Identity feeds that retain group membership
Ensure that identity feeds retain a user's membership in both customized and default groups.
All default ISIM groups initially have no members, except for the administrator group, which contains one user named itim manager. When you load the first identity records into ISIM, some individuals might become members of the manager group.
Group name Membership Administrator 1 member with an account named itim manager Manager Zero or more, depending on whether the initial identity feed has an identity record that indicates the user has a managed relationship. Service owner Zero Help desk assistant Zero The first help desk assistant and first service owner is a user that the administrator explicitly adds to the group. Alternatively, a user automatically gains membership in the service owner group if we specify the user as owner of a service. If we specify the user as the manager of another user, a user automatically gains membership in the manager group.
A user who is a member of a customized group must also be a member of the default group of the same category. Otherwise, processing results are unpredictable.
If the incoming identity record for a user initially indicates membership in a customized group, Security Identity Manager includes the user as a member of both the customized group and the default group of the same category. Security Identity Manager interprets a subsequent identity feed that includes the same user as a modification of the existing Security Identity Manager user. If the subsequent identity feed specifies that the user has membership only in the customized group, and not also in the default group of the same category, the user is removed from membership in the default group. To avoid this problem, ensure that both initial and subsequent identity feeds specify that a user has membership in both a customized and the default group of the same category.
Parent topic: Identity feed management