Sun Identity Manager 8.1 Business Administrator's Guide

The User Pages (Create/Edit/View)

This section describes the Create User, Edit User, and View User pages that are available in the Administrator interface. Instructions on how to use these pages appear later in this chapter.

Note –

This documentation describes the default set of Create User, Edit User, and View User pages that ship with Identity Manager. To better reflect your business processes or specific administrator capabilities, however, you should create custom user forms specifically for your environment. For more information about customizing the user form, see Chapter 3, Identity Manager Forms, in Sun Identity Manager Deployment Reference.

The default Identity Manager user pages are organized into the following tabs or sections:

Identity Tab

The Identity area defines a user’s account ID, name, contact information, manager, governing organization, and Identity Manager account password. It also identifies the resources to which the user has access, and the password policy governing each resource account.

Note –

For information about setting up account password policies, read the section in this chapter titled Managing Account Security and Privileges.

The following figure illustrates the Identity area of the Create User page.

Figure 3–1 Create User - Identity

Figure showing the Identity Area of the Create User Screen

Resources Tab

The Resources area provides for the direct assignment of resources and resource groups to a user. Resource exclusions can also be assigned.

Directly assigned resources supplement resources that are indirectly assigned to the user through role assignment. Role assignment profiles a class of users. Roles define user access to resources through indirect assignment.

Roles Tab

The Roles tab is used to assign one or more roles to a user, and manage those role assignments.

See To Assign Roles to a User for information about this tab.

Security Tab

In Identity Manager terminology, a user who is assigned extended capabilities is an Identity Manager administrator. Use the Security tab to assign a user administrator privileges.

For more information on using the Security tab to create administrators, see Creating and Managing Administrators.

The Security form consists of the following sections.

Note –

To have administrator capabilities, a user must be assigned at least one Admin role, or one or more capabilities AND one or more controlled organizations. For more information about Identity Manager administrators, seeUnderstanding Identity Manager Administration.

Delegations Tab

The Delegations tab on the Create User page lets you delegate work items to other users for a specified length of time. For more information about delegating work items, read Delegating Work Items.

Attributes Tab

The Attributes tab on the Create User page defines account attributes associated with assigned resources. Listed attributes are categorized by assigned resource, and differ depending on which resources are assigned.

Compliance Tab

The Compliance tab:

To assign audit policies, move selected policies from the Available Audit Policies list to the Current Audit Policies list.

Note –

You can view compliance violations logged for a user for a specific time period, by selecting View Compliance Violation Log from the User Actions list and specifying the range of entries to view.