Previous Topic: Account Templates TabNext Topic: Member, Admin, and Owner Rules


Members Tab

The Members tab displays member policies. The Members tab lets you add, edit, or remove member policies. For all roles, a member policy includes a member rule, a rule that defines conditions for a user to be a role member. For an access role, a member policy contains only a member rule.

For an admin role, a member policy combines a member rule with scope rules. If a user meets the member rule, that user has the scope defined in that policy. Depending on the object (primary or secondary) of the tasks in the role, different scope rules apply:

This tab contains the following fields:

Member Rule Column

Displays the rules that users must satisfy to be a role member.

Scope Rule column

Displays the objects that can be managed by a role member.

The scope rules limit the primary and secondary objects available to tasks in the role. For example, if the role contains a task that modifies groups, the user scope rule limits the users (primary object) that can be found and the group scope rule limits the groups (secondary object) that can be assigned.

Administrators can add and remove members of this role

If you select this check box, these options appear:

Add Action

Changes to a user profile when a user is added as a role member.

Remove Action

Changes to a user profile when a user is removed as a role member.

You must specify an Add and Remove Action for CA Identity Manager to correctly manage a role’s membership when an administrator grants or revokes the role. The Add Action must make the user meet the criteria in one of the role’s member rules. For example, suppose the User Manager role has the following member rules:

For modify and create tasks:

More information:

Member, Admin, and Owner Rules

User Filter Options

Group Filter Options

Organization Filter Options

Organization Rule Options