Identity policies can automatically assign resources, such as domain accounts, or grant entitlements, such as making a user a member of a role, when users meet the policy condition. For example, you can create a set of identity policies that assign resources and roles based on a user’s title.
To create an identity policy set for allocating resources and roles, create an identity policy with the following settings for each of the titles in your organization:
|
Setting |
Value |
|---|---|
|
Policy Condition |
title = <some_title> |
|
Action on Apply Policy |
Any actions that allocate resources or entitlements to users who meet the policy condition, for example:
|
|
Action on Remove Policy |
Any actions that remove resources or entitlements when a user no longer meets the policy condition. For example, if CA Identity Manager made the user a member of a role when the identity policy was applied, you may want to configure CA Identity Manager to revoke the role when the user no longer meets the policy condition. |
The following figure illustrates sample policies in the Employee Resources identity policy set:
|
Copyright © 2015 CA Technologies.
All rights reserved.
|
|