|
| |
| Sun Java[TM] System Identity Manager 7.1 Admininstration | |
Glossary
access review A managed and audited process of attesting that a set of employees have the appropriate user entitlements on a particular date.
Unique set of capabilities for each set of organizations assigned to an administrative user.
administrator Person who sets up Identity Manager or is responsible for operational tasks, such as creating users and managing access to resources.
administrator interface P rimary administrative view of Identity Manager.
approver User with administrative capabilities responsible for approving or rejecting access requests.
attest An action performed by an attestor during an access review to confirm that a user entitlement is appropriate.
attestation task Logical collection of user entitlement reviews requiring attestation. User entitlements are grouped into a single attestation task if they are assigned to the same attestor and are produced from the same access review instance.
attestor User who accepts responsibility for certifying (attesting) that a user entitlement is appropriate. An attestor has extended privileges in Identity Manager that are necessary to manage user entitlements requiring attestation.
business process editor (BPE) Graphical view of Identity Manager forms, rules, and workflow provided with Identity Manager versions prior to 7.0. The BPE has been replaced by the Identity Manager IDE in the current versions of Identity Manager. See Identity Manager IDE.
capability Group of access rights for user accounts that governs actions performed in Identity Manager; low-level access control within Identity Manager.
directory junction Hierarchically related set of organizations that mirrors a directory resource’s actual set of hierarchical containers. Each organization in a directory junction is a virtual organization.
escalation timeout A time range specified for a work item request in which the assigned work item owner has to respond before the Identity Manager process sends it to the next assigned responder.
form Object associated with a Web page that contains rules about how a browser should display user view attributes on that page. Forms can incorporate business logic, and are often used to manipulate view data before it is presented to the user.
Identity Manager IDE The Identity Manager Integrated Development Environment (IDE) is a Java application that enables you to view, customize, and debug Identity Manager objects in your deployment.
identity template Defines the user’s resource account name.
organization Identity Manager container used to enable administrative delegation.
Organizations define the scope of entities (such as user accounts, resources, and administrator accounts) an administrator controls or manages. Organizations provide a “where” context, primarily for Identity Manager administrative purposes.
periodic access review An access review that is performed at periodic intervals, for example, every calendar quarter.
policy Establishes limitations for Identity Manager accounts.
Identity Manager policies establish user, password, and authentication options, and are tied to organizations or users. Resource password and account ID policies set rules, allowed words, and attribute values, and are tied to individual resources.
remediator An Identity Manager user specified as the assigned remediator for an audit policy.
When Identity Manager detects a compliance violation that requires remediation, it creates a remediation work item and sends the work item to the remediator’s work item list.
resource IAn Identity Manager object that stores information about how to connect to a resource or system on which accounts are created.
Resources to which Identity Manager provides access include mainframe security managers, databases, directory services, applications, operating systems, ERP systems, and messaging platforms.
resource adapter Identity Manager component that provides a link between the Identity Manager engine and the resource.
This component enables Identity Manager to manage user accounts on a given resource (including create, update, delete, authenticate, and scan capabilities) as well as utilize that resource for pass-through authentication.
resource adapter account Credentials used by an Identity Manager resource adapter to access a managed resource.
resource group Collection of resources used to order the creation, deletion, and update of user resource accounts.
resource wizard Identity Manager tool that steps through the resource creation and modification process, including setup and configuration of resource parameters, account attributes, identity template, and Identity Manager parameters.
role In Identity Manager, a template or profile for a class of users. Each user can be assigned to one or more roles, which define account resource access and default resource attributes.
rule Object in the Identity Manager repository that contains a function written in XPRESS, XML Object, or JavaScript languages. Rules provide a mechanism for storing frequently used logic or static variables for reuse within forms, workflows, and roles.
schema List of user account attributes for a resource.
schema map Map of resource account attributes to Identity Manager account attributes for a resource.
Identity Manager account attributes create a common link to multiple resources and are referenced by forms.
service provider users Extranet users, or customers of a service provider that are distinguished separately from the service provider company’s personnel or intranet users.
user Person who holds an Identity Manager system account. Users can hold a range of capabilities in Identity Manager; those with extended capabilities are Identity Manager administrators.
user account Account created using Identity Manager.
Refers either to an Identity Manager account or accounts on Identity Manager resources. The user account setup process is dynamic; information or fields to be completed depend on the resources provided to the user directly or indirectly through role assignment.
user entitlement User view showing the assigned resouces, and the important attributes on those resources, for a single user on a particular date.
user interface Limited view of the Identity Manager system.
Specifically tailored to users without administrative capabilities, it allows them to perform a range of self-service tasks such as changing passwords, setting answers to authentication questions and managing delegated assignments.
virtual organization Organization defined within a directory junction. See directory junction.
workflow A logical, repeatable process during which documents, information, or tasks are passed from one participant to another. Identity Manager workflows comprise multiple processes that control creation, update, enabling, disabling, and deletion of user accounts.
work items an action request generated by a workflow, form, or procedure in Identity Manager that is assigned to a user that has been specified as an approver, attestor, remediator.