Specifying a custom operation and its access control item

We can specify custom operations such as a modify operation that is available on a global basis or entity type basis to help you manage IBM Security Identity Manager business objects. For example, we might create a global operation to help manage business partner organizations when you start or end their use by your company..

In a business environment that continually changes third-party workers, administrators can create a global operation that creates a business partner organization container. Then, they can create all contractual workers and provision accesses with a single global operation.

When use of the business partner ends, administrators can create a global operation that removes all contractual worker accesses and then removes the organization container.

1. Click Configure System > Manage operations.

   In the Operation Level choices, select Global Level. Then, create a new operation as required by the business process. Alternatively, select the Entity or Entity type to create a custom operation to manage the object type as required by the business process.

2. Click Set System Security > Create Access Control Item > General.

   Name of the access control item, such as ACI to Sunset Contractors. Protection category as Global operation or select the entity type of your custom operation.

3. Click Set System Security > Create Access Control Item > Operations.

   In the table of available operations, select the operation that you defined earlier, such as ACI to Sunset Contractors. In the Permission column, specify Grant.

4. Click Set System Security > Create Access Control Item > Membership.

   Specify the group of IBM Security Identity Manager users that can run the global operation.

Parent topic: Operations management