The Members tab displays member policies. The Members tab lets you add, edit, or remove member policies. For all roles, a member policy includes a member rule, a rule that defines conditions for a user to be a role member. For an access role, a member policy contains only a member rule.
For an admin role, a member policy combines a member rule with scope rules. If a user meets the member rule, that user has the scope defined in that policy. Depending on the object (primary or secondary) of the tasks in the role, different scope rules apply:
This tab contains the following fields:
Displays the rules that users must satisfy to be a role member.
Displays the objects that can be managed by a role member.
The scope rules limit the primary and secondary objects available to tasks in the role. For example, if the role contains a task that modifies groups, the user scope rule limits the users (primary object) that can be found and the group scope rule limits the groups (secondary object) that can be assigned.
Administrators can add and remove members of this role
If you select this check box, these options appear:
Changes to a user profile when a user is added as a role member.
Changes to a user profile when a user is removed as a role member.
You must specify an Add and Remove Action for CA Identity Manager to correctly manage a role’s membership when an administrator grants or revokes the role. The Add Action must make the user meet the criteria in one of the role’s member rules. For example, suppose the User Manager role has the following member rules:
In this case, the Add Action must make the user conform to one of these rules. For example, the Add Action might add User Manager to the Admin Roles attribute. Similarly, the Remove Action must alter the profile of a user so that the user no longer matches the member rule when the rule is revoked.
For modify and create tasks:
Copyright © 2015 CA Technologies.
All rights reserved.