User manual NOVELL IDENTITY MANAGER 3.6.1 STAGING BEST PRACTICES GUIDE 2010
DON'T FORGET : ALWAYS READ THE USER GUIDE BEFORE BUYING !!!
If this document matches the user guide, instructions manual or user manual, feature sets, schematics you are looking for, download it now. Diplodocs provides you a fast and easy access to the user manual NOVELL IDENTITY MANAGER 3.6.1. We hope that this NOVELL IDENTITY MANAGER 3.6.1 user guide will be useful to you.
You may also download the following manuals related to this product:
NOVELL IDENTITY MANAGER 3.6.1 E-MAIL (495 ko)
NOVELL IDENTITY MANAGER 3.6.1 OVERVIEW (3407 ko)
NOVELL IDENTITY MANAGER 3.6.1 SECURITY (397 ko)
NOVELL IDENTITY MANAGER 3.6.1 JOBS GUIDE (591 ko)
NOVELL IDENTITY MANAGER 3.6.1 ENTITLEMENTS (776 ko)
NOVELL IDENTITY MANAGER 3.6.1 INSTALLATION (2590 ko)
NOVELL IDENTITY MANAGER 3.6.1 REMOTE LOADER (697 ko)
NOVELL IDENTITY MANAGER 3.6.1 REPORTING GUIDE (888 ko)
NOVELL IDENTITY MANAGER 3.6.1 PASSWORD MANAGEMENT (1334 ko)
NOVELL IDENTITY MANAGER 3.6.1 DTD REFERENCE 05-06-2009 (5417 ko)
NOVELL IDENTITY MANAGER 3.6.1 CLIENT LOGIN EXTENSION GUIDE (609 ko)
NOVELL IDENTITY MANAGER 3.6.1 UNDERSTANDING POLICIES 05-06-2009 (874 ko)
NOVELL IDENTITY MANAGER 3.6.1 COMMON DRIVER ADMINISTRATION GUIDE (1479 ko)
NOVELL IDENTITY MANAGER 3.6.1 NULL SERVICE AND LOOPBACK SERVICE DRIVERS (511 ko)
NOVELL IDENTITY MANAGER 3.6.1 MANUAL TASK SERVICE DRIVER IMPLEMENTATION GUIDE (742 ko)
NOVELL IDENTITY MANAGER 3.6.1 WORKORDER DRIVER IMPLEMENTATION GUIDE 18-12-2009 (863 ko)
Manual abstract: user guide NOVELL IDENTITY MANAGER 3.6.1STAGING BEST PRACTICES GUIDE 2010
Detailed instructions for use are in the User's Guide.
[. . . ] novdocx (en) 16 April 2010
AUTHORIZED DOCUMENTATION
Identity Manager 3. 6. 1 Staging Best Practices Guide
Novell®
3. 6. 1
June 24, 2010
Identity ManagerTM
www. novell. com
Identity Manager 3. 6. 1 Staging Best Practices Guide
novdocx (en) 16 April 2010
Legal Notices
Novell, Inc. makes no representations or warranties with respect to the contents or use of this documentation, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. reserves the right to revise this publication and to make changes to its content, at any time, without obligation to notify any person or entity of such revisions or changes. makes no representations or warranties with respect to any software, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. [. . . ] Search identities and Memebrship Filter on Dynamic groups and RBE policies. Groups Ensure that the static and dynamic group objects are created before deploying them. The following objects must be included in the list: Groups that are used in any policies. Password Policies Indices Custom Objects Ensure that the policies are created before deploying them. The following objects must be included in the list: All custom objects that are Security Equivalences objects for all the drivers. Custom objects that are used in GCVs.
Preparing for Staging
13
novdocx (en) 16 April 2010
Designer 3. 5 and later allows you to import objects listed in the above table in LDIF format and then deploy them along with other objects that are being deployed. NOTE: These objects are not modeled as drivers or driver sets in Designer. They can be modified by modifying the LDIF file that contains these objects in Designer. For more information, refer to Enabling Staging of Projects (http://www. novell. com/documentation/designer35/admin_guide/data/ staging_projects. html) in the Designer 3. 5 Administration Guide (http://www. novell. com/ documentation/designer35/index. html).
2. 5 Rights
Section 2. 5. 1, "Driver Equivalences, " on page 14 Section 2. 5. 2, "Roles Based Entitlements Policies, " on page 14 Section 2. 5. 3, "Jobs, " on page 15
2. 5. 1 Driver Equivalences
Security Equivalences require rights to the objects within the Identity Vault in order to perform tasks on them. For example, an OracleTM database driver has a policy to create a user in the Identity Vault in a container every time a user is created in the database, but the driver doesn't have enough permissions on the container to create the user, so the process fails. The driver has similar rights as that of the users/objects who have permissions on the container. All the policies should be carefully evaluated for finding out what permissions should be given to the drivers. Designer 3. 5 and later can store the Security Equivalences and Exclude Administrative Roles of the drivers in the project and can assign them to the drivers. Before moving to another staging environment, ensure that you know the Security Equivalences and Exclude Administrative Roles associated with each driver and ensure that these objects are imported as LDIF objects and moved along with other objects before being assigned in the next stage after deployment. If the Security Equivalences object and the Exclude Administrative Roles objects are stored as LDIF objects, Designer ensures that they are created in the next stage before they are assigned.
2. 5. 2 Roles Based Entitlements Policies
Roles Based Entitlements policies are used by the Entitlements Service driver, which grants entitlements to and revokes entitlements from the users. An entitlement policy contains the following: Membership: The list of users assigned to a policy. A user can be dynamically assigned to a policy when he or she meets the criteria for the policy, or the user can be statically (manually) assigned to the policy. Users assigned to the policy receive all of the entitlements associated with the policy. If the user is removed from the policy, he or she loses all entitlements associated with the policy. You can assign any Identity Vault objects for which you want the entitlement policy to be a trustee. Each member of the policy becomes a trustee of the objects you add.
14
Identity Manager 3. 6. 1 Staging Best Practices Guide
novdocx (en) 16 April 2010
There are several reasons why you might want to make the policy a trustee of an object: One of the policy's entitlements requires the policy's members to have rights to an object. You want to use the policy to assign users as trustees of an object even though rights to the object are not required for an entitlement. [. . . ] Right-click eDir2eDir, then click Live >Create eDir-to-eDir Certificates. Java Environment Parameters: The Java* environment parameters enable you to configure the Java Virtual MachineTM (JVM) on the Metadirectory server associated with the driver set. You might need to change the Java classpath options if the . jar files your Metadirectory server is looking for reside at a different place in the new stage. To change the location, go to DriverSet Properties Page > Java > ClassPath Additions and provide the correct classpaths. [. . . ]
DISCLAIMER TO DOWNLOAD THE USER GUIDE NOVELL IDENTITY MANAGER 3.6.1
Click on "Download the user Manual" at the end of this Contract if you accept its terms, the downloading of the manual NOVELL IDENTITY MANAGER 3.6.1 will begin.