Managing EIM user access control

 

Use this information to learn how to manage access for users with LDAP.

An Enterprise Identity Mapping (EIM) user is a user who possesses EIM access control based on their membership in predefined Lightweight Directory Access Protocol (LDAP) user groups. Specifying EIM access control for a user adds that user to a specific LDAP user group. Each LDAP group has authority to perform various EIM administrative tasks in a domain. Which and what type of administrative tasks, including lookup operations, an EIM user can perform is determined by the access control group to which the EIM user belongs.

Only users with either LDAP administrator access control or EIM administrator access control can add other users to an EIM access control group or change access control settings for other users. Before a user can become a member of an EIM access control group, that user must have an entry in the directory server that acts as the EIM domain controller. Also, only specific types of users can be made a member of an EIM access control group: Kerberos principals, distinguished names, and i5/OS^® user profiles.

To have the Kerberos principal user type available in EIM, network authentication service must be configured on the system. To have the i5/OS user profile type available in EIM, configure a system object suffix on the directory server. This allows the directory server to reference i5/OS system objects, such as i5/OS user profiles.

To manage access control for an existing directory server user or to add an existing directory user to an EIM access control group, complete these steps:

1. Expand Network > Enterprise Identity Mapping > Domain Management.

2. Select the EIM domain in which you want to work.

   • If the EIM domain you want to work with is not listed under Domain Management, see Adding an EIM domain to the Domain Management folder.

   • If you are not currently connected to the EIM domain in which you want to work, see Connect to the EIM domain controller.

3. Right-click the EIM domain to which you are connected and select Access Control...

4. In the Edit EIM Access Control dialog, select the User type to display the fields required to provide identifying information for the user.

5. Enter the required user information to identify the user for whom you want to manage EIM access control and click OK to display the Edit EIM Access Control panel. Click Help, if necessary, to determine what information to specify for each field.

6. Select one or more Access Control groups for the user and click OK to add the user to the selected groups. Click Help for more detailed information about what authority each group has and to learn about any special requirements.

7. After you provide the required information, click OK to save your changes.

 

Parent topic:

Managing Enterprise Identity Mapping