last name of the requestor. |
aeRequestorFirstName |
RequestorFirstName |
Required. The first name of the requestor. |
aeRequestorEmailAddr |
RequestorEmailAddr |
Required. The email address of the requestor. |
aePriority |
Priority |
Required. The priority of the request. |
aeApplication |
Application |
Required. The application to add to grant access to. |
aeLocation |
Location |
The user’s location. |
aeCompany |
Company |
The user’s company. |
aeDepartment |
Department |
The user’s department. |
aeEmployeeType |
EmployeeType |
The employment status of the user. |
aeRequestReason |
RequestReason |
Description of why access is being requested. |
aeRoles |
Roles |
Complex. The roles assigned to the user. This attribute contains values for ValidFrom, ValidTo, and Rolename. |
aeValidFrom |
ValidFrom |
The beginning time of a request. |
aeValidTo |
ValidTo |
The end time of a request. |
aeTelephone |
Telephone |
The user’s telephone number. |
aeManagerId |
ManagerId |
Required. The account ID of the user’s manager. This value must be valid, existing value in Access Enforcer. |
aeManagerFirstName |
ManagerFirstName |
Required. The manager’s first name. This value must be valid, existing value in Access Enforcer. |
aeManagerLastName |
ManagerLastName |
Required. The manager’s last name. This value must be valid, existing value in Access Enforcer. |
aeManagerEmailAddr |
ManagerEmailAddr |
Required. The manager’s email address. This value must be valid, existing value in Access Enforcer. |
The attributes designated as required must be sent in the Submit Request service call. However, they are not marked as required on the schema map because of conflicts that may occur when updating a user that has other resources assigned.
Other attributes may be added to the schema map, but are considered custom attributes in Access Enforcer. To distinguish the custom attributes, you must prepend AE to any Resource User Attribute. (For example, AEMyAttribute.) The values for custom attributes are not converted to uppercase.