8. Role-Based Entitlements: What's New

(Home)     Previous     Next



Entitlement Policies

Roles-Based Entitlement policies allows you to grant entitlements on the connected systems to a group of Novell eDirectory users. Through Entitlement policies, you can streamline the management of business policies and reduce the need to configure your Identity Manager drivers.

An Entitlement policy is an eDirectory Dynamic Group object with additional features added so that you can grant entitlements on the connected systems. When you create an Entitlement policy, you define the membership for the policy and the entitlements that should be granted to the members of the Entitlement policy. The list of Entitlement policies indicates the priority.

The Entitlements Service Driver implements entitlements through entitlement policies. In Designer, the Role-based Entitlement editor allows you to create Entitlement policies and associate the entitlements and the members for each policy.

To create Roles-based Entitlement policies, right-click the driver set in the Outline View > New > Role-based Entitlement Policies.


The Roles-based Entitlement Policies editor has the following tabs:

General

Describes the Entitlement policy.

Entitlements

Contains the list of entitlements associated with a policy. Users assigned to the policy receive all the entitlements associated with the policy. If a user is removed from the policy, he or she loses all entitlements associated with the policy.





Membership

Contains a list of users assigned to the policy. A user can be dynamically assigned to the policy when he or she fulfills the criteria for the policy, or is statically (manually) assigned to the policy. Static membership allows you to include users who do not meet the dynamic membership criteria or exclude users who meet the criteria but should not be members of the policy. Dynamic membership allows you to define which users should be members of the entitlement policy by specifying criteria and by specifying the location in the tree to search for the users that meet the criteria.